NSO - added validate_certs parameter to allow for ignoring of SSL certificates

lib/ansible/module_utils/network/nso/nso.py

@@ -23,6 +23,7 @@
     username=dict(type='str', required=True, fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])),
     password=dict(type='str', required=True, no_log=True, fallback=(env_fallback, ['ANSIBLE_NET_PASSWORD'])),
     timeout=dict(type='int', default=300),
+    validate_certs=dict(type='bool', default=False)
 )
 
 
@@ -52,10 +53,10 @@ def __init__(self, message, error):
 
 
 class JsonRpc(object):
-    def __init__(self, url, timeout):
+    def __init__(self, url, timeout, validate_certs):
         self._url = url
         self._timeout = timeout
-
+        self._validate_certs = validate_certs
         self._id = 0
         self._trans = {}
         self._headers = {'Content-Type': 'application/json'}
@@ -224,7 +225,8 @@ def _call(self, payload):
         data = json.dumps(payload)
         resp = open_url(
             self._url, timeout=self._timeout,
-            method='POST', data=data, headers=self._headers)
+            method='POST', data=data, headers=self._headers,
+            validate_certs=self._validate_certs)
         if resp.code != 200:
             raise NsoException(
                 'NSO returned HTTP code {0}, expected 200'.format(resp.status), {})
@@ -635,7 +637,9 @@ def _is_empty_leaf(self, schema):
 
 
 def connect(params):
-    client = JsonRpc(params['url'], params['timeout'])
+    client = JsonRpc(params['url'],
+                     params['timeout'],
+                     params['validate_certs'])
     client.login(params['username'], params['password'])
     return client
 

lib/ansible/plugins/doc_fragments/nso.py

@@ -25,4 +25,9 @@ class ModuleDocFragment(object):
     type: int
     default: 300
     version_added: "2.6"
+  validate_certs:
+    description: When set to true, validates the SSL certificate of NSO when
+                 using SSL
+    required: false
+    default: false
 '''

test/units/module_utils/network/nso/test_nso.py

@@ -331,7 +331,7 @@ def read(self):
         return self.body
 
 
-def mock_call(calls, url, timeout, data=None, headers=None, method=None):
+def mock_call(calls, url, timeout, validate_certs, data=None, headers=None, method=None):
     result = calls[0]
     del calls[0]
 
@@ -366,7 +366,7 @@ def test_exists(self, open_url_mock):
             MockResponse('exists', {'path': '/not-exists'}, 200, '{"result": {"exists": false}}')
         ]
         open_url_mock.side_effect = lambda *args, **kwargs: mock_call(calls, *args, **kwargs)
-        client = nso.JsonRpc('http://localhost:8080/jsonrpc', 10)
+        client = nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False)
         self.assertEquals(True, client.exists('/exists'))
         self.assertEquals(False, client.exists('/not-exists'))
 
@@ -379,7 +379,7 @@ def test_exists_data_not_found(self, open_url_mock):
             MockResponse('exists', {'path': '/list{missing-parent}/list{child}'}, 200, '{"error":{"type":"data.not_found"}}')
         ]
         open_url_mock.side_effect = lambda *args, **kwargs: mock_call(calls, *args, **kwargs)
-        client = nso.JsonRpc('http://localhost:8080/jsonrpc', 10)
+        client = nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False)
         self.assertEquals(False, client.exists('/list{missing-parent}/list{child}'))
 
         self.assertEqual(0, len(calls))
@@ -400,7 +400,7 @@ def test_identityref_leaf(self, open_url_mock):
             SCHEMA_DATA['/an:id-name-leaf'])
         schema = schema_data['data']
 
-        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10))
+        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False))
         vb.build(parent, None, 'ansible-nso:id-two', schema)
         self.assertEquals(1, len(vb.values))
         value = vb.values[0]
@@ -425,7 +425,7 @@ def test_identityref_key(self, open_url_mock):
             SCHEMA_DATA['/an:id-name-values/id-name-value'])
         schema = schema_data['data']
 
-        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10))
+        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False))
         vb.build(parent, 'id-name-value', [{'name': 'ansible-nso:id-one', 'value': '1'}], schema)
         self.assertEquals(1, len(vb.values))
         value = vb.values[0]
@@ -450,7 +450,7 @@ def test_nested_choice(self, open_url_mock):
             SCHEMA_DATA['/test:test'])
         schema = schema_data['data']
 
-        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10))
+        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False))
         vb.build(parent, None, [{'name': 'direct', 'direct-child': 'direct-value'},
                                 {'name': 'nested', 'nested-child': 'nested-value'}], schema)
         self.assertEquals(2, len(vb.values))
@@ -480,7 +480,7 @@ def test_leaf_list_type(self, open_url_mock):
             SCHEMA_DATA['/test:test'])
         schema = schema_data['data']
 
-        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10))
+        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False))
         vb.build(parent, None, {'device-list': ['one', 'two']}, schema)
         self.assertEquals(1, len(vb.values))
         value = vb.values[0]
@@ -503,7 +503,7 @@ def test_leaf_list_type_45(self, open_url_mock):
             SCHEMA_DATA['/test:test'])
         schema = schema_data['data']
 
-        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10))
+        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False))
         vb.build(parent, None, {'device-list': ['one', 'two']}, schema)
         self.assertEquals(3, len(vb.values))
         value = vb.values[0]
@@ -537,7 +537,7 @@ def test_sort_by_deps(self, open_url_mock):
             'c': '3',
         }
 
-        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10))
+        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False))
         vb.build(parent, None, values, schema)
         self.assertEquals(3, len(vb.values))
         value = vb.values[0]
@@ -570,7 +570,7 @@ def test_sort_by_deps_not_included(self, open_url_mock):
             'b': '2'
         }
 
