Module setting of validate_certs is ignored for Apypie module when using Vagrant

[ephracis]

SUMMARY

When executing Ansible via Vagrant the module setting validate_certs: False is ignored.

ISSUE TYPE

• Bug Report

ANSIBLE VERSION

2.8.0

KATELLO/FOREMAN VERSION

1.21.3

NAILGUN VERSION

0.32.0

STEPS TO REPRODUCE

Execute Ansible via Vagrant against a self-signed Foreman with validate_certs set to False.

EXPECTED RESULTS

The module is executed properly.

ACTUAL RESULTS

Failed to connect to Foreman server: HTTPSConnectionPool(host='foreman.example.com', port=443): Max retries exceeded with url: /api/status (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

CAUSE

This is because of how the verify flag is passed from Apypie into Pythons requests.

Right now the value for validate_certs is set as a property on the request object. When session.request() is executed it will do the following in merge_environment_settings in sessions.py:

• Check the argument value for verify if it is None, which it is
• Override the session property with the following environment variables:
  • REQUESTS_CA_BUNDLE
  • CURL_CA_BUNDLE (this is set by Vagrant to /opt/vagrant/embedded/cacert.pem)

The request is then made but with the session property of verify overridden.

SOLUTION

Pass the verify as an argument instead of setting it as merely a property on the session object. This will make sure it is honored properly when set to False even when there are environment variables.

I have a PR here which does this in Apypie: https://github.com/Apipie/apypie/pull/25

[evgeni]

Thanks! I've merged the PR to apypie. Should probably release a new version soon and then close this by requiring the new version.

[evgeni]

apypie 0.0.2 is available, closing this now