Change uri module to validate ssl certs by default

2015-05-28 15:02:28 -07:00 · 2015-05-28 15:02:28 -07:00 · 7fea93835c
commit 7fea93835c
parent 217dc6b0b7
1 changed files with 18 additions and 5 deletions
--- a/network/basics/uri.py
+++ b/network/basics/uri.py
@ -132,6 +132,15 @@ options:
    description:
      - all arguments accepted by the M(file) module also work here
    required: false
+  validate_certs:
+    description:
+      - If C(no), SSL certificates will not be validated.  This should only
+        set to C(no) used on personally controlled sites using self-signed
+        certificates.  Prior to 1.9.2 the code defaulted to C(no).
+    required: false
+    default: 'yes'
+    choices: ['yes', 'no']
+    version_added: '1.9.2'

 # informational: requirements for nodes
 requirements: [ urlparse, httplib2 ]
@ -163,20 +172,21 @@ EXAMPLES = '''

 # Login to a form based webpage, then use the returned cookie to
 # access the app in later tasks
+
 - uri:
    url: https://your.form.based.auth.examle.com/index.php 
    method: POST
    body: "name=your_username&password=your_password&enter=Sign%20in" 
    status_code: 302
    HEADER_Content-Type: "application/x-www-form-urlencoded"
-    register: login
+  register: login

 - uri:
    url: https://your.form.based.auth.example.com/dashboard.php
    method: GET
    return_content: yes
    HEADER_Cookie: "{{login.set_cookie}}"
-            
+
 # Queue build of a project in Jenkins:
 - uri:
    url: "http://{{ jenkins.host }}/job/{{ jenkins.job }}/build?token={{ jenkins.token }}" 
@ -257,7 +267,7 @@ def url_filename(url):
    return fn


-def uri(module, url, dest, user, password, body, body_format, method, headers, redirects, socket_timeout):
+def uri(module, url, dest, user, password, body, body_format, method, headers, redirects, socket_timeout, validate_certs):
    # To debug
    #httplib2.debug = 4

@ -273,7 +283,8 @@ def uri(module, url, dest, user, password, body, body_format, method, headers, r
        follow_all_redirects = False

    # Create a Http object and set some default options.
-    h = httplib2.Http(disable_ssl_certificate_validation=True, timeout=socket_timeout)
+    disable_validation = not validate_certs
+    h = httplib2.Http(disable_ssl_certificate_validation=disable_validation, timeout=socket_timeout)
    h.follow_all_redirects = follow_all_redirects
    h.follow_redirects = follow_redirects
    h.forward_authorization_headers = True
@ -360,6 +371,7 @@ def main():
            removes = dict(required=False, default=None),
            status_code = dict(required=False, default=[200], type='list'),
            timeout = dict(required=False, default=30, type='int'),
+            validate_certs = dict(required=False, default=False, type='bool'),
        ),
        check_invalid_arguments=False,
        add_file_common_args=True
@ -384,6 +396,7 @@ def main():
    removes = module.params['removes']
    status_code = [int(x) for x in list(module.params['status_code'])]
    socket_timeout = module.params['timeout']
+    validate_certs = module.params['validate_certs']

    dict_headers = {}

@ -425,7 +438,7 @@ def main():


    # Make the request
-    resp, content, dest = uri(module, url, dest, user, password, body, body_format, method, dict_headers, redirects, socket_timeout)
+    resp, content, dest = uri(module, url, dest, user, password, body, body_format, method, dict_headers, redirects, socket_timeout, validate_certs)
    resp['status'] = int(resp['status'])

    # Write the file out if requested