From 21fa2d3848cb35741aa0d2269b9ca827b58e5563 Mon Sep 17 00:00:00 2001 From: Stewart Rutledge Date: Wed, 4 Nov 2015 14:30:09 +0100 Subject: [PATCH 1/3] Added support for insecure parameter --- cloud/vmware/vsphere_guest.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/cloud/vmware/vsphere_guest.py b/cloud/vmware/vsphere_guest.py index b8adb7930c3..536bbb7d856 100644 --- a/cloud/vmware/vsphere_guest.py +++ b/cloud/vmware/vsphere_guest.py @@ -34,6 +34,8 @@ try: except ImportError: pass +import ssl + DOCUMENTATION = ''' --- module: vsphere_guest @@ -48,6 +50,11 @@ options: required: true default: null aliases: [] + insecure: + description: + - Ignore SSL verification errors when connection to vcenter + required: false + default: false guest: description: - The virtual server name you wish to manage. @@ -1332,6 +1339,7 @@ def main(): cluster=dict(required=False, default=None, type='str'), force=dict(required=False, type='bool', default=False), esxi=dict(required=False, type='dict', default={}), + insecure=dict(required=False, type='bool', default=False), power_on_after_clone=dict(required=False, type='bool', default=True) @@ -1373,12 +1381,20 @@ def main(): from_template = module.params['from_template'] snapshot_to_clone = module.params['snapshot_to_clone'] power_on_after_clone = module.params['power_on_after_clone'] + insecure = module.params['insecure'] # CONNECT TO THE SERVER viserver = VIServer() try: viserver.connect(vcenter_hostname, username, password) + except ssl.SSLError as sslerr: + if '[SSL: CERTIFICATE_VERIFY_FAILED]' in sslerr.strerror and insecure: + default_context = ssl._create_default_https_context + ssl._create_default_https_context = ssl._create_unverified_context + viserver.connect(vcenter_hostname, username, password) + else: + raise Exception(sslerr) except VIApiException, err: module.fail_json(msg="Cannot connect to %s: %s" % (vcenter_hostname, err)) From 78f4979a0eee024ae42bf1f45d07776b708af2b1 Mon Sep 17 00:00:00 2001 From: Stewart Rutledge Date: Wed, 4 Nov 2015 14:30:09 +0100 Subject: [PATCH 2/3] Added support for insecure parameter --- cloud/vmware/vsphere_guest.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/cloud/vmware/vsphere_guest.py b/cloud/vmware/vsphere_guest.py index a14f807e049..c11669de4dc 100644 --- a/cloud/vmware/vsphere_guest.py +++ b/cloud/vmware/vsphere_guest.py @@ -34,6 +34,8 @@ try: except ImportError: pass +import ssl + DOCUMENTATION = ''' --- module: vsphere_guest @@ -48,6 +50,11 @@ options: required: true default: null aliases: [] + insecure: + description: + - Ignore SSL verification errors when connection to vcenter + required: false + default: false guest: description: - The virtual server name you wish to manage. @@ -1433,6 +1440,7 @@ def main(): cluster=dict(required=False, default=None, type='str'), force=dict(required=False, type='bool', default=False), esxi=dict(required=False, type='dict', default={}), + insecure=dict(required=False, type='bool', default=False), power_on_after_clone=dict(required=False, type='bool', default=True) @@ -1474,12 +1482,20 @@ def main(): from_template = module.params['from_template'] snapshot_to_clone = module.params['snapshot_to_clone'] power_on_after_clone = module.params['power_on_after_clone'] + insecure = module.params['insecure'] # CONNECT TO THE SERVER viserver = VIServer() try: viserver.connect(vcenter_hostname, username, password) + except ssl.SSLError as sslerr: + if '[SSL: CERTIFICATE_VERIFY_FAILED]' in sslerr.strerror and insecure: + default_context = ssl._create_default_https_context + ssl._create_default_https_context = ssl._create_unverified_context + viserver.connect(vcenter_hostname, username, password) + else: + raise Exception(sslerr) except VIApiException, err: module.fail_json(msg="Cannot connect to %s: %s" % (vcenter_hostname, err)) From edf6bf31b6a28ad6a585fd5882001a95eb15ea7e Mon Sep 17 00:00:00 2001 From: Stewart Rutledge Date: Mon, 30 Nov 2015 10:26:14 +0100 Subject: [PATCH 3/3] Changed insecure to validate_certs, with a default to true from false (reversing behavior) --- cloud/vmware/vsphere_guest.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/cloud/vmware/vsphere_guest.py b/cloud/vmware/vsphere_guest.py index c11669de4dc..eb0482a5495 100644 --- a/cloud/vmware/vsphere_guest.py +++ b/cloud/vmware/vsphere_guest.py @@ -50,11 +50,12 @@ options: required: true default: null aliases: [] - insecure: + validate_certs: description: - - Ignore SSL verification errors when connection to vcenter + - Validate SSL certs. required: false - default: false + default: yes + choices: ['yes', 'no'] guest: description: - The virtual server name you wish to manage. @@ -1440,7 +1441,7 @@ def main(): cluster=dict(required=False, default=None, type='str'), force=dict(required=False, type='bool', default=False), esxi=dict(required=False, type='dict', default={}), - insecure=dict(required=False, type='bool', default=False), + validate_certs=dict(required=False, type='bool', default=True), power_on_after_clone=dict(required=False, type='bool', default=True) @@ -1482,7 +1483,7 @@ def main(): from_template = module.params['from_template'] snapshot_to_clone = module.params['snapshot_to_clone'] power_on_after_clone = module.params['power_on_after_clone'] - insecure = module.params['insecure'] + validate_certs = module.params['validate_certs'] # CONNECT TO THE SERVER @@ -1490,7 +1491,7 @@ def main(): try: viserver.connect(vcenter_hostname, username, password) except ssl.SSLError as sslerr: - if '[SSL: CERTIFICATE_VERIFY_FAILED]' in sslerr.strerror and insecure: + if '[SSL: CERTIFICATE_VERIFY_FAILED]' in sslerr.strerror and not validate_certs: default_context = ssl._create_default_https_context ssl._create_default_https_context = ssl._create_unverified_context viserver.connect(vcenter_hostname, username, password)