tower modules: check that 'verify_ssl' defined in ~/.tower_cli.cfg isn't ignored (#50687)

* Check that verify_ssl defined in tower_cli.cfg isn't ignored * Avoid to override verify_ssl value defined in tower_cli.cfg By default, tower-cli library enables SSL certificates check. But verify_ssl false value defined in config files read by default by tower-cli library (for example /etc/tower/tower_cli.cfg) was ignored because overriden by the tower_verify_ssl parameter default value. * fix a typo in comment
2026-05-07 13:52:54 +00:00 · 2019-02-13 11:26:43 +01:00
parent 797a5218fb
commit 51270be883
4 changed files with 55 additions and 3 deletions
--- a/test/integration/targets/tower_common/aliases
+++ b/test/integration/targets/tower_common/aliases
@@ -0,0 +1,2 @@
+cloud/tower
+shippable/tower/group1
--- a/test/integration/targets/tower_common/tasks/main.yml
+++ b/test/integration/targets/tower_common/tasks/main.yml
@@ -0,0 +1,51 @@
+# Test behaviour common to all tower modules
+- name: Check that SSL is available
+  tower_organization:
+    name: Default
+  environment:
+    TOWER_HOST: "https://{{ lookup('env', 'TOWER_HOST') }}"
+  register: result
+
+- name: Check we haven't changed anything
+  assert:
+    that: result is not changed
+
+- name: Check that SSL is available and verify_ssl is enabled (task must fail)
+  tower_organization:
+    name: Default
+  environment:
+    TOWER_HOST: "https://{{ lookup('env', 'TOWER_HOST') }}"
+    TOWER_CERTIFICATE: /dev/null  # force check failure
+  ignore_errors: true
+  register: check_ssl_is_used
+
+- name: Check that connection failed
+  assert:
+    that:
+      - check_ssl_is_used is failed
+      - >
+          'Could not establish a secure connection' in check_ssl_is_used.module_stderr
+          or 'OpenSSL.SSL.Error' in check_ssl_is_used.module_stderr
+        # 'Could not establish a secure connection': when pyOpenSSL isn't available
+        # 'OpenSSL.SSL.Error': with pyOpenSSL, see https://github.com/urllib3/urllib3/pull/1517
+
+- name: Disable verify_ssl in ~/.tower_cli.cfg
+  copy:
+    dest: ~/.tower_cli.cfg
+    content: |
+      [general]
+      verify_ssl = False
+    force: false  # ensure remote file doesn't exist
+
+- block:
+    - name: Check that verify_ssl is disabled (task must not fail)
+      tower_organization:
+        name: Default
+      environment:
+        TOWER_HOST: "https://{{ lookup('env', 'TOWER_HOST') }}"
+        TOWER_CERTIFICATE: /dev/null  # should not fail because verify_ssl is disabled
+  always:
+    - name: Delete ~/.tower_cli.cfg
+      file:
+        path: ~/.tower_cli.cfg
+        state: absent