From a9017af2bb648930e27bab52de12f9983411778c Mon Sep 17 00:00:00 2001 From: James Cammarata Date: Wed, 12 Mar 2014 10:19:22 -0500 Subject: [PATCH] Adding validate_certs to all modules that use fetch_url --- lib/ansible/module_utils/urls.py | 5 ++++- library/cloud/ec2_facts | 10 +++++++++- library/database/riak | 11 ++++++++++- library/monitoring/boundary_meter | 9 +++++++++ library/monitoring/datadog_event | 11 ++++++++++- library/monitoring/newrelic_deployment | 9 +++++++++ library/monitoring/pagerduty | 12 +++++++++++- library/net_infrastructure/dnsmadeeasy | 10 ++++++++++ library/notification/flowdock | 9 +++++++++ library/notification/grove | 9 +++++++++ library/notification/hipchat | 9 +++++++++ 11 files changed, 99 insertions(+), 5 deletions(-) diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 2a484a89d6..9f15d17f71 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -155,7 +155,7 @@ def url_argument_spec(): def fetch_url(module, url, data=None, headers=None, method=None, - use_proxy=False, validate_certs=True, force=False, last_mod_time=None, timeout=10): + use_proxy=False, force=False, last_mod_time=None, timeout=10): ''' Fetches a file from an HTTP/FTP server using urllib2 ''' @@ -171,6 +171,9 @@ def fetch_url(module, url, data=None, headers=None, method=None, handlers = [] info = dict(url=url) + # Get validate_certs from the module params + validate_certs = module.params.get('validate_certs', True) + parsed = urlparse.urlparse(url) if parsed[0] == 'https': if not HAS_SSL and validate_certs: diff --git a/library/cloud/ec2_facts b/library/cloud/ec2_facts index 09c9d761ef..3fade4d1a0 100644 --- a/library/cloud/ec2_facts +++ b/library/cloud/ec2_facts @@ -21,7 +21,15 @@ DOCUMENTATION = ''' module: ec2_facts short_description: Gathers facts about remote hosts within ec2 (aws) version_added: "1.0" -options: {} +options: + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 description: - This module fetches data from the metadata servers in ec2 (aws). Eucalyptus cloud provides a similar service and this module should diff --git a/library/database/riak b/library/database/riak index e0a7552f0a..2ab51046af 100644 --- a/library/database/riak +++ b/library/database/riak @@ -73,6 +73,14 @@ options: default: None aliases: [] choices: ['kv'] + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 ''' EXAMPLES = ''' @@ -117,7 +125,8 @@ def main(): wait_for_ring=dict(default=False, type='int'), wait_for_service=dict( required=False, default=None, choices=['kv']) - ) + ), + validate_certs = dict(default='yes', type='bool'), ) diff --git a/library/monitoring/boundary_meter b/library/monitoring/boundary_meter index 3c9f90a4ce..da739d4306 100644 --- a/library/monitoring/boundary_meter +++ b/library/monitoring/boundary_meter @@ -58,6 +58,14 @@ options: description: - Organizations boundary API KEY required: true + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 notes: - This module does not yet support boundary tags. @@ -221,6 +229,7 @@ def main(): name=dict(required=False), apikey=dict(required=True), apiid=dict(required=True), + validate_certs = dict(default='yes', type='bool'), ) ) diff --git a/library/monitoring/datadog_event b/library/monitoring/datadog_event index 878aee6d34..5d38dd4c31 100644 --- a/library/monitoring/datadog_event +++ b/library/monitoring/datadog_event @@ -54,6 +54,14 @@ options: description: ["An arbitrary string to use for aggregation."] required: false default: null + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 ''' EXAMPLES = ''' @@ -89,7 +97,8 @@ def main(): choices=['nagios', 'hudson', 'jenkins', 'user', 'my apps', 'feed', 'chef', 'puppet', 'git', 'bitbucket', 'fabric', 'capistrano'] - ) + ), + validate_certs = dict(default='yes', type='bool'), ) ) diff --git a/library/monitoring/newrelic_deployment b/library/monitoring/newrelic_deployment index 08132722e1..93d55832fd 100644 --- a/library/monitoring/newrelic_deployment +++ b/library/monitoring/newrelic_deployment @@ -63,6 +63,14 @@ options: description: - The environment for this deployment required: false + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 # informational: requirements for nodes requirements: [ urllib, urllib2 ] @@ -92,6 +100,7 @@ def main(): user=dict(required=False), appname=dict(required=False), environment=dict(required=False), + validate_certs = dict(default='yes', type='bool'), ), supports_check_mode=True ) diff --git a/library/monitoring/pagerduty b/library/monitoring/pagerduty index 9a7f21d077..2c89b8f451 100644 --- a/library/monitoring/pagerduty +++ b/library/monitoring/pagerduty @@ -60,6 +60,15 @@ options: default: Created by Ansible choices: [] aliases: [] + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 + notes: - This module does not yet have support to end maintenance windows. ''' @@ -135,7 +144,8 @@ def main(): passwd=dict(required=True), service=dict(required=False), hours=dict(default='1', required=False), - desc=dict(default='Created by Ansible', required=False) + desc=dict(default='Created by Ansible', required=False), + validate_certs = dict(default='yes', type='bool'), ) ) diff --git a/library/net_infrastructure/dnsmadeeasy b/library/net_infrastructure/dnsmadeeasy index 9e2c14480e..6b4fe1dcdb 100644 --- a/library/net_infrastructure/dnsmadeeasy +++ b/library/net_infrastructure/dnsmadeeasy @@ -73,6 +73,15 @@ options: choices: [ 'present', 'absent' ] default: null + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 + notes: - The DNS Made Easy service requires that machines interacting with the API have the proper time and timezone set. Be sure you are within a few seconds of actual time by using NTP. - This module returns record(s) in the "result" element when 'state' is set to 'present'. This value can be be registered and used in your playbooks. @@ -239,6 +248,7 @@ def main(): 'A', 'AAAA', 'CNAME', 'HTTPRED', 'MX', 'NS', 'PTR', 'SRV', 'TXT']), record_value=dict(required=False), record_ttl=dict(required=False, default=1800, type='int'), + validate_certs = dict(default='yes', type='bool'), ), required_together=( ['record_value', 'record_ttl', 'record_type'] diff --git a/library/notification/flowdock b/library/notification/flowdock index 32817d756d..009487fb43 100644 --- a/library/notification/flowdock +++ b/library/notification/flowdock @@ -76,6 +76,14 @@ options: description: - (inbox only) Link associated with the message. This will be used to link the message subject in Team Inbox. required: false + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 # informational: requirements for nodes requirements: [ urllib, urllib2 ] @@ -116,6 +124,7 @@ def main(): project=dict(required=False), tags=dict(required=False), link=dict(required=False), + validate_certs = dict(default='yes', type='bool'), ), supports_check_mode=True ) diff --git a/library/notification/grove b/library/notification/grove index 1e2132cfb7..e6bf241bda 100644 --- a/library/notification/grove +++ b/library/notification/grove @@ -31,6 +31,14 @@ options: description: - Icon for the service required: false + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 author: Jonas Pfenniger ''' @@ -71,6 +79,7 @@ def main(): service = dict(type='str', default='ansible'), url = dict(type='str', default=None), icon_url = dict(type='str', default=None), + validate_certs = dict(default='yes', type='bool'), ) ) diff --git a/library/notification/hipchat b/library/notification/hipchat index c4b36d64ce..2107ac021b 100644 --- a/library/notification/hipchat +++ b/library/notification/hipchat @@ -46,6 +46,14 @@ options: required: false default: 'yes' choices: [ "yes", "no" ] + validate_certs: + description: + - If C(no), SSL certificates will not be validated. This should only be used + on personally controlled sites using self-signed certificates. + required: false + default: 'yes' + choices: ['yes', 'no'] + version_added: 1.5.1 # informational: requirements for nodes requirements: [ urllib, urllib2 ] @@ -104,6 +112,7 @@ def main(): "purple", "gray", "random"]), msg_format=dict(default="text", choices=["text", "html"]), notify=dict(default=True, type='bool'), + validate_certs = dict(default='yes', type='bool'), ), supports_check_mode=True )