Validate SSL certs accessed through urllib*

* Adds another module utility file which generalizes the access of urls via the urllib* libraries. * Adds a new spec generator for common arguments. * Makes the user-agent string configurable. Fixes #6211
2026-05-08 06:12:51 +00:00 · 2014-03-10 16:06:52 -05:00
parent 6577ff5f85
commit 9730157525
23 changed files with 598 additions and 402 deletions
--- a/library/net_infrastructure/dnsmadeeasy
+++ b/library/net_infrastructure/dnsmadeeasy
@@ -106,8 +106,6 @@ EXAMPLES = '''

 IMPORT_ERROR = None
 try:
-    import urllib
-    import urllib2
    import json
    from time import strftime, gmtime
    import hashlib
@@ -115,22 +113,6 @@ try:
 except ImportError, e:
    IMPORT_ERROR = str(e)

-
-class RequestWithMethod(urllib2.Request):
-
-    """Workaround for using DELETE/PUT/etc with urllib2"""
-
-    def __init__(self, url, method, data=None, headers={}):
-        self._method = method
-        urllib2.Request.__init__(self, url, data, headers)
-
-    def get_method(self):
-        if self._method:
-            return self._method
-        else:
-            return urllib2.Request.get_method(self)
-
-
 class DME2:

    def __init__(self, apikey, secret, domain, module):
@@ -169,16 +151,10 @@ class DME2:
        url = self.baseurl + resource
        if data and not isinstance(data, basestring):
            data = urllib.urlencode(data)
-        request = RequestWithMethod(url, method, data, self._headers())

-        try:
-            response = urllib2.urlopen(request)
-        except urllib2.HTTPError, e:
-            self.module.fail_json(
-                msg="%s returned %s, with body: %s" % (url, e.code, e.read()))
-        except Exception, e:
-            self.module.fail_json(
-                msg="Failed contacting: %s : Exception %s" % (url, e.message()))
+        response, info = fetch_url(self.module, url, data=data, method=method)
+        if info['status'] not in (200, 201, 204):
+            self.module.fail_json(msg="%s returned %s, with body: %s" % (url, info['status'], info['msg']))

        try:
            return json.load(response)
@@ -338,4 +314,6 @@ def main():

 # import module snippets
 from ansible.module_utils.basic import *
+from ansible.module_utils.urls import *
+
 main()
--- a/library/net_infrastructure/netscaler
+++ b/library/net_infrastructure/netscaler
@@ -73,6 +73,14 @@ options:
    default: server
    choices: ["server", "service"]
    aliases: []
+  validate_certs:
+    description:
+      - If C(no), SSL certificates for the target url will not be validated. This should only be used
+        on personally controlled sites using self-signed certificates.
+    required: false
+    default: 'yes'
+    choices: ['yes', 'no']
+
 requirements: [ "urllib", "urllib2" ]
 author: Nandor Sivok
 '''
@@ -90,8 +98,6 @@ ansible host -m netscaler -a "nsc_host=nsc.example.com user=apiuser password=api


 import json
-import urllib
-import urllib2
 import base64
 import socket

@@ -100,23 +106,25 @@ class netscaler(object):

    _nitro_base_url = '/nitro/v1/'

+    def __init__(self, module):
+        self.module = module
+
    def http_request(self, api_endpoint, data_json={}):
        request_url = self._nsc_protocol + '://' + self._nsc_host + self._nitro_base_url + api_endpoint
+
        data_json = urllib.urlencode(data_json)
+        if not len(data_json):
+            data_json = None

-        if len(data_json):
-            req = urllib2.Request(request_url, data_json)
-            req.add_header('Content-Type', 'application/x-www-form-urlencoded')
-        else:
-            req = urllib2.Request(request_url)
+        auth = base64.encodestring('%s:%s' % (self._nsc_user, self._nsc_pass)).replace('\n', '').strip()
+        headers = {
+            'Authorization': 'Basic %s' % auth,
+            'Content-Type' : 'application/x-www-form-urlencoded',
+        }

-        base64string = base64.encodestring('%s:%s' % (self._nsc_user, self._nsc_pass)).replace('\n', '').strip()
-        req.add_header('Authorization', "Basic %s" % base64string)
+        response, info = fetch_url(self.module, request_url, data=data_json, validate_certs=self.module.params['validate_certs'])

-        resp = urllib2.urlopen(req)
-        resp = json.load(resp)
-
-        return resp
+        return json.load(response.read())

    def prepare_request(self, action):
        resp = self.http_request(
@@ -134,7 +142,7 @@ class netscaler(object):


 def core(module):
-    n = netscaler()
+    n = netscaler(module)
    n._nsc_host = module.params.get('nsc_host')
    n._nsc_user = module.params.get('user')
    n._nsc_pass = module.params.get('password')
@@ -158,7 +166,8 @@ def main():
            password = dict(required=True),
            action = dict(default='enable', choices=['enable','disable']),
            name = dict(default=socket.gethostname()),
-            type = dict(default='server', choices=['service', 'server'])
+            type = dict(default='server', choices=['service', 'server']),
+            validate_certs=dict(default='yes', type='bool'),
        )
    )

@@ -177,4 +186,5 @@ def main():

 # import module snippets
 from ansible.module_utils.basic import *
+from ansible.module_utils.urls import *
 main()