Update f5 validate_certs functionality to do the right thing on multiple python versions
This requires the implementation in the module_utils code here https://github.com/ansible/ansible/pull/13667 to funciton
This commit is contained in:
parent
19e496c69c
commit
c67316cbaf
6 changed files with 28 additions and 27 deletions
|
@ -59,7 +59,8 @@ options:
|
||||||
validate_certs:
|
validate_certs:
|
||||||
description:
|
description:
|
||||||
- If C(no), SSL certificates will not be validated. This should only be used
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
on personally controlled sites using self-signed certificates.
|
on personally controlled sites. Prior to 2.0, this module would always
|
||||||
|
validate on python >= 2.7.9 and never validate on python <= 2.7.8
|
||||||
required: false
|
required: false
|
||||||
default: 'yes'
|
default: 'yes'
|
||||||
choices: ['yes', 'no']
|
choices: ['yes', 'no']
|
||||||
|
@ -136,8 +137,8 @@ class F5(object):
|
||||||
api: iControl API instance.
|
api: iControl API instance.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, host, user, password, session=False):
|
def __init__(self, host, user, password, session=False, validate_certs=True):
|
||||||
self.api = bigsuds.BIGIP(hostname=host, username=user, password=password)
|
self.api = bigip_api(host, user, password, validate_certs)
|
||||||
if session:
|
if session:
|
||||||
self.start_session()
|
self.start_session()
|
||||||
|
|
||||||
|
@ -1574,12 +1575,6 @@ def generate_software_list(f5):
|
||||||
software_list = software.get_all_software_status()
|
software_list = software.get_all_software_status()
|
||||||
return software_list
|
return software_list
|
||||||
|
|
||||||
def disable_ssl_cert_validation():
|
|
||||||
# You probably only want to do this for testing and never in production.
|
|
||||||
# From https://www.python.org/dev/peps/pep-0476/#id29
|
|
||||||
import ssl
|
|
||||||
ssl._create_default_https_context = ssl._create_unverified_context
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
|
@ -1595,7 +1590,7 @@ def main():
|
||||||
)
|
)
|
||||||
|
|
||||||
if not bigsuds_found:
|
if not bigsuds_found:
|
||||||
module.fail_json(msg="the python suds and bigsuds modules is required")
|
module.fail_json(msg="the python suds and bigsuds modules are required")
|
||||||
|
|
||||||
server = module.params['server']
|
server = module.params['server']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
|
@ -1603,6 +1598,12 @@ def main():
|
||||||
validate_certs = module.params['validate_certs']
|
validate_certs = module.params['validate_certs']
|
||||||
session = module.params['session']
|
session = module.params['session']
|
||||||
fact_filter = module.params['filter']
|
fact_filter = module.params['filter']
|
||||||
|
|
||||||
|
if validate_certs:
|
||||||
|
import ssl
|
||||||
|
if not hasattr(ssl, 'SSLContext'):
|
||||||
|
module.fail_json(msg='bigsuds does not support verifying certificates with python < 2.7.9. Either update python or set validate_certs=False on the task')
|
||||||
|
|
||||||
if fact_filter:
|
if fact_filter:
|
||||||
regex = fnmatch.translate(fact_filter)
|
regex = fnmatch.translate(fact_filter)
|
||||||
else:
|
else:
|
||||||
|
@ -1617,14 +1618,11 @@ def main():
|
||||||
if not all(include_test):
|
if not all(include_test):
|
||||||
module.fail_json(msg="value of include must be one or more of: %s, got: %s" % (",".join(valid_includes), ",".join(include)))
|
module.fail_json(msg="value of include must be one or more of: %s, got: %s" % (",".join(valid_includes), ",".join(include)))
|
||||||
|
|
||||||
if not validate_certs:
|
|
||||||
disable_ssl_cert_validation()
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
facts = {}
|
facts = {}
|
||||||
|
|
||||||
if len(include) > 0:
|
if len(include) > 0:
|
||||||
f5 = F5(server, user, password, session)
|
f5 = F5(server, user, password, session, validate_certs)
|
||||||
saved_active_folder = f5.get_active_folder()
|
saved_active_folder = f5.get_active_folder()
|
||||||
saved_recursive_query_state = f5.get_recursive_query_state()
|
saved_recursive_query_state = f5.get_recursive_query_state()
|
||||||
if saved_active_folder != "/":
|
if saved_active_folder != "/":
|
||||||
|
@ -1685,6 +1683,7 @@ def main():
|
||||||
|
|
||||||
# include magic from lib/ansible/module_common.py
|
# include magic from lib/ansible/module_common.py
|
||||||
from ansible.module_utils.basic import *
|
from ansible.module_utils.basic import *
|
||||||
|
from ansible.module_utils.f5 import *
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
main()
|
main()
|
||||||
|
|
|
@ -54,7 +54,8 @@ options:
|
||||||
validate_certs:
|
validate_certs:
|
||||||
description:
|
description:
|
||||||
- If C(no), SSL certificates will not be validated. This should only be used
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
on personally controlled sites using self-signed certificates.
