ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-04-18 16:31:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

plugins/inventory/lxd: add server_cert option (#7392)

Browse source 
* plugins/module_utils/lxd: add server_cert_file and server_check_hostname params to LXDClient class

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>

* plugins/inventory/lxd: add server_cert and server_check_hostname options

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>

* Add changelog fragment

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>

---------

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
This commit is contained in:
Simon Deziel 2023-10-25 06:47:48 +00:00 committed by GitHub
parent c7150dd818
commit 58846a6203
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
plugins/module_utils/lxd.py
View file

@ -41,7 +41,7 @@ class LXDClientException(Exception):
class LXDClient(object):
def __init__(self, url, key_file=None, cert_file=None, debug=False):
def __init__(self, url, key_file=None, cert_file=None, debug=False, server_cert_file=None, server_check_hostname=True):
"""LXD Client.
:param url: The URL of the LXD server. (e.g. unix:/var/lib/lxd/unix.socket or https://127.0.0.1)
@ -52,6 +52,10 @@ class LXDClient(object):
:type cert_file: ``str``
:param debug: The debug flag. The request and response are stored in logs when debug is true.
:type debug: ``bool``
:param server_cert_file: The path of the server certificate file.
:type server_cert_file: ``str``
:param server_check_hostname: Whether to check the server's hostname as part of TLS verification.
:type debug: ``bool``
"""
self.url = url
self.debug = debug
@ -61,6 +65,10 @@ class LXDClient(object):
self.key_file = key_file
parts = generic_urlparse(urlparse(self.url))
ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
if server_cert_file:
# Check that the received cert is signed by the provided server_cert_file
ctx.load_verify_locations(cafile=server_cert_file)
ctx.check_hostname = server_check_hostname
ctx.load_cert_chain(cert_file, keyfile=key_file)
self.connection = HTTPSConnection(parts.get('netloc'), context=ctx)
elif url.startswith('unix:'):