Adding 'validate_certs' option to EC2 modules
When disabled, the boto connection will be instantiated without validating the SSL certificate from the target endpoint. This allows the modules to connect to Eucalyptus instances running with self-signed certs without errors. Fixes #3978
This commit is contained in:
parent
eaced05a77
commit
056d54ebd3
12 changed files with 108 additions and 3 deletions
|
@ -1,3 +1,9 @@
|
||||||
|
try:
|
||||||
|
from distutils.version import LooseVersion
|
||||||
|
HAS_LOOSE_VERSION = True
|
||||||
|
except:
|
||||||
|
HAS_LOOSE_VERSION = False
|
||||||
|
|
||||||
AWS_REGIONS = ['ap-northeast-1',
|
AWS_REGIONS = ['ap-northeast-1',
|
||||||
'ap-southeast-1',
|
'ap-southeast-1',
|
||||||
'ap-southeast-2',
|
'ap-southeast-2',
|
||||||
|
@ -14,6 +20,7 @@ def ec2_argument_spec():
|
||||||
ec2_url=dict(),
|
ec2_url=dict(),
|
||||||
ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
|
ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
|
||||||
ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
|
ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
|
||||||
|
validate_certs=dict(default=True, type='bool'),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@ -62,17 +69,24 @@ def ec2_connect(module):
|
||||||
""" Return an ec2 connection"""
|
""" Return an ec2 connection"""
|
||||||
|
|
||||||
ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
|
ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
|
||||||
|
validate_certs = module.get('validate_certs', True)
|
||||||
|
|
||||||
# If we have a region specified, connect to its endpoint.
|
# If we have a region specified, connect to its endpoint.
|
||||||
if region:
|
if region:
|
||||||
try:
|
try:
|
||||||
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
|
if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
|
||||||
|
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs)
|
||||||
|
else:
|
||||||
|
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
|
||||||
except boto.exception.NoAuthHandlerFound, e:
|
except boto.exception.NoAuthHandlerFound, e:
|
||||||
module.fail_json(msg = str(e))
|
module.fail_json(msg = str(e))
|
||||||
# Otherwise, no region so we fallback to the old connection method
|
# Otherwise, no region so we fallback to the old connection method
|
||||||
elif ec2_url:
|
elif ec2_url:
|
||||||
try:
|
try:
|
||||||
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
|
if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
|
||||||
|
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs)
|
||||||
|
else:
|
||||||
|
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
|
||||||
except boto.exception.NoAuthHandlerFound, e:
|
except boto.exception.NoAuthHandlerFound, e:
|
||||||
module.fail_json(msg = str(e))
|
module.fail_json(msg = str(e))
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -88,6 +88,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
aliases: ['aws_region', 'ec2_region']
|
aliases: ['aws_region', 'ec2_region']
|
||||||
version_added: "1.5"
|
version_added: "1.5"
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: James S. Martin
|
author: James S. Martin
|
||||||
|
|
|
@ -212,7 +212,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Seth Vidal, Tim Gerla, Lester Wade
|
author: Seth Vidal, Tim Gerla, Lester Wade
|
||||||
|
|
|
@ -101,6 +101,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Evan Duffield <eduffield@iacquire.com>
|
author: Evan Duffield <eduffield@iacquire.com>
|
||||||
|
|
|
@ -53,6 +53,15 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: false
|
default: false
|
||||||
version_added: "1.4"
|
version_added: "1.4"
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Lorin Hochstein <lorin@nimbisservices.com>
|
author: Lorin Hochstein <lorin@nimbisservices.com>
|
||||||
notes:
|
notes:
|
||||||
|
|
|
@ -74,6 +74,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: yes
|
default: yes
|
||||||
choices: [ "yes", "no" ]
|
choices: [ "yes", "no" ]
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
|
@ -73,6 +73,14 @@ options:
|
||||||
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
|
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
|
||||||
required: false
|
required: false
|
||||||
aliases: ['aws_region', 'ec2_region']
|
aliases: ['aws_region', 'ec2_region']
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
|
@ -57,6 +57,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: 'present'
|
default: 'present'
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -48,6 +48,14 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: 'present'
|
default: 'present'
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Vincent Viallet
|
author: Vincent Viallet
|
||||||
|
|
|
@ -59,6 +59,15 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Lester Wade
|
author: Lester Wade
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -82,6 +82,15 @@ options:
|
||||||
- snapshot ID on which to base the volume
|
- snapshot ID on which to base the volume
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Lester Wade
|
author: Lester Wade
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -99,6 +99,15 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: None
|
default: None
|
||||||
aliases: ['ec2_access_key', 'access_key' ]
|
aliases: ['ec2_access_key', 'access_key' ]
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
|
||||||
|
required: false
|
||||||
|
default: "yes"
|
||||||
|
choices: ["yes", "no"]
|
||||||
|
aliases: []
|
||||||
|
version_added: "1.5"
|
||||||
|
|
||||||
requirements: [ "boto" ]
|
requirements: [ "boto" ]
|
||||||
author: Carson Gee
|
author: Carson Gee
|
||||||
'''
|
'''
|
||||||
|
|
Loading…
Reference in a new issue