Add validate_certs
param to bigip_* modules
Ignoring SSL cert verification may be necessary when testing with a server that has a self-signed certificate. See https://github.com/ansible/ansible-modules-extras/pull/288#issuecomment-85196736
This commit is contained in:
parent
e64751b0eb
commit
513724c0a5
6 changed files with 118 additions and 0 deletions
|
@ -56,6 +56,14 @@ options:
|
||||||
default: null
|
default: null
|
||||||
choices: []
|
choices: []
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
|
on personally controlled sites using self-signed certificates.
|
||||||
|
required: false
|
||||||
|
default: 'yes'
|
||||||
|
choices: ['yes', 'no']
|
||||||
|
version_added: 1.9.1
|
||||||
session:
|
session:
|
||||||
description:
|
description:
|
||||||
- BIG-IP session support; may be useful to avoid concurrency
|
- BIG-IP session support; may be useful to avoid concurrency
|
||||||
|
@ -1566,6 +1574,12 @@ def generate_software_list(f5):
|
||||||
software_list = software.get_all_software_status()
|
software_list = software.get_all_software_status()
|
||||||
return software_list
|
return software_list
|
||||||
|
|
||||||
|
def disable_ssl_cert_validation():
|
||||||
|
# You probably only want to do this for testing and never in production.
|
||||||
|
# From https://www.python.org/dev/peps/pep-0476/#id29
|
||||||
|
import ssl
|
||||||
|
ssl._create_default_https_context = ssl._create_unverified_context
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
|
@ -1573,6 +1587,7 @@ def main():
|
||||||
server = dict(type='str', required=True),
|
server = dict(type='str', required=True),
|
||||||
user = dict(type='str', required=True),
|
user = dict(type='str', required=True),
|
||||||
password = dict(type='str', required=True),
|
password = dict(type='str', required=True),
|
||||||
|
validate_certs = dict(default='yes', type='bool'),
|
||||||
session = dict(type='bool', default=False),
|
session = dict(type='bool', default=False),
|
||||||
include = dict(type='list', required=True),
|
include = dict(type='list', required=True),
|
||||||
filter = dict(type='str', required=False),
|
filter = dict(type='str', required=False),
|
||||||
|
@ -1585,6 +1600,7 @@ def main():
|
||||||
server = module.params['server']
|
server = module.params['server']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
password = module.params['password']
|
password = module.params['password']
|
||||||
|
validate_certs = module.params['validate_certs']
|
||||||
session = module.params['session']
|
session = module.params['session']
|
||||||
fact_filter = module.params['filter']
|
fact_filter = module.params['filter']
|
||||||
if fact_filter:
|
if fact_filter:
|
||||||
|
@ -1601,6 +1617,9 @@ def main():
|
||||||
if not all(include_test):
|
if not all(include_test):
|
||||||
module.fail_json(msg="value of include must be one or more of: %s, got: %s" % (",".join(valid_includes), ",".join(include)))
|
module.fail_json(msg="value of include must be one or more of: %s, got: %s" % (",".join(valid_includes), ",".join(include)))
|
||||||
|
|
||||||
|
if not validate_certs:
|
||||||
|
disable_ssl_cert_validation()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
facts = {}
|
facts = {}
|
||||||
|
|
||||||
|
|
|
@ -51,6 +51,14 @@ options:
|
||||||
- BIG-IP password
|
- BIG-IP password
|
||||||
required: true
|
required: true
|
||||||
default: null
|
default: null
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
|
on personally controlled sites using self-signed certificates.
|
||||||
|
required: false
|
||||||
|
default: 'yes'
|
||||||
|
choices: ['yes', 'no']
|
||||||
|
version_added: 1.9.1
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Monitor state
|
- Monitor state
|
||||||
|
@ -177,6 +185,14 @@ def bigip_api(bigip, user, password):
|
||||||
return api
|
return api
|
||||||
|
|
||||||
|
|
||||||
|
def disable_ssl_cert_validation():