|
on personally controlled sites. Prior to 2.0, this module would always
|
||||||
|
validate on python >= 2.7.9 and never validate on python <= 2.7.8
|
||||||
required: false
|
required: false
|
||||||
default: 'yes'
|
default: 'yes'
|
||||||
choices: ['yes', 'no']
|
choices: ['yes', 'no']
|
||||||
|
@ -333,7 +334,7 @@ def main():
|
||||||
|
|
||||||
# end monitor specific stuff
|
# end monitor specific stuff
|
||||||
|
|
||||||
api = bigip_api(server, user, password)
|
api = bigip_api(server, user, password, validate_certs)
|
||||||
monitor_exists = check_monitor_exists(module, api, monitor, parent)
|
monitor_exists = check_monitor_exists(module, api, monitor, parent)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,8 @@ options:
|
||||||
validate_certs:
|
validate_certs:
|
||||||
description:
|
description:
|
||||||
- If C(no), SSL certificates will not be validated. This should only be used
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
on personally controlled sites using self-signed certificates.
|
on personally controlled sites. Prior to 2.0, this module would always
|
||||||
|
validate on python >= 2.7.9 and never validate on python <= 2.7.8
|
||||||
required: false
|
required: false
|
||||||
default: 'yes'
|
default: 'yes'
|
||||||
choices: ['yes', 'no']
|
choices: ['yes', 'no']
|
||||||
|
@ -356,7 +357,7 @@ def main():
|
||||||
|
|
||||||
# end monitor specific stuff
|
# end monitor specific stuff
|
||||||
|
|
||||||
api = bigip_api(server, user, password)
|
api = bigip_api(server, user, password, validate_certs)
|
||||||
monitor_exists = check_monitor_exists(module, api, monitor, parent)
|
monitor_exists = check_monitor_exists(module, api, monitor, parent)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -57,7 +57,8 @@ options:
|
||||||
validate_certs:
|
validate_certs:
|
||||||
description:
|
description:
|
||||||
- If C(no), SSL certificates will not be validated. This should only be used
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
on personally controlled sites using self-signed certificates.
|
on personally controlled sites. Prior to 2.0, this module would always
|
||||||
|
validate on python >= 2.7.9 and never validate on python <= 2.7.8
|
||||||
required: false
|
required: false
|
||||||
default: 'yes'
|
default: 'yes'
|
||||||
choices: ['yes', 'no']
|
choices: ['yes', 'no']
|
||||||
|
@ -290,7 +291,7 @@ def main():
|
||||||
module.fail_json(msg="host parameter invalid when state=absent")
|
module.fail_json(msg="host parameter invalid when state=absent")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
api = bigip_api(server, user, password)
|
api = bigip_api(server, user, password, validate_certs)
|
||||||
result = {'changed': False} # default
|
result = {'changed': False} # default
|
||||||
|
|
||||||
if state == 'absent':
|
if state == 'absent':
|
||||||
|
|
|
@ -57,7 +57,8 @@ options:
|
||||||
validate_certs:
|
validate_certs:
|
||||||
description:
|
description:
|
||||||
- If C(no), SSL certificates will not be validated. This should only be used
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
on personally controlled sites using self-signed certificates.
|
on personally controlled sites. Prior to 2.0, this module would always
|
||||||
|
validate on python >= 2.7.9 and never validate on python <= 2.7.8
|
||||||
required: false
|
required: false
|
||||||
default: 'yes'
|
default: 'yes'
|
||||||
choices: ['yes', 'no']
|
choices: ['yes', 'no']
|
||||||
|
@ -390,9 +391,6 @@ def main():
|
||||||
address = fq_name(partition,host)
|
address = fq_name(partition,host)
|
||||||
port = module.params['port']
|
port = module.params['port']
|
||||||
|
|
||||||
if not validate_certs:
|
|
||||||
disable_ssl_cert_validation()
|
|
||||||
|
|
||||||
# sanity check user supplied values
|
# sanity check user supplied values
|
||||||
|
|
||||||
if (host and not port) or (port and not host):
|
if (host and not port) or (port and not host):
|
||||||
|
@ -421,7 +419,7 @@ def main():
|
||||||
module.fail_json(msg="quorum requires monitors parameter")
|
module.fail_json(msg="quorum requires monitors parameter")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
api = bigip_api(server, user, password)
|
api = bigip_api(server, user, password, validate_certs)
|
||||||
result = {'changed': False} # default
|
result = {'changed': False} # default
|
||||||
|
|
||||||
if state == 'absent':
|
if state == 'absent':
|
||||||
|
|
|
@ -50,7 +50,8 @@ options:
|
||||||
validate_certs:
|
validate_certs:
|
||||||
description:
|
description:
|
||||||
- If C(no), SSL certificates will not be validated. This should only be used
|
- If C(no), SSL certificates will not be validated. This should only be used
|
||||||
on personally controlled sites using self-signed certificates.
|
on personally controlled sites. Prior to 2.0, this module would always
|
||||||
|
validate on python >= 2.7.9 and never validate on python <= 2.7.8
|
||||||
required: false
|
required: false
|
||||||
default: 'yes'
|
default: 'yes'
|
||||||
choices: ['yes', 'no']
|
choices: ['yes', 'no']
|
||||||
|
@ -347,7 +348,7 @@ def main():
|
||||||
module.fail_json(msg="valid ports must be in range 1 - 65535")
|
module.fail_json(msg="valid ports must be in range 1 - 65535")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
api = bigip_api(server, user, password)
|
api = bigip_api(server, user, password, validate_certs)
|
||||||
if not pool_exists(api, pool):
|
if not pool_exists(api, pool):
|
||||||
module.fail_json(msg="pool %s does not exist" % pool)
|
module.fail_json(msg="pool %s does not exist" % pool)
|
||||||
result = {'changed': False} # default
|
result = {'changed': False} # default
|
||||||
|
|
Loading…
Reference in a new issue