Adding 'validate_certs' option to EC2 modules

When disabled, the boto connection will be instantiated without validating the SSL certificate from the target endpoint. This allows the modules to connect to Eucalyptus instances running with self-signed certs without errors. Fixes #3978
2026-05-07 22:02:50 +00:00 · 2014-02-13 12:12:08 -06:00
parent eaced05a77
commit 056d54ebd3
12 changed files with 108 additions and 3 deletions
--- a/lib/ansible/module_utils/ec2.py
+++ b/lib/ansible/module_utils/ec2.py
@@ -1,3 +1,9 @@
+try:
+    from distutils.version import LooseVersion
+    HAS_LOOSE_VERSION = True
+except:
+    HAS_LOOSE_VERSION = False
+
 AWS_REGIONS = ['ap-northeast-1',
               'ap-southeast-1',
               'ap-southeast-2',
@@ -14,6 +20,7 @@ def ec2_argument_spec():
        ec2_url=dict(),
        ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True),
        ec2_access_key=dict(aliases=['aws_access_key', 'access_key']),
+        validate_certs=dict(default=True, type='bool'),
    )


@@ -62,17 +69,24 @@ def ec2_connect(module):
    """ Return an ec2 connection"""

    ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module)
+    validate_certs = module.get('validate_certs', True)

    # If we have a region specified, connect to its endpoint.
    if region:
        try:
-            ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
+            if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
+                ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs)
+            else:
+                ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key)
        except boto.exception.NoAuthHandlerFound, e:
            module.fail_json(msg = str(e))
    # Otherwise, no region so we fallback to the old connection method
    elif ec2_url:
        try:
-            ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
+            if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"):
+                ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs)
+            else:
+                ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key)
        except boto.exception.NoAuthHandlerFound, e:
            module.fail_json(msg = str(e))
    else: