Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document setting PYTHONHTTPSVERIFY to 0 for disabling SSL validation in the jenkins_job module #255

Closed
gustavomcarmo opened this issue Apr 30, 2020 · 7 comments · Fixed by #1977
Closed

Document setting PYTHONHTTPSVERIFY to 0 for disabling SSL validation in the jenkins_job module #255

gustavomcarmo opened this issue Apr 30, 2020 · 7 comments · Fixed by #1977
Labels
easyfix Good for new comers and easy to start with contribution has_pr module module web_infrastructure

Comments

@gustavomcarmo
Copy link

gustavomcarmo commented Apr 30, 2020
edited
Loading

SUMMARY

Once the jenkins_job module does not have the validate_certs parameter to set to false for disabling the validation of an eventual self-signed certificate of the Jenkins instance, please document that as a workaround the environment variable PYTHONHTTPSVERIFY can be set to 0 so the behaviour of the task will be the same.

- name: Config the job
  jenkins_job:
    config: "{{ lookup('file', 'job-config.xml') }}"
    name: myjob
    url: "{{ url }}"
    user: "{{ username }}"
    password: "{{ password }}"
  environment:
    PYTHONHTTPSVERIFY: 0
ISSUE TYPE
  • Documentation Report
COMPONENT NAME

jenkins_job

ANSIBLE VERSION
ansible 2.9.6
  config file = None
  configured module search path = ['/home/gustavomcarmo/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/gustavomcarmo/.local/lib/python3.6/site-packages/ansible
  executable location = /home/gustavomcarmo/.local/bin/ansible
  python version = 3.6.9 (default, Nov  7 2019, 10:44:02) [GCC 8.3.0]
@ansibullbot
Copy link
Collaborator

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot
Copy link
Collaborator

cc @nerzhul @sermilrod
click here for bot help

@Akasurde Akasurde added the easyfix Good for new comers and easy to start with contribution label Dec 14, 2020
@russoz
Copy link
Collaborator

russoz commented Feb 9, 2021

@gustavomcarmo Wouldn't it make more sense to implement the validate_certs parameter in the jenkins_job module ?

@russoz
Copy link
Collaborator

russoz commented Feb 9, 2021

... and then I did my homework and I saw this is not as trivial as expected. I do have a suggestion: instead of documenting how to work around that, why not add a validate_certs parameter on the module interface and hide the implementation from the user?

And speaking of implementation, I have seen this piece https://bugs.launchpad.net/python-jenkins/+bug/1677041/comments/7 about PYTHONHTTPSVERIFY, but I have also seen this other one: https://stackoverflow.com/questions/41701396/python-jenkinsapi-ignore-certificate#comment95651601_41701718 that looks interesting, if it works.

Any of these options may be implemented behind a validate_certs parameter. What do you think?

@gustavomcarmo
Copy link
Author

Hi @russoz I agree with you :)

@russoz
Copy link
Collaborator

russoz commented Feb 16, 2021

Beleza! =)

I got a couple of other issues I am planning to work with first, as soon as I move past those, I will be taking on this one.

@russoz russoz mentioned this issue Mar 7, 2021
Merged
@russoz
Copy link
Collaborator

russoz commented Mar 7, 2021

@gustavomcarmo could you please validate that the PR #1977 works?

@patchback patchback bot mentioned this issue Mar 11, 2021
Merged
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this issue Apr 2, 2021
ansible: updated to 3.2.0
d789ad6 
v3.2.0

community.crypto
- acme module_utils - the ``acme`` module_utils has been split up into several Python modules (ansible-collections/community.crypto#184).
- acme_* modules - codebase refactor which should not be visible to end-users (ansible-collections/community.crypto#184).
- acme_* modules - support account key passphrases for ``cryptography`` backend (ansible-collections/community.crypto#197, ansible-collections/community.crypto#207).
- acme_certificate_revoke - support revoking by private keys that are passphrase protected for ``cryptography`` backend (ansible-collections/community.crypto#207).
- acme_challenge_cert_helper - add ``private_key_passphrase`` parameter (ansible-collections/community.crypto#207).

community.docker
- docker_swarm_service - change ``publish.published_port`` option from mandatory to optional. Docker will assign random high port if not specified (ansible-collections/community.docker#99).

