Skip to content

Commit b96bdb5

Browse files
dpassantedpassante
authored
add support for SSL CA cert verification (#3)
1 parent a3d0499 commit b96bdb5

File tree

3 files changed

+12
-2
lines changed

3 files changed

+12
-2
lines changed

plugins/doc_fragments/cloudstack.py

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,9 +51,16 @@ class ModuleDocFragment(object):
5151
- If not given, the C(CLOUDSTACK_REGION) env variable is considered.
5252
type: str
5353
default: cloudstack
54+
api_verify_ssl_cert:
55+
description:
56+
- CA authority cert file.
57+
- If not given, the C(CLOUDSTACK_VERIFY) env variable is considered.
58+
- As the last option, the value is taken from the ini config file, also see the notes.
59+
- Fallback value is C(null) if not specified.
60+
type: str
5461
requirements:
5562
- python >= 2.6
56-
- cs >= 0.6.10
63+
- cs >= 0.9.0
5764
notes:
5865
- Ansible uses the C(cs) library's configuration method if credentials are not
5966
provided by the arguments C(api_url), C(api_key), C(api_secret).

plugins/module_utils/cloudstack.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ def cs_argument_spec():
3535
api_http_method=dict(choices=['get', 'post'], default=os.environ.get('CLOUDSTACK_METHOD')),
3636
api_timeout=dict(type='int', default=os.environ.get('CLOUDSTACK_TIMEOUT')),
3737
api_region=dict(default=os.environ.get('CLOUDSTACK_REGION') or 'cloudstack'),
38+
api_verify_ssl_cert=dict(default=os.environ.get('CLOUDSTACK_VERIFY')),
3839
)
3940

4041

@@ -125,13 +126,15 @@ def get_api_config(self):
125126
'secret': self.module.params.get('api_secret') or config.get('secret'),
126127
'timeout': self.module.params.get('api_timeout') or config.get('timeout') or 10,
127128
'method': self.module.params.get('api_http_method') or config.get('method') or 'get',
129+
'verify': self.module.params.get('api_verify_ssl_cert') or config.get('verify'),
128130
}
129131
self.result.update({
130132
'api_region': api_region,
131133
'api_url': api_config['endpoint'],
132134
'api_key': api_config['key'],
133135
'api_timeout': int(api_config['timeout']),
134136
'api_http_method': api_config['method'],
137+
'api_verify_ssl_cert': api_config['verify'],
135138
})
136139
if not all([api_config['endpoint'], api_config['key'], api_config['secret']]):
137140
self.fail_json(msg="Missing api credentials: can not authenticate")

requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
cs>=0.6.1
1+
cs>=0.9.0

0 commit comments

Comments
 (0)