Change uri module to validate ssl certs by default

lib/ansible/modules/network/basics/uri.py

@@ -131,6 +131,15 @@ options:
     description:
       - all arguments accepted by the M(file) module also work here
     required: false
+  validate_certs:
+    description:
+      - If C(no), SSL certificates will not be validated.  This should only
+        set to C(no) used on personally controlled sites using self-signed
+        certificates.  Prior to 1.9.2 the code defaulted to C(no).
+    required: false
+    default: 'yes'
+    choices: ['yes', 'no']
+    version_added: '1.9.2'
 
 # informational: requirements for nodes
 requirements: [ urlparse, httplib2 ]
@@ -162,20 +171,21 @@ EXAMPLES = '''
 
 # Login to a form based webpage, then use the returned cookie to
 # access the app in later tasks
+
 - uri:
     url: https://your.form.based.auth.examle.com/index.php 
     method: POST
     body: "name=your_username&password=your_password&enter=Sign%20in" 
     status_code: 302
     HEADER_Content-Type: "application/x-www-form-urlencoded"
-    register: login
+  register: login
 
 - uri:
     url: https://your.form.based.auth.example.com/dashboard.php
     method: GET
     return_content: yes
     HEADER_Cookie: "{{login.set_cookie}}"
-            
+
 # Queue build of a project in Jenkins:
 - uri:
     url: "http://{{ jenkins.host }}/job/{{ jenkins.job }}/build?token={{ jenkins.token }}" 
@@ -256,7 +266,7 @@ def url_filename(url):
     return fn
 
 
-def uri(module, url, dest, user, password, body, body_format, method, headers, redirects, socket_timeout):
+def uri(module, url, dest, user, password, body, body_format, method, headers, redirects, socket_timeout, validate_certs):
     # To debug
     #httplib2.debug = 4
 
@@ -272,7 +282,8 @@ def uri(module, url, dest, user, password, body, body_format, method, headers, r
         follow_all_redirects = False
 
     # Create a Http object and set some default options.
-    h = httplib2.Http(disable_ssl_certificate_validation=True, timeout=socket_timeout)
+    disable_validation = not validate_certs
+    h = httplib2.Http(disable_ssl_certificate_validation=disable_validation, timeout=socket_timeout)
     h.follow_all_redirects = follow_all_redirects
     h.follow_redirects = follow_redirects
     h.forward_authorization_headers = True
@@ -359,6 +370,7 @@ def main():
             removes = dict(required=False, default=None),
             status_code = dict(required=False, default=[200], type='list'),
             timeout = dict(required=False, default=30, type='int'),
+            validate_certs = dict(required=False, default=False, type='bool'),
         ),
         check_invalid_arguments=False,
         add_file_common_args=True
@@ -383,6 +395,7 @@ def main():
     removes = module.params['removes']
     status_code = [int(x) for x in list(module.params['status_code'])]
     socket_timeout = module.params['timeout']
+    validate_certs = module.params['validate_certs']
 
     dict_headers = {}
 
@@ -424,7 +437,7 @@ def main():
 
 
     # Make the request
-    resp, content, dest = uri(module, url, dest, user, password, body, body_format, method, dict_headers, redirects, socket_timeout)
+    resp, content, dest = uri(module, url, dest, user, password, body, body_format, method, dict_headers, redirects, socket_timeout, validate_certs)
     resp['status'] = int(resp['status'])
 
     # Write the file out if requested