|
||||||
|
|
||||||
|
# You probably only want to do this for testing and never in production.
|
||||||
|
# From https://www.python.org/dev/peps/pep-0476/#id29
|
||||||
|
import ssl
|
||||||
|
ssl._create_default_https_context = ssl._create_unverified_context
|
||||||
|
|
||||||
|
|
||||||
def check_monitor_exists(module, api, monitor, parent):
|
def check_monitor_exists(module, api, monitor, parent):
|
||||||
|
|
||||||
# hack to determine if monitor exists
|
# hack to determine if monitor exists
|
||||||
|
@ -311,6 +327,7 @@ def main():
|
||||||
server = dict(required=True),
|
server = dict(required=True),
|
||||||
user = dict(required=True),
|
user = dict(required=True),
|
||||||
password = dict(required=True),
|
password = dict(required=True),
|
||||||
|
validate_certs = dict(default='yes', type='bool'),
|
||||||
partition = dict(default='Common'),
|
partition = dict(default='Common'),
|
||||||
state = dict(default='present', choices=['present', 'absent']),
|
state = dict(default='present', choices=['present', 'absent']),
|
||||||
name = dict(required=True),
|
name = dict(required=True),
|
||||||
|
@ -331,6 +348,7 @@ def main():
|
||||||
server = module.params['server']
|
server = module.params['server']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
password = module.params['password']
|
password = module.params['password']
|
||||||
|
validate_certs = module.params['validate_certs']
|
||||||
partition = module.params['partition']
|
partition = module.params['partition']
|
||||||
parent_partition = module.params['parent_partition']
|
parent_partition = module.params['parent_partition']
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
|
@ -348,6 +366,9 @@ def main():
|
||||||
|
|
||||||
# end monitor specific stuff
|
# end monitor specific stuff
|
||||||
|
|
||||||
|
if not validate_certs:
|
||||||
|
disable_ssl_cert_validation()
|
||||||
|
|
||||||
if not bigsuds_found:
|
if not bigsuds_found:
|
||||||
module.fail_json(msg="the python bigsuds module is required")
|
module.fail_json(msg="the python bigsuds module is required")
|
||||||
api = bigip_api(server, user, password)
|
api = bigip_api(server, user, password)
|
||||||
|
|
|
@ -49,6 +49,14 @@ options:
|
||||||
- BIG-IP password
|
- BIG-IP password
|
||||||
required: true
|
required: true
|
||||||
default: null
|
default: null
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
|
on personally controlled sites using self-signed certificates.
|
||||||
|
required: false
|
||||||
|
default: 'yes'
|
||||||
|
choices: ['yes', 'no']
|
||||||
|
version_added: 1.9.1
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Monitor state
|
- Monitor state
|
||||||
|
@ -196,6 +204,14 @@ def bigip_api(bigip, user, password):
|
||||||
return api
|
return api
|
||||||
|
|
||||||
|
|
||||||
|
def disable_ssl_cert_validation():
|
||||||
|
|
||||||
|
# You probably only want to do this for testing and never in production.
|
||||||
|
# From https://www.python.org/dev/peps/pep-0476/#id29
|
||||||
|
import ssl
|
||||||
|
ssl._create_default_https_context = ssl._create_unverified_context
|
||||||
|
|
||||||
|
|
||||||
def check_monitor_exists(module, api, monitor, parent):
|
def check_monitor_exists(module, api, monitor, parent):
|
||||||
|
|
||||||
# hack to determine if monitor exists
|
# hack to determine if monitor exists
|
||||||
|
@ -331,6 +347,7 @@ def main():
|
||||||
server = dict(required=True),
|
server = dict(required=True),
|
||||||
user = dict(required=True),
|
user = dict(required=True),
|
||||||
password = dict(required=True),
|
password = dict(required=True),
|
||||||
|
validate_certs = dict(default='yes', type='bool'),
|
||||||
partition = dict(default='Common'),
|
partition = dict(default='Common'),
|
||||||
state = dict(default='present', choices=['present', 'absent']),
|
state = dict(default='present', choices=['present', 'absent']),
|
||||||
name = dict(required=True),
|
name = dict(required=True),
|
||||||
|
@ -351,6 +368,7 @@ def main():
|
||||||
server = module.params['server']
|
server = module.params['server']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
password = module.params['password']
|
password = module.params['password']
|
||||||
|
validate_certs = module.params['validate_certs']
|
||||||
partition = module.params['partition']
|
partition = module.params['partition']
|
||||||
parent_partition = module.params['parent_partition']
|
parent_partition = module.params['parent_partition']
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
|
@ -372,6 +390,9 @@ def main():
|
||||||
|
|
||||||
# end monitor specific stuff
|
# end monitor specific stuff
|
||||||
|
|
||||||
|
if not validate_certs:
|
||||||
|
disable_ssl_cert_validation()
|
||||||
|
|
||||||
if not bigsuds_found:
|
if not bigsuds_found:
|
||||||
module.fail_json(msg="the python bigsuds module is required")
|
module.fail_json(msg="the python bigsuds module is required")
|
||||||
api = bigip_api(server, user, password)
|
api = bigip_api(server, user, password)
|
||||||
|
|
|
@ -54,6 +54,14 @@ options:
|
||||||
default: null
|
default: null
|
||||||
choices: []
|
choices: []
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
|
on personally controlled sites using self-signed certificates.
