Validate SSL certs accessed through urllib*

* Adds another module utility file which generalizes the
  access of urls via the urllib* libraries.
* Adds a new spec generator for common arguments.
* Makes the user-agent string configurable.

Fixes #6211

library/packaging/apt_key

@@ -64,6 +64,14 @@ options:
         default: present
         description:
             - used to specify if key is being added or revoked
+    validate_certs:
+        description:
+            - If C(no), SSL certificates for the target url will not be validated. This should only be used
+              on personally controlled sites using self-signed certificates.
+        required: false
+        default: 'yes'
+        choices: ['yes', 'no']
+
 '''
 
 EXAMPLES = '''
@@ -88,7 +96,6 @@ EXAMPLES = '''
 
 
 # FIXME: standardize into module_common
-from urllib2 import urlopen, URLError
 from traceback import format_exc
 from re import compile as re_compile
 # FIXME: standardize into module_common
@@ -133,11 +140,8 @@ def download_key(module, url):
     if url is None:
         module.fail_json(msg="needed a URL but was not specified")
     try:
-        connection = urlopen(url)
-        if connection is None:
-            module.fail_json("error connecting to download key from url")
-        data = connection.read()
-        return data
+        rsp, info = fetch_url(module, url, validate_certs=module.params['validate_certs'])
+        return rsp.read()
     except Exception:
         module.fail_json(msg="error getting key id from url", traceback=format_exc())
 
@@ -175,7 +179,8 @@ def main():
             file=dict(required=False),
             key=dict(required=False),
             keyring=dict(required=False),
-            state=dict(required=False, choices=['present', 'absent'], default='present')
+            state=dict(required=False, choices=['present', 'absent'], default='present'),
+            validate_certs=dict(default='yes', type='bool'),
         ),
         supports_check_mode=True
     )
@@ -240,4 +245,5 @@ def main():
 
 # import module snippets
 from ansible.module_utils.basic import *
+from ansible.module_utils.urls import *
 main()

library/packaging/rpm_key

@@ -42,6 +42,14 @@ options:
       choices: [present, absent]
       description:
           - Wheather the key will be imported or removed from the rpm db.
+    validate_certs:
+      description:
+          - If C(no) and the C(key) is a url starting with https, SSL certificates will not be validated. This should only be used
+            on personally controlled sites using self-signed certificates.
+      required: false
+      default: 'yes'
+      choices: ['yes', 'no']
+
 '''
 
 EXAMPLES = '''
@@ -57,7 +65,6 @@ EXAMPLES = '''
 import syslog
 import os.path
 import re
-import urllib2
 import tempfile
 
 # Attempt to download at most 8192 bytes.
@@ -116,8 +123,8 @@ class RpmKey:
     def fetch_key(self, url, maxbytes=MAXBYTES):
         """Downloads a key from url, returns a valid path to a gpg key"""
         try:
-            fd = urllib2.urlopen(url)
-            key = fd.read(maxbytes)
+            rsp, info = fetch_url(self.module, url, validate_certs=self.module.params['validate_certs'])
+            key = rsp.read(maxbytes)
             if not is_pubkey(key):
                 self.module.fail_json(msg="Not a public key: %s" % url)
             tmpfd, tmpname = tempfile.mkstemp()
@@ -187,7 +194,8 @@ def main():
     module = AnsibleModule(
             argument_spec = dict(
                 state=dict(default='present', choices=['present', 'absent'], type='str'),
-                key=dict(required=True, type='str')
+                key=dict(required=True, type='str'),
+                validate_certs=dict(default='yes', type='bool'),
                 ),
             supports_check_mode=True
             )
@@ -198,4 +206,5 @@ def main():
 
 # import module snippets
 from ansible.module_utils.basic import *
+from ansible.module_utils.urls import *
 main()