community.general
- archive - refactored some reused code out into a couple of functions (ansible-collections/community.general#2061).
- csv module utils - new module_utils for shared functions between ``from_csv`` filter and ``read_csv`` module (ansible-collections/community.general#2037).
- ipa_sudorule - add support for setting sudo runasuser (ansible-collections/community.general#2031).
- jenkins_job - add a ``validate_certs`` parameter that allows disabling TLS/SSL certificate validation (ansible-collections/community.general#255).
- kibana_plugin - add parameter for passing ``--allow-root`` flag to kibana and kibana-plugin commands (ansible-collections/community.general#2014).
- proxmox - added ``purge`` module parameter for use when deleting lxc's with HA options (ansible-collections/community.general#2013).
- proxmox inventory plugin - added ``tags_parsed`` fact containing tags parsed as a list (ansible-collections/community.general#1949).
- proxmox_kvm - added new module parameter ``tags`` for use with PVE 6+ (ansible-collections/community.general#2000).
- rax - elements of list parameters are now validated (ansible-collections/community.general#2006).
- rax_cdb_user - elements of list parameters are now validated (ansible-collections/community.general#2006).
- rax_scaling_group - elements of list parameters are now validated (ansible-collections/community.general#2006).
- read_csv - refactored read_csv module to use shared csv functions from csv module_utils (ansible-collections/community.general#2037).
- redfish_* modules, redfish_utils module utils - add support for Redfish session create, delete, and authenticate (ansible-collections/community.general#1975).
- snmp_facts - added parameters ``timeout`` and ``retries`` to module (ansible-collections/community.general#980).
- vdo - add ``force`` option (ansible-collections/community.general#2101).

community.network
- edgeos_config - match the space after ``set`` and ``delete`` commands (ansible-collections/community.network#199).
- nclu - execute ``net commit description <description>`` only if changed ``net pending``'s diff field (ansible-collections/community.network#219).

community.postgresql
- postgresql_info - add the ``patch``, ``full``, and ``raw`` values of the ``version`` return value (ansible-collections/community.postgresql#68).
- postgresql_ping - add the ``patch``, ``full``, and ``raw`` values of the ``server_version`` return value (ansible-collections/community.postgresql#70).

community.zabbix
- zabbix_agent - added support for installations on arm64 systems (ansible-collections/community.zabbix#320).
- zabbix_proxy - now supports configuring StatsAllowedIP (ansible-collections/community.zabbix#337).
- zabbix_server - added support for installtions on arm64 systems (ansible-collections/community.zabbix#320).
- zabbix_web - added support for installtions on arm64 systems (ansible-collections/community.zabbix#320).

dellemc.openmanage
- ome_template - Allows to deploy a template on device groups.

hetzner.hcloud
- Add firewalls to hcloud_server module

ovirt.ovirt
- cluster_upgrade - Add correlation-id header (oVirt/ovirt-ansible-collection#222).
- engine_setup - Add skip renew pki confirm (oVirt/ovirt-ansible-collection#228).
- examples - Add recipe for removing DM device (oVirt/ovirt-ansible-collection#233).
- hosted_engine_setup - Filter devices with unsupported bond mode (oVirt/ovirt-ansible-collection#226).
- infra - Add reboot host parameters (oVirt/ovirt-ansible-collection#231).
- ovirt_disk - Add SATA support (oVirt/ovirt-ansible-collection#225).
- ovirt_user - Add ssh_public_key (oVirt/ovirt-ansible-collection#232)

purestorage.flasharray
- purefa_maintenance - New module to set maintenance windows
- purefa_pg - Add support to rename protection groups
- purefa_syslog - Add support for naming SYSLOG servers for Purity//FA 6.1 or higher

purestorage.flashblade
- purefb_certs - Add update functionality for array cert
- purefb_fs - Add multiprotocol ACL support
- purefb_info - Add information regarding filesystem multiprotocol (where available)
- purefb_info - Add new parameter to provide details on admin users
- purefb_info - Add replication performace statistics
- purefb_s3user - Add ability to remove an S3 users existing access key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
easyfix Good for new comers and easy to start with contribution has_pr module module web_infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

jenkins_job - added validate_certs parameter, setting the PYTHONHTTPSVERIFY env var
4 participants
@russoz @Akasurde @gustavomcarmo @ansibullbot