From d9f3e7a2ec701d9dc136f946d146994db2327778 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sun, 26 Nov 2023 21:54:53 +0100 Subject: [PATCH] Only disable cert validation in examples for local network access (#7576) Only disable cert validation in examples for local network access! --- plugins/inventory/icinga2.py | 2 +- plugins/inventory/proxmox.py | 5 ++--- plugins/modules/gitlab_group.py | 1 - plugins/modules/gitlab_hook.py | 1 - plugins/modules/gitlab_project.py | 1 - plugins/modules/gitlab_project_members.py | 1 - plugins/modules/gitlab_user.py | 3 --- plugins/modules/imc_rest.py | 12 ++++++------ plugins/modules/influxdb_retention_policy.py | 2 -- plugins/modules/ipa_host.py | 1 - plugins/modules/ipa_vault.py | 1 - plugins/modules/jenkins_job_info.py | 1 - plugins/modules/jenkins_script.py | 2 +- plugins/modules/manageiq_alert_profiles.py | 4 ++-- plugins/modules/manageiq_alerts.py | 6 +++--- plugins/modules/manageiq_group.py | 12 ++++++------ plugins/modules/manageiq_policies.py | 4 ++-- plugins/modules/manageiq_provider.py | 2 +- plugins/modules/manageiq_tags.py | 6 +++--- plugins/modules/manageiq_tenant.py | 10 +++++----- plugins/modules/manageiq_user.py | 12 ++++++------ plugins/modules/xenserver_guest.py | 2 -- 22 files changed, 38 insertions(+), 53 deletions(-) diff --git a/plugins/inventory/icinga2.py b/plugins/inventory/icinga2.py index 39c0c7e893..1c67ea3237 100644 --- a/plugins/inventory/icinga2.py +++ b/plugins/inventory/icinga2.py @@ -72,7 +72,7 @@ url: http://localhost:5665 user: ansible password: secure host_filter: \"linux-servers\" in host.groups -validate_certs: false +validate_certs: false # only do this when connecting to localhost! inventory_attr: name groups: # simple name matching diff --git a/plugins/inventory/proxmox.py b/plugins/inventory/proxmox.py index df593665cf..0725819c10 100644 --- a/plugins/inventory/proxmox.py +++ b/plugins/inventory/proxmox.py @@ -171,7 +171,6 @@ plugin: community.general.proxmox url: http://pve.domain.com:8006 user: ansible@pve password: secure -validate_certs: false want_facts: true keyed_groups: # proxmox_tags_parsed is an example of a fact only returned when 'want_facts=true' @@ -192,10 +191,10 @@ want_proxmox_nodes_ansible_host: true # Note: my_inv_var demonstrates how to add a string variable to every host used by the inventory. # my.proxmox.yml plugin: community.general.proxmox -url: http://pve.domain.com:8006 +url: http://192.168.1.2:8006 user: ansible@pve password: secure -validate_certs: false +validate_certs: false # only do this when you trust the network! want_facts: true want_proxmox_nodes_ansible_host: false compose: diff --git a/plugins/modules/gitlab_group.py b/plugins/modules/gitlab_group.py index 4674e8f5c8..3d57b18528 100644 --- a/plugins/modules/gitlab_group.py +++ b/plugins/modules/gitlab_group.py @@ -107,7 +107,6 @@ EXAMPLES = ''' community.general.gitlab_group: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" - validate_certs: false name: my_first_group state: absent diff --git a/plugins/modules/gitlab_hook.py b/plugins/modules/gitlab_hook.py index 5b96ee6e77..ec39d0e0c7 100644 --- a/plugins/modules/gitlab_hook.py +++ b/plugins/modules/gitlab_hook.py @@ -122,7 +122,6 @@ EXAMPLES = ''' state: present push_events: true tag_push_events: true - hook_validate_certs: false token: "my-super-secret-token-that-my-ci-server-will-check" - name: "Delete the previous hook" diff --git a/plugins/modules/gitlab_project.py b/plugins/modules/gitlab_project.py index df4157f828..f1b96bfac5 100644 --- a/plugins/modules/gitlab_project.py +++ b/plugins/modules/gitlab_project.py @@ -273,7 +273,6 @@ EXAMPLES = r''' community.general.gitlab_project: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" - validate_certs: false name: my_first_project state: absent delegate_to: localhost diff --git a/plugins/modules/gitlab_project_members.py b/plugins/modules/gitlab_project_members.py index cc2e5c62a5..2ce277f688 100644 --- a/plugins/modules/gitlab_project_members.py +++ b/plugins/modules/gitlab_project_members.py @@ -106,7 +106,6 @@ EXAMPLES = r''' community.general.gitlab_project_members: api_url: 'https://gitlab.example.com' api_token: 'Your-Private-Token' - validate_certs: false project: projectname gitlab_user: username state: absent diff --git a/plugins/modules/gitlab_user.py b/plugins/modules/gitlab_user.py index 1c488b2a63..b10426cf89 100644 --- a/plugins/modules/gitlab_user.py +++ b/plugins/modules/gitlab_user.py @@ -150,7 +150,6 @@ EXAMPLES = ''' community.general.gitlab_user: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" - validate_certs: false username: myusername state: absent @@ -190,7 +189,6 @@ EXAMPLES = ''' community.general.gitlab_user: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" - validate_certs: false username: myusername state: blocked @@ -198,7 +196,6 @@ EXAMPLES = ''' community.general.gitlab_user: api_url: https://gitlab.example.com/ api_token: "{{ access_token }}" - validate_certs: false username: myusername state: unblocked ''' diff --git a/plugins/modules/imc_rest.py b/plugins/modules/imc_rest.py index 87d0a4d785..113d341e89 100644 --- a/plugins/modules/imc_rest.py +++ b/plugins/modules/imc_rest.py @@ -100,7 +100,7 @@ EXAMPLES = r''' hostname: '{{ imc_hostname }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false + validate_certs: false # only do this when you trust the network! content: | @@ -112,7 +112,7 @@ EXAMPLES = r''' hostname: '{{ imc_hostname }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false + validate_certs: false # only do this when you trust the network! timeout: 120 content: | @@ -137,7 +137,7 @@ EXAMPLES = r''' hostname: '{{ imc_hostname }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false + validate_certs: false # only do this when you trust the network! content: | @@ -155,7 +155,7 @@ EXAMPLES = r''' hostname: '{{ imc_host }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false + validate_certs: false # only do this when you trust the network! content: | @@ -167,7 +167,7 @@ EXAMPLES = r''' hostname: '{{ imc_host }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false + validate_certs: false # only do this when you trust the network! content: | @@ -179,7 +179,7 @@ EXAMPLES = r''' hostname: '{{ imc_host }}' username: '{{ imc_username }}' password: '{{ imc_password }}' - validate_certs: false + validate_certs: false # only do this when you trust the network! timeout: 120 content: | diff --git a/plugins/modules/influxdb_retention_policy.py b/plugins/modules/influxdb_retention_policy.py index 0eee42a9d9..f1c13a8111 100644 --- a/plugins/modules/influxdb_retention_policy.py +++ b/plugins/modules/influxdb_retention_policy.py @@ -114,7 +114,6 @@ EXAMPLES = r''' duration: INF replication: 1 ssl: false - validate_certs: false shard_group_duration: 1w state: present @@ -126,7 +125,6 @@ EXAMPLES = r''' duration: 5d1h30m replication: 1 ssl: false - validate_certs: false shard_group_duration: 1d10h30m state: present diff --git a/plugins/modules/ipa_host.py b/plugins/modules/ipa_host.py index a5ab897a97..b37a606d75 100644 --- a/plugins/modules/ipa_host.py +++ b/plugins/modules/ipa_host.py @@ -118,7 +118,6 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - validate_certs: false random_password: true - name: Ensure host is disabled diff --git a/plugins/modules/ipa_vault.py b/plugins/modules/ipa_vault.py index 84b72c1abb..88947e470e 100644 --- a/plugins/modules/ipa_vault.py +++ b/plugins/modules/ipa_vault.py @@ -93,7 +93,6 @@ EXAMPLES = r''' ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret - validate_certs: false - name: Ensure vault is present for Admin user community.general.ipa_vault: diff --git a/plugins/modules/jenkins_job_info.py b/plugins/modules/jenkins_job_info.py index 12f1dbff8b..40e1d7aea3 100644 --- a/plugins/modules/jenkins_job_info.py +++ b/plugins/modules/jenkins_job_info.py @@ -121,7 +121,6 @@ EXAMPLES = ''' user: admin token: 126df5c60d66c66e3b75b11104a16a8a url: https://jenkins.example.com - validate_certs: false register: my_jenkins_job_info ''' diff --git a/plugins/modules/jenkins_script.py b/plugins/modules/jenkins_script.py index ab8660e28d..030c8e6fa3 100644 --- a/plugins/modules/jenkins_script.py +++ b/plugins/modules/jenkins_script.py @@ -99,7 +99,7 @@ EXAMPLES = ''' user: admin password: admin url: https://localhost - validate_certs: false + validate_certs: false # only do this when you trust the network! ''' RETURN = ''' diff --git a/plugins/modules/manageiq_alert_profiles.py b/plugins/modules/manageiq_alert_profiles.py index c6cefad6a8..eb6424bcdd 100644 --- a/plugins/modules/manageiq_alert_profiles.py +++ b/plugins/modules/manageiq_alert_profiles.py @@ -72,7 +72,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Delete an alert profile from ManageIQ community.general.manageiq_alert_profiles: @@ -82,7 +82,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! ''' RETURN = ''' diff --git a/plugins/modules/manageiq_alerts.py b/plugins/modules/manageiq_alerts.py index 518b29f1f3..53f40fb00c 100644 --- a/plugins/modules/manageiq_alerts.py +++ b/plugins/modules/manageiq_alerts.py @@ -91,7 +91,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Add an alert with a "miq expression" to ManageIQ community.general.manageiq_alerts: @@ -118,7 +118,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Delete an alert from ManageIQ community.general.manageiq_alerts: @@ -128,7 +128,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! ''' RETURN = ''' diff --git a/plugins/modules/manageiq_group.py b/plugins/modules/manageiq_group.py index 132d261a63..e060b9a01a 100644 --- a/plugins/modules/manageiq_group.py +++ b/plugins/modules/manageiq_group.py @@ -103,10 +103,10 @@ EXAMPLES = ''' role: 'EvmRole-user' tenant: 'my_tenant' manageiq_connection: - url: 'https://manageiq_server' + url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Create a group in ManageIQ with the role EvmRole-user and tenant with tenant_id 4 community.general.manageiq_group: @@ -114,10 +114,10 @@ EXAMPLES = ''' role: 'EvmRole-user' tenant_id: 4 manageiq_connection: - url: 'https://manageiq_server' + url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: - Create or update a group in ManageIQ with the role EvmRole-user and tenant my_tenant. @@ -140,10 +140,10 @@ EXAMPLES = ''' - "/belongsto/ExtManagementSystem|ProviderName/EmsFolder|Datacenters/EmsFolder|dc_name/EmsFolder|host/EmsCluster|Cluster name" belongsto_filters_merge_mode: merge manageiq_connection: - url: 'https://manageiq_server' + url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Delete a group in ManageIQ community.general.manageiq_group: diff --git a/plugins/modules/manageiq_policies.py b/plugins/modules/manageiq_policies.py index d99583eaf4..f2101ad28b 100644 --- a/plugins/modules/manageiq_policies.py +++ b/plugins/modules/manageiq_policies.py @@ -74,7 +74,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Unassign a policy_profile for a provider in ManageIQ community.general.manageiq_policies: @@ -87,7 +87,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! ''' RETURN = ''' diff --git a/plugins/modules/manageiq_provider.py b/plugins/modules/manageiq_provider.py index 79beb853d4..8052aff928 100644 --- a/plugins/modules/manageiq_provider.py +++ b/plugins/modules/manageiq_provider.py @@ -438,7 +438,7 @@ EXAMPLES = ''' url: 'https://cf-6af0.rhpds.opentlc.com' username: 'admin' password: 'password' - validate_certs: false + validate_certs: true - name: Create a new OpenStack Director provider in ManageIQ with rsa keypair community.general.manageiq_provider: diff --git a/plugins/modules/manageiq_tags.py b/plugins/modules/manageiq_tags.py index 0fb1271d4e..3ab5eca4f8 100644 --- a/plugins/modules/manageiq_tags.py +++ b/plugins/modules/manageiq_tags.py @@ -77,7 +77,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when connecting to localhost! - name: Create new tags for a provider in ManageIQ. community.general.manageiq_tags: @@ -92,7 +92,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when connecting to localhost! - name: Remove tags for a provider in ManageIQ. community.general.manageiq_tags: @@ -108,7 +108,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when connecting to localhost! ''' RETURN = ''' diff --git a/plugins/modules/manageiq_tenant.py b/plugins/modules/manageiq_tenant.py index 0cc33eee6c..a5a56191e7 100644 --- a/plugins/modules/manageiq_tenant.py +++ b/plugins/modules/manageiq_tenant.py @@ -83,7 +83,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Create a tenant in ManageIQ community.general.manageiq_tenant: @@ -94,7 +94,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Delete a tenant in ManageIQ community.general.manageiq_tenant: @@ -105,7 +105,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Set tenant quota for cpu_allocated, mem_allocated, remove quota for vms_allocated community.general.manageiq_tenant: @@ -119,7 +119,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Delete a tenant in ManageIQ using a token @@ -130,7 +130,7 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' - validate_certs: false + validate_certs: false # only do this when you trust the network! ''' RETURN = ''' diff --git a/plugins/modules/manageiq_user.py b/plugins/modules/manageiq_user.py index 05827f6d86..0d8a81984f 100644 --- a/plugins/modules/manageiq_user.py +++ b/plugins/modules/manageiq_user.py @@ -75,7 +75,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Create a new user in ManageIQ using a token community.general.manageiq_user: @@ -87,7 +87,7 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Delete a user in ManageIQ community.general.manageiq_user: @@ -97,7 +97,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Delete a user in ManageIQ using a token community.general.manageiq_user: @@ -106,7 +106,7 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Update email of user in ManageIQ community.general.manageiq_user: @@ -116,7 +116,7 @@ EXAMPLES = ''' url: 'http://127.0.0.1:3000' username: 'admin' password: 'smartvm' - validate_certs: false + validate_certs: false # only do this when you trust the network! - name: Update email of user in ManageIQ using a token community.general.manageiq_user: @@ -125,7 +125,7 @@ EXAMPLES = ''' manageiq_connection: url: 'http://127.0.0.1:3000' token: 'sometoken' - validate_certs: false + validate_certs: false # only do this when you trust the network! ''' RETURN = ''' diff --git a/plugins/modules/xenserver_guest.py b/plugins/modules/xenserver_guest.py index 5fe7ca1f87..110bc88751 100644 --- a/plugins/modules/xenserver_guest.py +++ b/plugins/modules/xenserver_guest.py @@ -300,7 +300,6 @@ EXAMPLES = r''' hostname: "{{ xenserver_hostname }}" username: "{{ xenserver_username }}" password: "{{ xenserver_password }}" - validate_certs: false folder: /testvms name: testvm_2 state: poweredon @@ -327,7 +326,6 @@ EXAMPLES = r''' hostname: "{{ xenserver_hostname }}" username: "{{ xenserver_username }}" password: "{{ xenserver_password }}" - validate_certs: false folder: /testvms name: testvm_6 is_template: true