Merge pull request #334 from msabramo/bigip_disable_ssl_cert_verification

Add `verify` param; set false to ignore SSL cert
This commit is contained in:
Brian Coca 2015-03-25 21:46:11 -04:00
commit eef2a95f96
6 changed files with 118 additions and 0 deletions

View file

@ -56,6 +56,14 @@ options:
default: null default: null
choices: [] choices: []
aliases: [] aliases: []
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled sites using self-signed certificates.
required: false
default: 'yes'
choices: ['yes', 'no']
version_added: 1.9.1
session: session:
description: description:
- BIG-IP session support; may be useful to avoid concurrency - BIG-IP session support; may be useful to avoid concurrency
@ -1566,6 +1574,12 @@ def generate_software_list(f5):
software_list = software.get_all_software_status() software_list = software.get_all_software_status()
return software_list return software_list
def disable_ssl_cert_validation():
# You probably only want to do this for testing and never in production.
# From https://www.python.org/dev/peps/pep-0476/#id29
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
def main(): def main():
module = AnsibleModule( module = AnsibleModule(
@ -1573,6 +1587,7 @@ def main():
server = dict(type='str', required=True), server = dict(type='str', required=True),
user = dict(type='str', required=True), user = dict(type='str', required=True),
password = dict(type='str', required=True), password = dict(type='str', required=True),
validate_certs = dict(default='yes', type='bool'),
session = dict(type='bool', default=False), session = dict(type='bool', default=False),
include = dict(type='list', required=True), include = dict(type='list', required=True),
filter = dict(type='str', required=False), filter = dict(type='str', required=False),
@ -1585,6 +1600,7 @@ def main():
server = module.params['server'] server = module.params['server']
user = module.params['user'] user = module.params['user']
password = module.params['password'] password = module.params['password']
validate_certs = module.params['validate_certs']
session = module.params['session'] session = module.params['session']
fact_filter = module.params['filter'] fact_filter = module.params['filter']
if fact_filter: if fact_filter:
@ -1601,6 +1617,9 @@ def main():
if not all(include_test): if not all(include_test):
module.fail_json(msg="value of include must be one or more of: %s, got: %s" % (",".join(valid_includes), ",".join(include))) module.fail_json(msg="value of include must be one or more of: %s, got: %s" % (",".join(valid_includes), ",".join(include)))
if not validate_certs:
disable_ssl_cert_validation()
try: try:
facts = {} facts = {}

View file

@ -51,6 +51,14 @@ options:
- BIG-IP password - BIG-IP password
required: true required: true
default: null default: null
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled sites using self-signed certificates.
required: false
default: 'yes'
choices: ['yes', 'no']
version_added: 1.9.1
state: state:
description: description:
- Monitor state - Monitor state
@ -177,6 +185,14 @@ def bigip_api(bigip, user, password):
return api return api
def disable_ssl_cert_validation():
# You probably only want to do this for testing and never in production.
# From https://www.python.org/dev/peps/pep-0476/#id29
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
def check_monitor_exists(module, api, monitor, parent): def check_monitor_exists(module, api, monitor, parent):
# hack to determine if monitor exists # hack to determine if monitor exists
@ -311,6 +327,7 @@ def main():
server = dict(required=True), server = dict(required=True),
user = dict(required=True), user = dict(required=True),
password = dict(required=True), password = dict(required=True),
validate_certs = dict(default='yes', type='bool'),
partition = dict(default='Common'), partition = dict(default='Common'),
state = dict(default='present', choices=['present', 'absent']), state = dict(default='present', choices=['present', 'absent']),
name = dict(required=True), name = dict(required=True),
@ -331,6 +348,7 @@ def main():
server = module.params['server'] server = module.params['server']
user = module.params['user'] user = module.params['user']
password = module.params['password'] password = module.params['password']
validate_certs = module.params['validate_certs']
partition = module.params['partition'] partition = module.params['partition']
parent_partition = module.params['parent_partition'] parent_partition = module.params['parent_partition']
state = module.params['state'] state = module.params['state']
@ -348,6 +366,9 @@ def main():
# end monitor specific stuff # end monitor specific stuff
if not validate_certs:
disable_ssl_cert_validation()
if not bigsuds_found: if not bigsuds_found:
module.fail_json(msg="the python bigsuds module is required") module.fail_json(msg="the python bigsuds module is required")
api = bigip_api(server, user, password) api = bigip_api(server, user, password)

