diff options
author | James Cammarata <jcammarata@ansibleworks.com> | 2014-02-13 12:12:08 -0600 |
---|---|---|
committer | James Cammarata <jcammarata@ansibleworks.com> | 2014-02-13 12:32:49 -0600 |
commit | 056d54ebd344178db96c9d10b40394b593e3bdda (patch) | |
tree | 6a1354dd328ba8e5678721b0fe57ded720a771fd /lib/ansible | |
parent | eaced05a7751484a481ab8b78b3a2c502f434395 (diff) | |
download | ansible-056d54ebd344178db96c9d10b40394b593e3bdda.tar.gz |
Adding 'validate_certs' option to EC2 modules
When disabled, the boto connection will be instantiated without validating
the SSL certificate from the target endpoint. This allows the modules to connect
to Eucalyptus instances running with self-signed certs without errors.
Fixes #3978
Diffstat (limited to 'lib/ansible')
-rw-r--r-- | lib/ansible/module_utils/ec2.py | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/ansible/module_utils/ec2.py b/lib/ansible/module_utils/ec2.py index bbcd30be21..2bdfe35afe 100644 --- a/lib/ansible/module_utils/ec2.py +++ b/lib/ansible/module_utils/ec2.py @@ -1,3 +1,9 @@ +try: + from distutils.version import LooseVersion + HAS_LOOSE_VERSION = True +except: + HAS_LOOSE_VERSION = False + AWS_REGIONS = ['ap-northeast-1', 'ap-southeast-1', 'ap-southeast-2', @@ -14,6 +20,7 @@ def ec2_argument_spec(): ec2_url=dict(), ec2_secret_key=dict(aliases=['aws_secret_key', 'secret_key'], no_log=True), ec2_access_key=dict(aliases=['aws_access_key', 'access_key']), + validate_certs=dict(default=True, type='bool'), ) @@ -62,17 +69,24 @@ def ec2_connect(module): """ Return an ec2 connection""" ec2_url, aws_access_key, aws_secret_key, region = get_ec2_creds(module) + validate_certs = module.get('validate_certs', True) # If we have a region specified, connect to its endpoint. if region: try: - ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) + if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"): + ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key, validate_certs=validate_certs) + else: + ec2 = boto.ec2.connect_to_region(region, aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key) except boto.exception.NoAuthHandlerFound, e: module.fail_json(msg = str(e)) # Otherwise, no region so we fallback to the old connection method elif ec2_url: try: - ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key) + if HAS_LOOSE_VERSION and LooseVersion(boto.Version) >= LooseVersion("2.6.0"): + ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key, validate_certs=validate_certs) + else: + ec2 = boto.connect_ec2_endpoint(ec2_url, aws_access_key, aws_secret_key) except boto.exception.NoAuthHandlerFound, e: module.fail_json(msg = str(e)) else: |