From d5cfc54ef4b0636b8b83da9123303ad010d44263 Mon Sep 17 00:00:00 2001
From: Kevin Breit <kevin.breit@kevinbreit.net>
Date: Thu, 5 Apr 2018 07:29:33 -0500
Subject: [PATCH] Validate SSL in panos_import (#36972)

* Fix bug 36936

* Added version_added to argument and fixed whitespace

* Update panos_import documentation

Update parameter documentation and add note.

* Add type documentation

* added version number for documentation

For real

* Integrated recommended changes

- Added recommended changes from PR

* Changed validate_ssl default back to True considering there is a
note at the top of documentation explaining change

* Format changes based on recommendations from gundalow

* Rename validate_ssl to validate_cert

* Change description to remove SSL reference

* Change url default ih documentation

* Integrated small changes from bug report
- Renamed validate_cert to validate_certs
- Changed documentation for disabling cert validation
---
 lib/ansible/modules/network/panos/panos_import.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/ansible/modules/network/panos/panos_import.py b/lib/ansible/modules/network/panos/panos_import.py
index 64496463ff..e7dff9d18b 100644
--- a/lib/ansible/modules/network/panos/panos_import.py
+++ b/lib/ansible/modules/network/panos/panos_import.py
@@ -25,6 +25,9 @@ module: panos_import
 short_description: import file on PAN-OS devices
 description:
     - Import file on PAN-OS device
+notes:
+    - API reference documentation can be read from the C(/api/) directory of your appliance
+    - Certificate validation is enabled by default as of Ansible 2.6. This may break existing playbooks but should be disabled with caution.
 author: "Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer)"
 version_added: "2.3"
 requirements:
@@ -47,6 +50,7 @@ options:
     category:
         description:
             - Category of file uploaded. The default is software.
+            - See API > Import section of the API reference for category options.
         default: software
     file:
         description:
@@ -54,6 +58,12 @@ options:
     url:
         description:
             - URL of the file that will be imported to device.
+    validate_certs:
+        description:
+            - If C(no), SSL certificates will not be validated. Disabling certificate validation is not recommended.
+        default: yes
+        type: bool
+        version_added: "2.6"
 '''
 
 EXAMPLES = '''
@@ -113,7 +123,7 @@ def import_file(xapi, module, ip_address, file_, category):
 
     r = requests.post(
         'https://' + ip_address + '/api/',
-        verify=False,
+        verify=module.params['validate_certs'],
         params=params,
         headers={'Content-Type': mef.content_type},
         data=mef
@@ -150,7 +160,8 @@ def main():
         username=dict(default='admin'),
         category=dict(default='software'),
         file=dict(),
-        url=dict()
+        url=dict(),
+        validate_certs=dict(type='bool', default=True),
     )
     module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, required_one_of=[['file', 'url']])
     if not HAS_LIB: