Adding 'validate_certs' option to EC2 modules

When disabled, the boto connection will be instantiated without validating
the SSL certificate from the target endpoint. This allows the modules to connect
to Eucalyptus instances running with self-signed certs without errors.

Fixes #3978
This commit is contained in:
James Cammarata 2014-02-13 12:12:08 -06:00
parent eaced05a77
commit 056d54ebd3
12 changed files with 108 additions and 3 deletions

View file

@ -1,3 +1,9 @@
try:
from distutils.version import LooseVersion
HAS_LOOSE_VERSION = True
except:
HAS_LOOSE_VERSION = False
AWS_REGIONS = ['ap-northeast-1', AWS_REGIONS = ['ap-northeast-1',
'ap-southeast-1', 'ap-southeast-1',
'ap-southeast-2', 'ap-southeast-2',
@ -14,6 +20,7 @@ def ec2_argument_spec():
ec2_url=dict(), ec2_url=dict(),
ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True), ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
ec2_access_key=dict(aliases=['aws_access_key', 'access_key']), ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
validate_certs=dict(default=True, type='bool'),
) )
@ -62,17 +69,24 @@ def ec2_connect(module):
""" Return an ec2 connection""" """ Return an ec2 connection"""
ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
validate_certs = module.get('validate_certs', True)
# If we have a region specified, connect to its endpoint. # If we have a region specified, connect to its endpoint.
if region: if region:
try: try:
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs)
else:
ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
except boto.exception.NoAuthHandlerFound, e: except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e)) module.fail_json(msg = str(e))
# Otherwise, no region so we fallback to the old connection method # Otherwise, no region so we fallback to the old connection method
elif ec2_url: elif ec2_url:
try: try:
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key) if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs)
else:
ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
except boto.exception.NoAuthHandlerFound, e: except boto.exception.NoAuthHandlerFound, e:
module.fail_json(msg = str(e)) module.fail_json(msg = str(e))
else: else:

View file

@ -88,6 +88,14 @@ options:
required: false required: false
aliases: ['aws_region', 'ec2_region'] aliases: ['aws_region', 'ec2_region']
version_added: "1.5" version_added: "1.5"
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: James S. Martin author: James S. Martin

View file

@ -212,7 +212,14 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Seth Vidal, Tim Gerla, Lester Wade author: Seth Vidal, Tim Gerla, Lester Wade

View file

@ -101,6 +101,14 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Evan Duffield <eduffield@iacquire.com> author: Evan Duffield <eduffield@iacquire.com>

View file

@ -53,6 +53,15 @@ options:
required: false required: false
default: false default: false
version_added: "1.4" version_added: "1.4"
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lorin Hochstein <lorin@nimbisservices.com> author: Lorin Hochstein <lorin@nimbisservices.com>
notes: notes:

View file

@ -74,6 +74,14 @@ options:
required: false required: false
default: yes default: yes
choices: [ "yes", "no" ] choices: [ "yes", "no" ]
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
""" """

View file

@ -73,6 +73,14 @@ options:
- The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used. - The AWS region to use. If not specified then the value of the EC2_REGION environment variable, if any, is used.
required: false required: false
aliases: ['aws_region', 'ec2_region'] aliases: ['aws_region', 'ec2_region']
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
""" """

View file

@ -57,6 +57,14 @@ options:
required: false required: false
default: 'present' default: 'present'
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
''' '''

View file

@ -48,6 +48,14 @@ options:
required: false required: false
default: 'present' default: 'present'
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Vincent Viallet author: Vincent Viallet

View file

@ -59,6 +59,15 @@ options:
required: false required: false
default: null default: null
aliases: [] aliases: []
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lester Wade author: Lester Wade
''' '''

View file

@ -82,6 +82,15 @@ options:
- snapshot ID on which to base the volume - snapshot ID on which to base the volume
required: false required: false
default: null default: null
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Lester Wade author: Lester Wade
''' '''

View file

@ -99,6 +99,15 @@ options:
required: false required: false
default: None default: None
aliases: ['ec2_access_key', 'access_key' ] aliases: ['ec2_access_key', 'access_key' ]
validate_certs:
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
required: false
default: "yes"
choices: ["yes", "no"]
aliases: []
version_added: "1.5"
requirements: [ "boto" ] requirements: [ "boto" ]
author: Carson Gee author: Carson Gee
''' '''