ansible-collections/community.docker
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.docker.git synced 2026-03-15 11:53:31 +00:00
Code Packages Projects Releases Wiki Activity

Do not set assert_hostname / tls_hostname automatically in certain situations. (#1226)

Browse Source
This commit is contained in:
Felix Fontein 2025-12-30 20:28:25 +01:00 committed by GitHub
parent d7b2e99b77
commit 5ba7b555a0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/1226-docker-sdk-tls.yml Normal file
View File

@ -0,0 +1,2 @@
bugfixes:
- "modules and plugins using the Docker SDK for Python - do not automatically set ``tls_hostname`` when ``validate_certs=true`` for Docker SDK for Python 7.0.0+ (https://github.com/ansible-collections/community.docker/issues/1225, https://github.com/ansible-collections/community.docker/pull/1226)."

12
plugins/module_utils/_common.py
View File

@ -140,25 +140,24 @@ def get_connect_params(
if auth_data["tls_verify"]: if auth_data["tls_verify"]:
# TLS with verification # TLS with verification
tls_config = { tls_config: dict[str, t.Any] = {
"verify": True, "verify": True,
"assert_hostname": auth_data["tls_hostname"],
"fail_function": fail_function,
} }
if auth_data["tls_hostname"] is not None:
tls_config["assert_hostname"] = auth_data["tls_hostname"]
if auth_data["cert_path"] and auth_data["key_path"]: if auth_data["cert_path"] and auth_data["key_path"]:
tls_config["client_cert"] = (auth_data["cert_path"], auth_data["key_path"]) tls_config["client_cert"] = (auth_data["cert_path"], auth_data["key_path"])
if auth_data["cacert_path"]: if auth_data["cacert_path"]:
tls_config["ca_cert"] = auth_data["cacert_path"] tls_config["ca_cert"] = auth_data["cacert_path"]
result["tls"] = _get_tls_config(**tls_config) result["tls"] = _get_tls_config(fail_function=fail_function, **tls_config)
elif auth_data["tls"]: elif auth_data["tls"]:
# TLS without verification # TLS without verification
tls_config = { tls_config = {
"verify": False, "verify": False,
"fail_function": fail_function,
} }
if auth_data["cert_path"] and auth_data["key_path"]: if auth_data["cert_path"] and auth_data["key_path"]:
tls_config["client_cert"] = (auth_data["cert_path"], auth_data["key_path"]) tls_config["client_cert"] = (auth_data["cert_path"], auth_data["key_path"])
result["tls"] = _get_tls_config(**tls_config) result["tls"] = _get_tls_config(fail_function=fail_function, **tls_config)
if auth_data.get("use_ssh_client"): if auth_data.get("use_ssh_client"):
if LooseVersion(docker_version) < LooseVersion("4.4.0"): if LooseVersion(docker_version) < LooseVersion("4.4.0"):
@ -372,6 +371,7 @@ class AnsibleDockerClientBase(Client):
), ),
} }
if LooseVersion(docker_version) < LooseVersion("7.0.0b1"):
update_tls_hostname(result) update_tls_hostname(result)
return result return result