Urls client cert auth (#18141)

* Build HTTPSClientAuthHandler more similarly to how HTTPSHandler works * Add docs for new client cert authentication * Support older versions of python * Simplify logic * Initial support for client certs in urls.py * Add an extra test * Add a get_url test for client cert auth * Add additional test for client cert auth, with validation and ssl mismatch * Skip assert when http tester not available * Update version_added for new options
2025-07-22 12:50:22 -07:00 · 2017-04-07 11:54:37 -05:00 · 2017-04-07 11:54:37 -05:00 · 621e27b5dd
commit 621e27b5dd
parent 3934513121
6 changed files with 138 additions and 4 deletions
--- a/test/integration/targets/get_url/tasks/main.yml
+++ b/test/integration/targets/get_url/tasks/main.yml
@ -211,3 +211,18 @@
  get_url: 
    url: https://{{ httpbin_host }}
    dest: "{{ output_dir }}"
+
+
+- name: Test client cert auth, with certs
+  get_url:
+    url: "https://ansible.http.tests/ssl_client_verify"
+    client_cert: "{{ output_dir }}/client.pem"
+    client_key: "{{ output_dir }}/client.key"
+    dest: "{{ output_dir }}/ssl_client_verify"
+  when: has_httptester
+
+- name: Assert that the ssl_client_verify file contains the correct content
+  assert:
+    that:
+      - 'lookup("file", "{{ output_dir }}/ssl_client_verify") == "ansible.http.tests:SUCCESS"'
+  when: has_httptester
--- a/test/integration/targets/prepare_http_tests/tasks/main.yml
+++ b/test/integration/targets/prepare_http_tests/tasks/main.yml
@ -18,6 +18,14 @@
        dest: "/etc/pki/ca-trust/source/anchors/ansible.pem"
      when: ansible_os_family == 'RedHat'

+    - name: Get client cert/key
+      get_url:
+        url: "http://ansible.http.tests/{{ item }}"
+        dest: "{{ output_dir }}/{{ item }}"
+      with_items:
+        - client.pem
+        - client.key
+
    - name: Suse - Retrieve test cacert
      get_url:
        url: "http://ansible.http.tests/cacert.pem"
--- a/test/integration/targets/uri/tasks/main.yml
+++ b/test/integration/targets/uri/tasks/main.yml
@ -332,3 +332,44 @@
    return_content: true
  register: result
  failed_when: result.json.headers['Content-Type'] != 'text/json'
+
+- name: Test client cert auth, no certs
+  uri:
+    url: "https://ansible.http.tests/ssl_client_verify"
+    status_code: 200
+    return_content: true
+  register: result
+  failed_when: result.content != "ansible.http.tests:NONE"
+  when: has_httptester
+
+- name: Test client cert auth, with certs
+  uri:
+    url: "https://ansible.http.tests/ssl_client_verify"
+    client_cert: "{{ output_dir }}/client.pem"
+    client_key: "{{ output_dir }}/client.key"
+    return_content: true
+  register: result
+  failed_when: result.content != "ansible.http.tests:SUCCESS"
+  when: has_httptester
+
+- name: Test client cert auth, with no validation
+  uri:
+    url: "https://fail.ansible.http.tests/ssl_client_verify"
+    client_cert: "{{ output_dir }}/client.pem"
+    client_key: "{{ output_dir }}/client.key"
+    return_content: true
+    validate_certs: no
+  register: result
+  failed_when: result.content != "ansible.http.tests:SUCCESS"
+  when: has_httptester
+
+- name: Test client cert auth, with validation and ssl mismatch
+  uri:
+    url: "https://fail.ansible.http.tests/ssl_client_verify"
+    client_cert: "{{ output_dir }}/client.pem"
+    client_key: "{{ output_dir }}/client.key"
+    return_content: true
+    validate_certs: yes
+  register: result
+  failed_when: not result|failed
+  when: has_httptester