View file

@ -49,6 +49,14 @@ options:
- BIG-IP password - BIG-IP password
required: true required: true
default: null default: null
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled sites using self-signed certificates.
required: false
default: 'yes'
choices: ['yes', 'no']
version_added: 1.9.1
state: state:
description: description:
- Monitor state - Monitor state
@ -196,6 +204,14 @@ def bigip_api(bigip, user, password):
return api return api
def disable_ssl_cert_validation():
# You probably only want to do this for testing and never in production.
# From https://www.python.org/dev/peps/pep-0476/#id29
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
def check_monitor_exists(module, api, monitor, parent): def check_monitor_exists(module, api, monitor, parent):
# hack to determine if monitor exists # hack to determine if monitor exists
@ -331,6 +347,7 @@ def main():
server = dict(required=True), server = dict(required=True),
user = dict(required=True), user = dict(required=True),
password = dict(required=True), password = dict(required=True),
validate_certs = dict(default='yes', type='bool'),
partition = dict(default='Common'), partition = dict(default='Common'),
state = dict(default='present', choices=['present', 'absent']), state = dict(default='present', choices=['present', 'absent']),
name = dict(required=True), name = dict(required=True),
@ -351,6 +368,7 @@ def main():
server = module.params['server'] server = module.params['server']
user = module.params['user'] user = module.params['user']
password = module.params['password'] password = module.params['password']
validate_certs = module.params['validate_certs']
partition = module.params['partition'] partition = module.params['partition']
parent_partition = module.params['parent_partition'] parent_partition = module.params['parent_partition']
state = module.params['state'] state = module.params['state']
@ -372,6 +390,9 @@ def main():
# end monitor specific stuff # end monitor specific stuff
if not validate_certs:
disable_ssl_cert_validation()
if not bigsuds_found: if not bigsuds_found:
module.fail_json(msg="the python bigsuds module is required") module.fail_json(msg="the python bigsuds module is required")
api = bigip_api(server, user, password) api = bigip_api(server, user, password)

View file

@ -54,6 +54,14 @@ options:
default: null default: null
choices: [] choices: []
aliases: [] aliases: []
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled sites using self-signed certificates.
required: false
default: 'yes'
choices: ['yes', 'no']
version_added: 1.9.1
state: state:
description: description:
- Pool member state - Pool member state
@ -154,6 +162,12 @@ def bigip_api(bigip, user, password):
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password) api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
return api return api
def disable_ssl_cert_validation():
# You probably only want to do this for testing and never in production.
# From https://www.python.org/dev/peps/pep-0476/#id29
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
def node_exists(api, address): def node_exists(api, address):
# hack to determine if node exists # hack to determine if node exists
result = False result = False
@ -212,6 +226,7 @@ def main():
server = dict(type='str', required=True), server = dict(type='str', required=True),
user = dict(type='str', required=True), user = dict(type='str', required=True),
password = dict(type='str', required=True), password = dict(type='str', required=True),
validate_certs = dict(default='yes', type='bool'),
state = dict(type='str', default='present', choices=['present', 'absent']), state = dict(type='str', default='present', choices=['present', 'absent']),
partition = dict(type='str', default='Common'), partition = dict(type='str', default='Common'),
name = dict(type='str', required=True), name = dict(type='str', required=True),
@ -227,6 +242,7 @@ def main():
server = module.params['server'] server = module.params['server']
user = module.params['user'] user = module.params['user']
password = module.params['password'] password = module.params['password']
validate_certs = module.params['validate_certs']
state = module.params['state'] state = module.params['state']
partition = module.params['partition'] partition = module.params['partition']
host = module.params['host'] host = module.params['host']
@ -234,6 +250,9 @@ def main():
address = "/%s/%s" % (partition, name) address = "/%s/%s" % (partition, name)
description = module.params['description'] description = module.params['description']
if not validate_certs:
disable_ssl_cert_validation()
if state == 'absent' and host is not None: if state == 'absent' and host is not None:
module.fail_json(msg="host parameter invalid when state=absent") module.fail_json(msg="host parameter invalid when state=absent")

