search

ansible-collections / netapp.ontap

Ansible collection to support NetApp ONTAP configuration.
https://galaxy.ansible.com/netapp/ontap
GNU General Public License v3.0
56 stars 36 forks source link

Provide cert and key as value instead of filepath #227

Open lvicainne opened 1 month ago

lvicainne commented 1 month ago

Summary

I'm using the netapp.ontap playbooks and would like to connect to the ONTAP clusters I manage over client certificate instead of password. However, these credentials are saved in a vault (not in clear text locally in the filesystem where is run the playbook), and I need to provide these values. Please, can you provide 2 additional parameters key and cert in addition to key_filepath and cert_filepath

Thank you

Component Name

certificate

Additional Information

  login: &login
    hostname: "{{ inventory_hostname }}.{{ dnsdomain }}"
    username: "{{ netapp_username }}"
    password: "{{ netapp_password }}"
    cert: "{{ vault.certvalue}}"
    key: "{{ vault.keyvalue }}"
    https: true
    validate_certs: "{{ validate_certs }}"
csahu9 commented 3 weeks ago

@lvicainne we've story 7157 open for this enhancement.

csahu9 commented 1 day ago

This feature cannot be implemented as Python requests library expects the certificate file paths not the certificate value.

_requests is based on urllib3, which is based on ssl. requests takes your top-level cert parameter and splits it up into parameters named cert_file and keyfile, which get passed to urllib3. urllib3 passes them on, untouched, to ssl. And ssl expects them to be filenames.