Merge pull request #14765 from sivel/redirect-ssl-validation

Support SSL validation with redirect control for python versions without ssl context
2016-03-03 07:06:34 -08:00 · 2016-03-03 07:06:34 -08:00 · 468eea82bd
commit 468eea82bd
parent dbf97eaeb1 6ff0b079b4
1 changed files with 29 additions and 21 deletions
--- a/lib/ansible/module_utils/urls.py
+++ b/lib/ansible/module_utils/urls.py
@ -427,7 +427,7 @@ class RequestWithMethod(urllib2.Request):
            return urllib2.Request.get_method(self)


-def RedirectHandlerFactory(follow_redirects=None):
+def RedirectHandlerFactory(follow_redirects=None, validate_certs=True):
    """This is a class factory that closes over the value of
    ``follow_redirects`` so that the RedirectHandler class has access to
    that value without having to use globals, and potentially cause problems
@ -442,17 +442,17 @@ def RedirectHandlerFactory(follow_redirects=None):
        """

        def redirect_request(self, req, fp, code, msg, hdrs, newurl):
-            if follow_redirects == 'urllib2':
-                return urllib2.HTTPRedirectHandler.redirect_request(self, req,
-                                                                    fp, code,
-                                                                    msg, hdrs,
-                                                                    newurl)
+            handler = maybe_add_ssl_handler(newurl, validate_certs)
+            if handler:
+                urllib2._opener.add_handler(handler)

-            if follow_redirects in [None, 'no', 'none']:
+            if follow_redirects == 'urllib2':
+                return urllib2.HTTPRedirectHandler.redirect_request(self, req, fp, code, msg, hdrs, newurl)
+            elif follow_redirects in ['no', 'none', False]:
                raise urllib2.HTTPError(newurl, code, msg, hdrs, fp)

            do_redirect = False
-            if follow_redirects in ['all', 'yes']:
+            if follow_redirects in ['all', 'yes', True]:
                do_redirect = (code >= 300 and code < 400)

            elif follow_redirects == 'safe':
@ -650,15 +650,7 @@ class SSLValidationHandler(urllib2.BaseHandler):

    https_request = http_request

-# Rewrite of fetch_url to not require the module environment
-def open_url(url, data=None, headers=None, method=None, use_proxy=True,
-        force=False, last_mod_time=None, timeout=10, validate_certs=True,
-        url_username=None, url_password=None, http_agent=None,
-        force_basic_auth=False, follow_redirects='urllib2'):
-    '''
-    Fetches a file from an HTTP/FTP server using urllib2
-    '''
-    handlers = []
+def maybe_add_ssl_handler(url, validate_certs):
    # FIXME: change the following to use the generic_urlparse function
    #        to remove the indexed references for 'parsed'
    parsed = urlparse.urlparse(url)
@ -678,9 +670,24 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
            port = 443
        # create the SSL validation handler and
        # add it to the list of handlers
-        ssl_handler = SSLValidationHandler(hostname, port)
+        return SSLValidationHandler(hostname, port)
+
+# Rewrite of fetch_url to not require the module environment
+def open_url(url, data=None, headers=None, method=None, use_proxy=True,
+        force=False, last_mod_time=None, timeout=10, validate_certs=True,
+        url_username=None, url_password=None, http_agent=None,
+        force_basic_auth=False, follow_redirects=False):
+    '''
+    Fetches a file from an HTTP/FTP server using urllib2
+    '''
+    handlers = []
+    ssl_handler = maybe_add_ssl_handler(url, validate_certs)
+    if ssl_handler:
        handlers.append(ssl_handler)

+    # FIXME: change the following to use the generic_urlparse function
+    #        to remove the indexed references for 'parsed'
+    parsed = urlparse.urlparse(url)
    if parsed[0] != 'ftp':
        username = url_username

@ -731,8 +738,7 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
    if hasattr(socket, 'create_connection') and CustomHTTPSHandler:
        handlers.append(CustomHTTPSHandler)

-    if follow_redirects != 'urllib2':
-        handlers.append(RedirectHandlerFactory(follow_redirects))
+    handlers.append(RedirectHandlerFactory(follow_redirects, validate_certs))

    opener = urllib2.build_opener(*handlers)
    urllib2.install_opener(opener)
@ -821,7 +827,9 @@ def fetch_url(module, url, data=None, headers=None, method=None,
    password = module.params.get('url_password', '')
    http_agent = module.params.get('http_agent', None)
    force_basic_auth = module.params.get('force_basic_auth', '')
-    follow_redirects = follow_redirects or module.params.get('follow_redirects', 'urllib2')
+
+    if not follow_redirects:
+        follow_redirects = module.params.get('follow_redirects', False)

    r = None
    info = dict(url=url)