Switch etcd and url lookup plugins to verify ssl certificates

2025-07-24 13:50:22 -07:00 · 2015-06-12 12:32:02 -07:00 · 2015-06-12 12:32:02 -07:00 · 77c76e632e
commit 77c76e632e
parent 4161d78a94
2 changed files with 27 additions and 17 deletions
--- a/lib/ansible/plugins/lookup/etcd.py
+++ b/lib/ansible/plugins/lookup/etcd.py
@ -18,23 +18,25 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 import os
-import urllib2
+
 try:
    import json
 except ImportError:
    import simplejson as json
 from ansible.plugins.lookup import LookupBase
 from ansible.module_utils.urls import open_url
 # this can be made configurable, not should not use ansible.cfg
 ANSIBLE_ETCD_URL = 'http://127.0.0.1:4001'
 if os.getenv('ANSIBLE_ETCD_URL') is not None:
    ANSIBLE_ETCD_URL = os.environ['ANSIBLE_ETCD_URL']
-class etcd():
+class Etcd:
-    def __init__(self, url=ANSIBLE_ETCD_URL):
+    def __init__(self, url=ANSIBLE_ETCD_URL, validate_certs):
        self.url = url
        self.baseurl = '%s/v1/keys' % (self.url)
        self.validate_certs = validate_certs
    def get(self, key):
        url = "%s/%s" % (self.baseurl, key)
@ -42,7 +44,7 @@ class etcd():
        data = None
        value = ""
        try:
-            r = urllib2.urlopen(url)
+            r = open_url(url, validate_certs=self.validate_certs)
            data = r.read()
        except:
            return value
@ -67,7 +69,9 @@ class LookupModule(LookupBase):
        if isinstance(terms, basestring):
            terms = [ terms ]
-        etcd = etcd()
+        validate_certs = kwargs.get('validate_certs', True)
        etcd = Etcd(validate_certs=validate_certs)
        ret = []
        for term in terms:
--- a/lib/ansible/plugins/lookup/url.py
+++ b/lib/ansible/plugins/lookup/url.py
@ -17,30 +17,36 @@
 from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 from ansible.plugins.lookup import LookupBase
 import urllib2
 from ansible.errors import AnsibleError
 from ansible.plugins.lookup import LookupBase
 from ansible.module_utils.urls import open_url, ConnectionError, SSLValidationError
 from ansible.utils.unicode import to_unicode
 class LookupModule(LookupBase):
-    def run(self, terms, inject=None, **kwargs):
+    def run(self, terms, variables=None, **kwargs):
        if isinstance(terms, basestring):
            terms = [ terms ]
        validate_certs = kwargs.get('validate_certs', True)
        ret = []
        for term in terms:
            try:
-                r = urllib2.Request(term)
+                response = open_url(term, validate_certs=validate_certs)
-                response = urllib2.urlopen(r)
+            except urllib2.URLError as e:
-            except URLError as e:
+                raise AnsibleError("Failed lookup url for %s : %s" % (term, str(e)))
-                utils.warnings("Failed lookup url for %s : %s" % (term, str(e)))
+            except urllib2.HTTPError as e:
-                continue
+                raise AnsibleError("Received HTTP error for %s : %s" % (term, str(e)))
-            except HTTPError as e:
+            except SSLValidationError as e:
-                utils.warnings("Received HTTP error for %s : %s" % (term, str(e)))
+                raise AnsibleError("Error validating the server's certificate for %s: %s" % (term, str(e)))
-                continue
+            except ConnectionError as e:
                raise AnsibleError("Error connecting to %s: %s" % (term, str(e)))
            for line in response.read().splitlines():
-                ret.append(line)
+                ret.append(to_unicode(line))
        return ret