|
||||||
|
required: false
|
||||||
|
default: 'yes'
|
||||||
|
choices: ['yes', 'no']
|
||||||
|
version_added: 1.9.1
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Pool member state
|
- Pool member state
|
||||||
|
@ -154,6 +162,12 @@ def bigip_api(bigip, user, password):
|
||||||
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
|
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
|
||||||
return api
|
return api
|
||||||
|
|
||||||
|
def disable_ssl_cert_validation():
|
||||||
|
# You probably only want to do this for testing and never in production.
|
||||||
|
# From https://www.python.org/dev/peps/pep-0476/#id29
|
||||||
|
import ssl
|
||||||
|
ssl._create_default_https_context = ssl._create_unverified_context
|
||||||
|
|
||||||
def node_exists(api, address):
|
def node_exists(api, address):
|
||||||
# hack to determine if node exists
|
# hack to determine if node exists
|
||||||
result = False
|
result = False
|
||||||
|
@ -212,6 +226,7 @@ def main():
|
||||||
server = dict(type='str', required=True),
|
server = dict(type='str', required=True),
|
||||||
user = dict(type='str', required=True),
|
user = dict(type='str', required=True),
|
||||||
password = dict(type='str', required=True),
|
password = dict(type='str', required=True),
|
||||||
|
validate_certs = dict(default='yes', type='bool'),
|
||||||
state = dict(type='str', default='present', choices=['present', 'absent']),
|
state = dict(type='str', default='present', choices=['present', 'absent']),
|
||||||
partition = dict(type='str', default='Common'),
|
partition = dict(type='str', default='Common'),
|
||||||
name = dict(type='str', required=True),
|
name = dict(type='str', required=True),
|
||||||
|
@ -227,6 +242,7 @@ def main():
|
||||||
server = module.params['server']
|
server = module.params['server']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
password = module.params['password']
|
password = module.params['password']
|
||||||
|
validate_certs = module.params['validate_certs']
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
partition = module.params['partition']
|
partition = module.params['partition']
|
||||||
host = module.params['host']
|
host = module.params['host']
|
||||||
|
@ -234,6 +250,9 @@ def main():
|
||||||
address = "/%s/%s" % (partition, name)
|
address = "/%s/%s" % (partition, name)
|
||||||
description = module.params['description']
|
description = module.params['description']
|
||||||
|
|
||||||
|
if not validate_certs:
|
||||||
|
disable_ssl_cert_validation()
|
||||||
|
|
||||||
if state == 'absent' and host is not None:
|
if state == 'absent' and host is not None:
|
||||||
module.fail_json(msg="host parameter invalid when state=absent")
|
module.fail_json(msg="host parameter invalid when state=absent")
|
||||||
|
|
||||||
|
|
|
@ -54,6 +54,14 @@ options:
|
||||||
default: null
|
default: null
|
||||||
choices: []
|
choices: []
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
|
on personally controlled sites using self-signed certificates.
|
||||||
|
required: false
|
||||||
|
default: 'yes'
|
||||||
|
choices: ['yes', 'no']
|
||||||
|
version_added: 1.9.1
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Pool/pool member state
|
- Pool/pool member state
|
||||||
|
@ -235,6 +243,12 @@ def bigip_api(bigip, user, password):
|
||||||
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
|
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
|
||||||
return api
|
return api
|
||||||
|
|
||||||
|
def disable_ssl_cert_validation():
