Change uri module to validate ssl certs by default

This commit is contained in:
Toshio Kuratomi 2015-05-28 15:02:28 -07:00 committed by Matt Clay
parent 8ee2102993
commit a4497a7ddf

View file

@ -131,6 +131,15 @@ options:
description:
- all arguments accepted by the M(file) module also work here
required: false
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only
set to C(no) used on personally controlled sites using self-signed
certificates. Prior to 1.9.2 the code defaulted to C(no).
required: false
default: 'yes'
choices: ['yes', 'no']
version_added: '1.9.2'
# informational: requirements for nodes
requirements: [ urlparse, httplib2 ]
@ -162,20 +171,21 @@ EXAMPLES = '''
# Login to a form based webpage, then use the returned cookie to
# access the app in later tasks
- uri:
url: https://your.form.based.auth.examle.com/index.php
method: POST
body: "name=your_username&password=your_password&enter=Sign%20in"
status_code: 302
HEADER_Content-Type: "application/x-www-form-urlencoded"
register: login
register: login
- uri:
url: https://your.form.based.auth.example.com/dashboard.php
method: GET
return_content: yes
HEADER_Cookie: "{{login.set_cookie}}"
# Queue build of a project in Jenkins:
- uri:
url: "http://{{ jenkins.host }}/job/{{ jenkins.job }}/build?token={{ jenkins.token }}"
@ -256,7 +266,7 @@ def url_filename(url):
return fn
def uri(module, url, dest, user, password, body, body_format, method, headers, redirects, socket_timeout):
def uri(module, url, dest, user, password, body, body_format, method, headers, redirects, socket_timeout, validate_certs):
# To debug
#httplib2.debug = 4
@ -272,7 +282,8 @@ def uri(module, url, dest, user, password, body, body_format, method, headers, r
follow_all_redirects = False
# Create a Http object and set some default options.
h = httplib2.Http(disable_ssl_certificate_validation=True, timeout=socket_timeout)
disable_validation = not validate_certs
h = httplib2.Http(disable_ssl_certificate_validation=disable_validation, timeout=socket_timeout)
h.follow_all_redirects = follow_all_redirects
h.follow_redirects = follow_redirects
h.forward_authorization_headers = True
@ -359,6 +370,7 @@ def main():
removes = dict(required=False, default=None),
status_code = dict(required=False, default=[200], type='list'),
timeout = dict(required=False, default=30, type='int'),
validate_certs = dict(required=False, default=False, type='bool'),
),
check_invalid_arguments=False,
add_file_common_args=True
@ -383,6 +395,7 @@ def main():
removes = module.params['removes']
status_code = [int(x) for x in list(module.params['status_code'])]
socket_timeout = module.params['timeout']
validate_certs = module.params['validate_certs']
dict_headers = {}
@ -424,7 +437,7 @@ def main():
# Make the request
resp, content, dest = uri(module, url, dest, user, password, body, body_format, method, dict_headers, redirects, socket_timeout)
resp, content, dest = uri(module, url, dest, user, password, body, body_format, method, dict_headers, redirects, socket_timeout, validate_certs)
resp['status'] = int(resp['status'])
# Write the file out if requested