View file

@ -54,6 +54,14 @@ options:
default: null default: null
choices: [] choices: []
aliases: [] aliases: []
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled sites using self-signed certificates.
required: false
default: 'yes'
choices: ['yes', 'no']
version_added: 1.9.1
state: state:
description: description:
- Pool/pool member state - Pool/pool member state
@ -235,6 +243,12 @@ def bigip_api(bigip, user, password):
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password) api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
return api return api
def disable_ssl_cert_validation():
# You probably only want to do this for testing and never in production.
# From https://www.python.org/dev/peps/pep-0476/#id29
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
def pool_exists(api, pool): def pool_exists(api, pool):
# hack to determine if pool exists # hack to determine if pool exists
result = False result = False
@ -359,6 +373,7 @@ def main():
server = dict(type='str', required=True), server = dict(type='str', required=True),
user = dict(type='str', required=True), user = dict(type='str', required=True),
password = dict(type='str', required=True), password = dict(type='str', required=True),
validate_certs = dict(default='yes', type='bool'),
state = dict(type='str', default='present', choices=['present', 'absent']), state = dict(type='str', default='present', choices=['present', 'absent']),
name = dict(type='str', required=True, aliases=['pool']), name = dict(type='str', required=True, aliases=['pool']),
partition = dict(type='str', default='Common'), partition = dict(type='str', default='Common'),
@ -380,6 +395,7 @@ def main():
server = module.params['server'] server = module.params['server']
user = module.params['user'] user = module.params['user']
password = module.params['password'] password = module.params['password']
validate_certs = module.params['validate_certs']
state = module.params['state'] state = module.params['state']
name = module.params['name'] name = module.params['name']
partition = module.params['partition'] partition = module.params['partition']
@ -407,6 +423,9 @@ def main():
address = "/%s/%s" % (partition, host) address = "/%s/%s" % (partition, host)
port = module.params['port'] port = module.params['port']
if not validate_certs:
disable_ssl_cert_validation()
# sanity check user supplied values # sanity check user supplied values
if (host and not port) or (port and not host): if (host and not port) or (port and not host):

View file

@ -56,6 +56,14 @@ options:
default: null default: null
choices: [] choices: []
aliases: [] aliases: []
validate_certs:
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled sites using self-signed certificates.
required: false
default: 'yes'
choices: ['yes', 'no']
version_added: 1.9.1
state: state:
description: description:
- Pool member state - Pool member state
@ -189,6 +197,12 @@ def bigip_api(bigip, user, password):
api = bigsuds.BIGIP(hostname=bigip, username=user, password=password) api = bigsuds.BIGIP(hostname=bigip, username=user, password=password)
return api return api
def disable_ssl_cert_validation():
# You probably only want to do this for testing and never in production.
# From https://www.python.org/dev/peps/pep-0476/#id29
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
def pool_exists(api, pool): def pool_exists(api, pool):
# hack to determine if pool exists # hack to determine if pool exists
result = False result = False
@ -282,6 +296,7 @@ def main():
server = dict(type='str', required=True), server = dict(type='str', required=True),
user = dict(type='str', required=True), user = dict(type='str', required=True),
password = dict(type='str', required=True), password = dict(type='str', required=True),
validate_certs = dict(default='yes', type='bool'),
state = dict(type='str', default='present', choices=['present', 'absent']), state = dict(type='str', default='present', choices=['present', 'absent']),
pool = dict(type='str', required=True), pool = dict(type='str', required=True),
partition = dict(type='str', default='Common'), partition = dict(type='str', default='Common'),
@ -301,6 +316,7 @@ def main():
server = module.params['server'] server = module.params['server']
user = module.params['user'] user = module.params['user']
password = module.params['password'] password = module.params['password']
validate_certs = module.params['validate_certs']
state = module.params['state'] state = module.params['state']
partition = module.params['partition'] partition = module.params['partition']
pool = "/%s/%s" % (partition, module.params['pool']) pool = "/%s/%s" % (partition, module.params['pool'])
@ -312,6 +328,9 @@ def main():
address = "/%s/%s" % (partition, host) address = "/%s/%s" % (partition, host)
port = module.params['port'] port = module.params['port']
if not validate_certs:
disable_ssl_cert_validation()
# sanity check user supplied values # sanity check user supplied values
if (host and not port) or (port and not host): if (host and not port) or (port and not host):