|
||||||
|
# You probably only want to do this for testing and never in production.
|
||||||
|
# From https://www.python.org/dev/peps/pep-0476/#id29
|
||||||
|
import ssl
|
||||||
|
ssl._create_default_https_context = ssl._create_unverified_context
|
||||||
|
|
||||||
def pool_exists(api, pool):
|
def pool_exists(api, pool):
|
||||||
# hack to determine if pool exists
|
# hack to determine if pool exists
|
||||||
result = False
|
result = False
|
||||||
|
@ -359,6 +373,7 @@ def main():
|
||||||
server = dict(type='str', required=True),
|
server = dict(type='str', required=True),
|
||||||
user = dict(type='str', required=True),
|
user = dict(type='str', required=True),
|
||||||
password = dict(type='str', required=True),
|
password = dict(type='str', required=True),
|
||||||
|
validate_certs = dict(default='yes', type='bool'),
|
||||||
state = dict(type='str', default='present', choices=['present', 'absent']),
|
state = dict(type='str', default='present', choices=['present', 'absent']),
|
||||||
name = dict(type='str', required=True, aliases=['pool']),
|
name = dict(type='str', required=True, aliases=['pool']),
|
||||||
partition = dict(type='str', default='Common'),
|
partition = dict(type='str', default='Common'),
|
||||||
|
@ -380,6 +395,7 @@ def main():
|
||||||
server = module.params['server']
|
server = module.params['server']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
password = module.params['password']
|
password = module.params['password']
|
||||||
|
validate_certs = module.params['validate_certs']
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
name = module.params['name']
|
name = module.params['name']
|
||||||
partition = module.params['partition']
|
partition = module.params['partition']
|
||||||
|
@ -407,6 +423,9 @@ def main():
|
||||||
address = "/%s/%s" % (partition, host)
|
address = "/%s/%s" % (partition, host)
|
||||||
port = module.params['port']
|
port = module.params['port']
|
||||||
|
|
||||||
|
if not validate_certs:
|
||||||
|
disable_ssl_cert_validation()
|
||||||
|
|
||||||
# sanity check user supplied values
|
# sanity check user supplied values
|
||||||
|
|
||||||
if (host and not port) or (port and not host):
|
if (host and not port) or (port and not host):
|
||||||
|
|
|
@ -56,6 +56,14 @@ options:
|
||||||
default: null
|
default: null
|
||||||
choices: []
|
choices: []
|
||||||
aliases: []
|
aliases: []
|
||||||
|
validate_certs:
|
||||||
|
description:
|
||||||
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
|
on personally controlled sites using self-signed certificates.
|
||||||
|
required: false
|
||||||
|
default: 'yes'
|
||||||
|
choices: ['yes', 'no']
|
||||||
|
version_added: 1.9.1
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Pool member state
|
- Pool member state
|
||||||
|
@ -189,6 +197,12 @@ def bigip_api(bigip, user, password):
|
||||||
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
|
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
|
||||||
return api
|
return api
|
||||||
|
|
||||||
|
def disable_ssl_cert_validation():
|
||||||
|
# You probably only want to do this for testing and never in production.
|
||||||
|
# From https://www.python.org/dev/peps/pep-0476/#id29
|
||||||
|
import ssl
|
||||||
|
ssl._create_default_https_context = ssl._create_unverified_context
|
||||||
|
|
||||||
def pool_exists(api, pool):
|
def pool_exists(api, pool):
|
||||||
# hack to determine if pool exists
|
# hack to determine if pool exists
|
||||||
result = False
|
result = False
|
||||||
|
@ -282,6 +296,7 @@ def main():
|
||||||
server = dict(type='str', required=True),
|
server = dict(type='str', required=True),
|
||||||
user = dict(type='str', required=True),
|
user = dict(type='str', required=True),
|
||||||
password = dict(type='str', required=True),
|
password = dict(type='str', required=True),
|
||||||
|
validate_certs = dict(default='yes', type='bool'),
|
||||||
state = dict(type='str', default='present', choices=['present', 'absent']),
|
state = dict(type='str', default='present', choices=['present', 'absent']),
|
||||||
pool = dict(type='str', required=True),
|
pool = dict(type='str', required=True),
|
||||||
partition = dict(type='str', default='Common'),
|
partition = dict(type='str', default='Common'),
|
||||||
|
@ -301,6 +316,7 @@ def main():
|
||||||
server = module.params['server']
|
server = module.params['server']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
password = module.params['password']
|
password = module.params['password']
|
||||||
|
validate_certs = module.params['validate_certs']
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
partition = module.params['partition']
|
partition = module.params['partition']
|
||||||
pool = "/%s/%s" % (partition, module.params['pool'])
|
pool = "/%s/%s" % (partition, module.params['pool'])
|
||||||
|
@ -312,6 +328,9 @@ def main():
|
||||||
address = "/%s/%s" % (partition, host)
|
address = "/%s/%s" % (partition, host)
|
||||||
port = module.params['port']
|
port = module.params['port']
|
||||||
|
|
||||||
|
if not validate_certs:
|
||||||
|
disable_ssl_cert_validation()
|
||||||
|
|
||||||
# sanity check user supplied values
|
# sanity check user supplied values
|
||||||
|
|
||||||
if (host and not port) or (port and not host):
|
if (host and not port) or (port and not host):
|
||||||
|
|
Loading…
Reference in a new issue