mirror of
https://github.com/ansible-collections/kubernetes.core.git
synced 2026-03-27 05:43:02 +00:00
Fix K8S_AUTH_VERIFY_SSL environment value handling in kubectl connection plugin (#1049)
SUMMARY
Fixed a bug where setting K8S_AUTH_VERIFY_SSL=true (or any string value) caused the value to be treated as a separate kubectl command argument instead of being properly converted to a boolean.
The option key name is validate_certs, which does NOT end with "verify_ssl", so the original condition key.endswith("verify_ssl") at line 327 failed. This caused the code to fall through to the else block which added the value as separate
arguments: ["--insecure-skip-tls-verify", "true"], making "true" appear as a kubectl command.
Fixes #1021
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
kubernetes.core.kubectl
ADDITIONAL INFORMATION
Changes Made
Changed condition from key.endswith("verify_ssl") to key == "validate_certs"
Added import of boolean function from ansible.module_utils.parsing.convert_bool
Added proper boolean conversion using boolean(self.get_option(key), strict=False)
Partially used LLM (GitHub Copilot with Claude Sonnet 4).
Before Fix
K8S_AUTH_VERIFY_SSL=true
Command: ['/usr/bin/kubectl', '--insecure-skip-tls-verify', 'true', 'exec', ...]
^^^^^ treated as kubectl command (BUG!)
After Fix
K8S_AUTH_VERIFY_SSL=true
Command: ['/usr/bin/kubectl', '--insecure-skip-tls-verify=false', 'exec', ...]
^^^^^ properly converted (FIXED!)
Reviewed-by: Bikouo Aubin
Reviewed-by: Alina Buzachis
Reviewed-by: Bianca Henderson <beeankha@gmail.com>
This commit is contained in:
Yuriy Novostavskiy
committed by
GitHub
GitHub
parent
987c029c87
commit
12abc9bda9
@@ -0,0 +1,2 @@
|
|||||||
|
bugfixes:
|
||||||
|
- Fixed a bug where setting K8S_AUTH_VERIFY_SSL=true (or any string value) caused the value to be treated as a separate kubectl command argument. (https://github.com/ansible-collections/kubernetes.core/pull/1049).
|
||||||
@@ -265,6 +265,7 @@ import tempfile
|
|||||||
|
|
||||||
from ansible.errors import AnsibleError, AnsibleFileNotFound
|
from ansible.errors import AnsibleError, AnsibleFileNotFound
|
||||||
from ansible.module_utils._text import to_bytes
|
from ansible.module_utils._text import to_bytes
|
||||||
|
from ansible.module_utils.parsing.convert_bool import boolean
|
||||||
from ansible.module_utils.six.moves import shlex_quote
|
from ansible.module_utils.six.moves import shlex_quote
|
||||||
from ansible.parsing.yaml.loader import AnsibleLoader
|
from ansible.parsing.yaml.loader import AnsibleLoader
|
||||||
from ansible.plugins.connection import BUFSIZE, ConnectionBase
|
from ansible.plugins.connection import BUFSIZE, ConnectionBase
|
||||||
@@ -324,9 +325,12 @@ class Connection(ConnectionBase):
|
|||||||
# Build command options based on doc string
|
# Build command options based on doc string
|
||||||
doc_yaml = AnsibleLoader(self.documentation).get_single_data()
|
doc_yaml = AnsibleLoader(self.documentation).get_single_data()
|
||||||
for key in doc_yaml.get("options"):
|
for key in doc_yaml.get("options"):
|
||||||
if key.endswith("verify_ssl") and self.get_option(key) != "":
|
if key == "validate_certs" and self.get_option(key) != "":
|
||||||
# Translate verify_ssl to skip_verify_ssl, and output as string
|
# Translate validate_certs to --insecure-skip-tls-verify flag
|
||||||
skip_verify_ssl = not self.get_option(key)
|
# validate_certs=True means verify certs (don't skip verification)
|
||||||
|
# validate_certs=False means don't verify certs (skip verification)
|
||||||
|
validate_certs_value = boolean(self.get_option(key), strict=False)
|
||||||
|
skip_verify_ssl = not validate_certs_value
|
||||||
local_cmd.append(
|
local_cmd.append(
|
||||||
"{0}={1}".format(
|
"{0}={1}".format(
|
||||||
self.connection_options[key], str(skip_verify_ssl).lower()
|
self.connection_options[key], str(skip_verify_ssl).lower()
|
||||||
|
|||||||
Reference in New Issue
Block a user