ldap_attr, ldap_entry: Add validate_certs option #24060
Conversation
|
The test |
ansibot
added
affects_2.4
| bind_dn: cn=Directory Manager | ||
| bind_pw: password | ||
| objectClass: organizationalUnit | ||
| validate_certs: True |
There was a problem hiding this comment.
This line doesn't make much sense if the default value is True. The whole example is redundant. Please remove it.
There was a problem hiding this comment.
I would prefer to have a example with validate_certs: no.
There was a problem hiding this comment.
You don't have to have examples with all possible options. Please remove the example entirely.
| @@ -101,6 +101,12 @@ | |||
| default: present | |||
| description: | |||
| - The target state of the entry. | |||
| validate_certs: | |||
| required: false | |||
| choices: [true, false] | |||
There was a problem hiding this comment.
This should be:
['yes', 'no']
| choices: [true, false] | ||
| default: true | ||
| description: | ||
| - If false, will ignore self-signed certificates of server and connect |
There was a problem hiding this comment.
It should be (decoration around the no and period at the end of the sentence):
- If set to C(no), it will ignore self-signed certificates of server and connect.
| @@ -268,17 +287,18 @@ def main(): | |||
| 'server_uri': dict(default='ldapi:///'), | |||
| 'start_tls': dict(default=False, type='bool'), | |||
| 'state': dict(default='present', choices=['present', 'absent']), | |||
| 'validate_certs': dict(default=True, type='bool'), | |||
There was a problem hiding this comment.
I thing the option should be called verify_cert.
There was a problem hiding this comment.
Actually, the option validate_certs is also used in the get_url module. I think we should keep it in sync with other modules.
ansibot
added
needs_rebase
gundalow
added
net_tools
gundalow
changed the title
| choices: [true, false] | ||
| default: true | ||
| description: | ||
| - If false, will ignore self-signed certificates of server and connect |
There was a problem hiding this comment.
description:
- If C(no), SSL certificates will not be validated. This should only be used
on personally controlled sites using self-signed certificates.
version_added: "2.4"
| @@ -101,6 +101,12 @@ | |||
| default: present | |||
| description: | |||
| - The target state of the entry. | |||
| validate_certs: | |||
There was a problem hiding this comment.
Update as per other modules
| @@ -101,6 +101,13 @@ | |||
| - The value(s) to add or remove. This can be a string or a list of | |||
| strings. The complex argument format is required in order to pass | |||
| a list of strings (see examples). | |||
| validate_cert: | |||
There was a problem hiding this comment.
This should be validate_certs as per other modules (e.g. get_url). The same anywhere else in the code.
| server_uri: ldaps://localhost | ||
| bind_dn: cn=admin,dc=example,dc=com | ||
| bind_pw: password | ||
| validate_cert: no |
There was a problem hiding this comment.
As I said, it's not really necessary to demonstrate every option. Please remove this example.
ansibot
removed
ci_verified
|
ready_for_review |
|
Please change to |
|
@gundalow I think that it's not necessary to mention that it should only be used on personally controlled sites. I would change it to this: |
This fix adds a module option `validate_certs' to check self-signed certificate of LDAP server. Fixes ansible#24009 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
|
Merged, thanks for the PR and the reviews. |
|
@gundalow Thanks a lot. |
ansibot
added
bug
SUMMARY
This fix adds a module option `validate_certs' to check
self-signed certificate of LDAP server.
Fixes #24009
Signed-off-by: Abhijeet Kasurde akasurde@redhat.com
ISSUE TYPE
COMPONENT NAME
lib/ansible/modules/network/ldap_attr.py
lib/ansible/modules/network/ldap_entry.py
ANSIBLE VERSION