-        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10))
+        vb = nso.ValueBuilder(nso.JsonRpc('http://localhost:8080/jsonrpc', 10, False))
         vb.build(parent, None, values, schema)
         self.assertEquals(2, len(vb.values))
         value = vb.values[0]

test/units/modules/network/nso/nso_module.py

@@ -55,7 +55,7 @@ def read(self):
         return self.body
 
 
-def mock_call(calls, url, timeout, data=None, headers=None, method=None):
+def mock_call(calls, url, timeout, validate_certs, data=None, headers=None, method=None):
     if len(calls) == 0:
         raise ValueError('no call mock for method {0}({1})'.format(
             url, data))

test/units/modules/network/nso/test_nso_action.py

@@ -48,7 +48,8 @@ def test_nso_action_missing(self, open_url_mock):
             'username': 'user', 'password': 'password',
             'url': 'http://localhost:8080/jsonrpc',
             'path': path,
-            'input': action_input
+            'input': action_input,
+            'validate_certs': False
         })
         self.execute_module(failed=True, msg='NSO get_schema invalid params. path = /ncs:devices/device{ce0}/missing')
 
@@ -72,7 +73,8 @@ def test_nso_action_not_action(self, open_url_mock):
             'username': 'user', 'password': 'password',
             'url': 'http://localhost:8080/jsonrpc',
             'path': path,
-            'input': action_input
+            'input': action_input,
+            'validate_certs': False
         })
         self.execute_module(failed=True, msg='/ncs:devices/device{ce0}/description is not an action')
 
@@ -98,7 +100,8 @@ def test_nso_action_ok(self, open_url_mock):
             'username': 'user', 'password': 'password',
             'url': 'http://localhost:8080/jsonrpc',
             'path': path,
-            'input': action_input
+            'input': action_input,
+            'validate_certs': False
         })
         self.execute_module(changed=True, output=output)
 
@@ -126,7 +129,8 @@ def test_nso_action_validate_ok(self, open_url_mock):
             'url': 'http://localhost:8080/jsonrpc',
             'path': path,
             'input': action_input,
-            'output_required': output
+            'output_required': output,
+            'validate_certs': False
         })
         self.execute_module(changed=True, output=output)
 
@@ -154,7 +158,8 @@ def test_nso_action_validate_failed(self, open_url_mock):
             'url': 'http://localhost:8080/jsonrpc',
             'path': path,
             'input': action_input,
-            'output_required': output_mismatch
+            'output_required': output_mismatch,
+            'validate_certs': False
         })
         self.execute_module(failed=True, msg="version value mismatch. expected [{'name': 'v1'}, {'name': 'v3'}] got [{'name': 'v1'}, {'name': 'v2'}]")
 

test/units/modules/network/nso/test_nso_config.py

@@ -49,7 +49,8 @@ def _test_invalid_version(self, open_url_mock, version):
         data = nso_module.load_fixture('config_config.json')
         set_module_args({
             'username': 'user', 'password': 'password',
-            'url': 'http://localhost:8080/jsonrpc', 'data': data
+            'url': 'http://localhost:8080/jsonrpc', 'data': data,
+            'validate_certs': False
         })
         self.execute_module(failed=True)
 
@@ -77,7 +78,8 @@ def _test_valid_version(self, open_url_mock, version):
         data = nso_module.load_fixture('config_empty_data.json')
         set_module_args({
             'username': 'user', 'password': 'password',
-            'url': 'http://localhost:8080/jsonrpc', 'data': data
+            'url': 'http://localhost:8080/jsonrpc', 'data': data,
+            'validate_certs': False
         })
         self.execute_module(changed=False, changes=[], diffs=[])
 
@@ -120,7 +122,8 @@ def test_nso_config_changed(self, open_url_mock):
         data = nso_module.load_fixture('config_config.json')
         set_module_args({
             'username': 'user', 'password': 'password',
-            'url': 'http://localhost:8080/jsonrpc', 'data': data
+            'url': 'http://localhost:8080/jsonrpc', 'data': data,
+            'validate_certs': False
         })
         self.execute_module(changed=True, changes=[
             {'path': '/l3vpn:vpn/l3vpn{company}/endpoint{branch-office1}/ce-device', 'type': 'set', 'from': None, 'to': 'ce6'},

test/units/modules/network/nso/test_nso_query.py

@@ -48,7 +48,8 @@ def test_nso_query(self, open_url_mock):
             'username': 'user', 'password': 'password',
             'url': 'http://localhost:8080/jsonrpc',
             'xpath': xpath,
-            'fields': fields
+            'fields': fields,
+            'validate_certs': False
         })
         self.execute_module(changed=False, output=[["test", "1.0"]])
 

test/units/modules/network/nso/test_nso_show.py

@@ -91,7 +91,8 @@ def test_nso_show_config_and_oper(self, open_url_mock):
             'username': 'user', 'password': 'password',
             'url': 'http://localhost:8080/jsonrpc',
             'path': path,
-            'operational': True
+            'operational': True,
+            'validate_certs': False
         })
         self.execute_module(changed=False, output={"data": {}})
 

test/units/modules/network/nso/test_nso_verify.py

@@ -101,7 +101,8 @@ def test_nso_verify_ok(self, open_url_mock):
         data = nso_module.load_fixture('verify_violation_data.json')
         set_module_args({
             'username': 'user', 'password': 'password',
-            'url': 'http://localhost:8080/jsonrpc', 'data': data
+            'url': 'http://localhost:8080/jsonrpc', 'data': data,
+            'validate_certs': False
         })
         self.execute_module(changed=False)