cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Support SSL validation with redirect control for python versions without ssl context

Browse source
This commit is contained in:
Matt Martz 2016-03-02 16:30:16 -06:00
parent d6716a2f90
commit 6ff0b079b4
1 changed files with 29 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
lib/ansible/module_utils/urls.py
View file

@ -427,7 +427,7 @@ class RequestWithMethod(urllib2.Request):
return urllib2.Request.get_method(self) return urllib2.Request.get_method(self)
def RedirectHandlerFactory(follow_redirects=None): def RedirectHandlerFactory(follow_redirects=None, validate_certs=True):
"""This is a class factory that closes over the value of """This is a class factory that closes over the value of
``follow_redirects`` so that the RedirectHandler class has access to ``follow_redirects`` so that the RedirectHandler class has access to
that value without having to use globals, and potentially cause problems that value without having to use globals, and potentially cause problems
@ -442,17 +442,17 @@ def RedirectHandlerFactory(follow_redirects=None):
""" """
def redirect_request(self, req, fp, code, msg, hdrs, newurl): def redirect_request(self, req, fp, code, msg, hdrs, newurl):
if follow_redirects == 'urllib2': handler = maybe_add_ssl_handler(newurl, validate_certs)
return urllib2.HTTPRedirectHandler.redirect_request(self, req, if handler:
fp, code, urllib2._opener.add_handler(handler)
msg, hdrs,
newurl)
if follow_redirects in [None, 'no', 'none']: if follow_redirects == 'urllib2':
return urllib2.HTTPRedirectHandler.redirect_request(self, req, fp, code, msg, hdrs, newurl)
elif follow_redirects in ['no', 'none', False]:
raise urllib2.HTTPError(newurl, code, msg, hdrs, fp) raise urllib2.HTTPError(newurl, code, msg, hdrs, fp)
do_redirect = False do_redirect = False
if follow_redirects in ['all', 'yes']: if follow_redirects in ['all', 'yes', True]:
do_redirect = (code >= 300 and code < 400) do_redirect = (code >= 300 and code < 400)
elif follow_redirects == 'safe': elif follow_redirects == 'safe':
@ -650,15 +650,7 @@ class SSLValidationHandler(urllib2.BaseHandler):
https_request = http_request https_request = http_request
# Rewrite of fetch_url to not require the module environment def maybe_add_ssl_handler(url, validate_certs):
def open_url(url, data=None, headers=None, method=None, use_proxy=True,
force=False, last_mod_time=None, timeout=10, validate_certs=True,
url_username=None, url_password=None, http_agent=None,
force_basic_auth=False, follow_redirects='urllib2'):
'''
Fetches a file from an HTTP/FTP server using urllib2
'''
handlers = []
# FIXME: change the following to use the generic_urlparse function # FIXME: change the following to use the generic_urlparse function
# to remove the indexed references for 'parsed' # to remove the indexed references for 'parsed'
parsed = urlparse.urlparse(url) parsed = urlparse.urlparse(url)
@ -678,9 +670,24 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
port = 443 port = 443
# create the SSL validation handler and # create the SSL validation handler and
# add it to the list of handlers # add it to the list of handlers
ssl_handler = SSLValidationHandler(hostname, port) return SSLValidationHandler(hostname, port)
# Rewrite of fetch_url to not require the module environment
def open_url(url, data=None, headers=None, method=None, use_proxy=True,
force=False, last_mod_time=None, timeout=10, validate_certs=True,
url_username=None, url_password=None, http_agent=None,
force_basic_auth=False, follow_redirects=False):
'''
Fetches a file from an HTTP/FTP server using urllib2
'''
handlers = []
ssl_handler = maybe_add_ssl_handler(url, validate_certs)
if ssl_handler:
handlers.append(ssl_handler) handlers.append(ssl_handler)
# FIXME: change the following to use the generic_urlparse function
# to remove the indexed references for 'parsed'
parsed = urlparse.urlparse(url)
if parsed[0] != 'ftp': if parsed[0] != 'ftp':
username = url_username username = url_username
@ -731,8 +738,7 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
if hasattr(socket, 'create_connection') and CustomHTTPSHandler: if hasattr(socket, 'create_connection') and CustomHTTPSHandler:
handlers.append(CustomHTTPSHandler) handlers.append(CustomHTTPSHandler)
if follow_redirects != 'urllib2': handlers.append(RedirectHandlerFactory(follow_redirects, validate_certs))
handlers.append(RedirectHandlerFactory(follow_redirects))
opener = urllib2.build_opener(*handlers) opener = urllib2.build_opener(*handlers)
urllib2.install_opener(opener) urllib2.install_opener(opener)
@ -821,7 +827,9 @@ def fetch_url(module, url, data=None, headers=None, method=None,
password = module.params.get('url_password', '') password = module.params.get('url_password', '')
http_agent = module.params.get('http_agent', None) http_agent = module.params.get('http_agent', None)
force_basic_auth = module.params.get('force_basic_auth', '') force_basic_auth = module.params.get('force_basic_auth', '')
follow_redirects = follow_redirects or module.params.get('follow_redirects', 'urllib2')
if not follow_redirects:
follow_redirects = module.params.get('follow_redirects', False)
r = None r = None
info = dict(url=url) info = dict(url=url)