Fixes an issue when using vault with HTTPS (tls 1.2)

[thecodeassassin]

Had to wrap curl because the python version shipped with ansible doesn't support ssl.PROTOCOL_TLSv1_2

[thecodeassassin]

@jhaals can you take a look at this please ? :)

[cheekyhalf]

Rather than calling out to curl why not use pycurl?

For example:

request_url = urljoin(url, "v1/%s" % (key))
buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, request_url)
c.setopt(c.HTTPHEADER, ['X-Vault-Token: ' + token])
c.setopt(c.WRITEDATA, buffer)
c.perform()
c.close()
result = json.loads(buffer.getvalue())

[thecodeassassin]

@cheekyhalf because i think adding another dependency is not a good idea
plus it doesn't add any real value here.

[jhaals]

I'm not sure this is the right thing to do.
Python is not shipped with ansible and PROTOCOL_TLSv1_2 is supported in python 2.7.9(released in 2014) see docs. So solution to this problem would be upgrading to a newer version of python.

[thecodeassassin]

@jhaals on OSX it is... and i checked the python docs i see that it's supported since 2.7.9. But that would still not work on the version that is installed on OSX. This solution will work cross platform.

[thecodeassassin]

@jhaals but now there is still an issue with the plugin, the problem is not solved yet.

[jhaals]

I'm running Python 2.7.11 on OS X and I don't see the problem there.
What's the other issue?

[thecodeassassin]

@jhaals did you test with vault running on HTTPS with a certificate and the following modification (to use the proper TLS version):

            if "https" in url:
                context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
                headers = { 'X-Vault-Token' : token }
                req = urllib2.Request(request_url, None, headers)
                response = urllib2.urlopen(req, context)
                output = response.read()

[jhaals]

I run vault over HTTPS just supporting TLS 1.2