ansible-collections/community.docker
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.docker.git synced 2026-03-15 11:53:31 +00:00
Code Packages Projects Releases Wiki Activity

Do not set assert_hostname / tls_hostname automatically in certain situations.

Browse Source
This commit is contained in:
Felix Fontein 2025-12-30 16:46:06 +01:00
parent d7b2e99b77
commit f175b25cd4
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/1226-docker-sdk-tls.yml Normal file
View File

@ -0,0 +1,2 @@
bugfixes:
- "modules and plugins using the Docker SDK for Python - do not automatically set ``tls_hostname`` when ``validate_certs=true`` for Docker SDK for Python 7.0.0+ (https://github.com/ansible-collections/community.docker/issues/1225, https://github.com/ansible-collections/community.docker/pull/1226)."

14
plugins/module_utils/_common.py
View File

@ -140,25 +140,24 @@ def get_connect_params(
if auth_data["tls_verify"]:
# TLS with verification
tls_config = {
tls_config: dict[str, t.Any] = {
"verify": True,
"assert_hostname": auth_data["tls_hostname"],
"fail_function": fail_function,
}
if auth_data["tls_hostname"] is not None:
tls_config["assert_hostname"] = auth_data["tls_hostname"]
if auth_data["cert_path"] and auth_data["key_path"]:
tls_config["client_cert"] = (auth_data["cert_path"], auth_data["key_path"])
if auth_data["cacert_path"]:
tls_config["ca_cert"] = auth_data["cacert_path"]
result["tls"] = _get_tls_config(**tls_config)
result["tls"] = _get_tls_config(fail_function=fail_function, **tls_config)
elif auth_data["tls"]:
# TLS without verification
tls_config = {
"verify": False,
"fail_function": fail_function,
}
if auth_data["cert_path"] and auth_data["key_path"]:
tls_config["client_cert"] = (auth_data["cert_path"], auth_data["key_path"])
result["tls"] = _get_tls_config(**tls_config)
result["tls"] = _get_tls_config(fail_function=fail_function, **tls_config)
if auth_data.get("use_ssh_client"):
if LooseVersion(docker_version) < LooseVersion("4.4.0"):
@ -372,7 +371,8 @@ class AnsibleDockerClientBase(Client):
),
}
update_tls_hostname(result)
if LooseVersion(docker_version) < LooseVersion("7.0.0b1"):
update_tls_hostname(result)
return result