thecodeassassin
commented
8 years ago @jhaals can you take a look at this please ? :)
Closed thecodeassassin closed 8 years ago
thecodeassassin
commented
8 years ago @jhaals can you take a look at this please ? :)
cheekyhalf
commented
8 years ago Rather than calling out to curl why not use pycurl?
For example:
request_url = urljoin(url, "v1/%s" % (key))
buffer = StringIO()
c = pycurl.Curl()
c.setopt(c.URL, request_url)
c.setopt(c.HTTPHEADER, ['X-Vault-Token: ' + token])
c.setopt(c.WRITEDATA, buffer)
c.perform()
c.close()
result = json.loads(buffer.getvalue())@cheekyhalf because i think adding another dependency is not a good idea plus it doesn't add any real value here.
jhaals
commented
8 years ago I'm not sure this is the right thing to do.
Python is not shipped with ansible and PROTOCOL_TLSv1_2 is supported in python 2.7.9(released in 2014) see docs. So solution to this problem would be upgrading to a newer version of python.
thecodeassassin
commented
8 years ago @jhaals on OSX it is... and i checked the python docs i see that it's supported since 2.7.9. But that would still not work on the version that is installed on OSX. This solution will work cross platform.
thecodeassassin
commented
8 years ago @jhaals but now there is still an issue with the plugin, the problem is not solved yet.
jhaals
commented
8 years ago I'm running Python 2.7.11 on OS X and I don't see the problem there. What's the other issue?
thecodeassassin
commented
8 years ago @jhaals did you test with vault running on HTTPS with a certificate and the following modification (to use the proper TLS version):
if "https" in url:
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
headers = { 'X-Vault-Token' : token }
req = urllib2.Request(request_url, None, headers)
response = urllib2.urlopen(req, context)
output = response.read()I run vault over HTTPS just supporting TLS 1.2
Had to wrap curl because the python version shipped with ansible doesn't support ssl.PROTOCOL_TLSv1_2