Merge pull request #1 from WildDogOne/main

Adding TLS Verify option
robsonmantovani · Jun 22, 2023 · 3fb1be0 · 3fb1be0
2 parents 557ca79 + 50c4c0e
commit 3fb1be0
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 49 deletions.
diff --git a/galaxy.yml b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: robsonmantovani
 name: elasticsearch_security
-version: 1.0.1
+version: 1.0.2
 readme: README.md
 description: Collection for managing Elasticsearch security.
 license: BSD-2-Clause

diff --git a/plugins/modules/elasticsearch_security_apikey.py b/plugins/modules/elasticsearch_security_apikey.py
@@ -55,6 +55,12 @@
     description:
       - Dictionary specifying the metadata for the API key.
     required: false
+  
+  tls_verify:
+    description:
+      - Whether to verify TLS certificates.
+    required: false
+    type: bool
 
 notes:
   - This module requires the `elasticsearch` Python library to be installed.
@@ -77,7 +83,8 @@ def main():
         user_name=dict(type='str', required=True),
         api_key_name=dict(type='str', required=True),
         api_key_role_descriptors=dict(type='dict', required=True),
-        api_key_metadata=dict(type='dict')
+        api_key_metadata=dict(type='dict'),
+        tls_verify=dict(type=bool),
     )
 
     module = AnsibleModule(
@@ -93,8 +100,13 @@ def main():
     api_key_name = module.params['api_key_name']
     api_key_role_descriptors = module.params['api_key_role_descriptors']
     api_key_metadata = module.params['api_key_metadata']
+    tls_verify = module.params["tls_verify"]
+
+    if tls_verify == False:
+      es = Elasticsearch([es_url], basic_auth=(es_user, es_pass),  verify_certs=False)
+    else:
+      es = Elasticsearch([es_url], basic_auth=(es_user, es_pass))
 
-    es = Elasticsearch([es_url], basic_auth=(es_user, es_pass))
 
     try:
         if state == 'present':

diff --git a/plugins/modules/elasticsearch_security_role.py b/plugins/modules/elasticsearch_security_role.py
@@ -47,6 +47,12 @@
       - The body of the role. This should be a dictionary representing the role configuration.
     required: true
 
+  tls_verify:
+    description:
+      - Whether to verify TLS certificates.
+    required: false
+    type: bool
+
 notes:
   - This module requires the `elasticsearch` Python library to be installed.
 
@@ -66,7 +72,8 @@ def main():
         es_user=dict(type='str', required=True),
         es_pass=dict(type='str', required=True, no_log=True),
         role_name=dict(type='str', required=True),
-        role_body=dict(type='dict', required=True)
+        role_body=dict(type='dict', required=True),
+        tls_verify=dict(type=bool),
     )
 
     module = AnsibleModule(
@@ -80,8 +87,12 @@ def main():
     es_pass = module.params['es_pass']
     role_name = module.params['role_name']
     role_body = module.params['role_body']
+    tls_verify = module.params["tls_verify"]
 
-    es = Elasticsearch([es_url], basic_auth=(es_user, es_pass))
+    if tls_verify == False:
+      es = Elasticsearch([es_url], basic_auth=(es_user, es_pass),  verify_certs=False)
+    else:
+      es = Elasticsearch([es_url], basic_auth=(es_user, es_pass))
 
     try:
         if state == 'present':

diff --git a/plugins/modules/elasticsearch_security_user.py b/plugins/modules/elasticsearch_security_user.py
@@ -3,7 +3,7 @@
 from ansible.module_utils.basic import AnsibleModule
 from elasticsearch import Elasticsearch, NotFoundError
 
-DOCUMENTATION = '''
+DOCUMENTATION = """
 ---
 module: elasticsearch_security_user
 short_description: Manage Elasticsearch security users
@@ -68,6 +68,12 @@
     required: false
     type: bool
 
+  tls_verify:
+    description:
+      - Whether to verify TLS certificates.
+    required: false
+    type: bool
+
 notes:
   - This module requires the `elasticsearch` Python library to be installed.
 
@@ -76,46 +82,47 @@
 
 seealso:
   - module: elasticsearch_security_role
-'''
+"""
 
 
 def main():
-
     module_args = dict(
-        state=dict(type='str', choices=['present', 'absent'], required=True),
-        es_url=dict(type='str', required=True),
-        es_user=dict(type='str', required=True),
-        es_pass=dict(type='str', required=True, no_log=True),
-        user_name=dict(type='str', required=True),
-        user_full_name=dict(type='str'),
-        user_email=dict(type='str'),
-        user_password=dict(type='str', no_log=True),
-        user_roles=dict(type='list', elements='str'),
-        force=dict(type=bool)
-    )
-
-    module = AnsibleModule(
-        argument_spec=module_args,
-        supports_check_mode=True
+        state=dict(type="str", choices=["present", "absent"], required=True),
+        es_url=dict(type="str", required=True),
+        es_user=dict(type="str", required=True),
+        es_pass=dict(type="str", required=True, no_log=True),
+        user_name=dict(type="str", required=True),
+        user_full_name=dict(type="str"),
+        user_email=dict(type="str"),
+        user_password=dict(type="str", no_log=True),
+        user_roles=dict(type="list", elements="str"),
+        force=dict(type=bool),
+        tls_verify=dict(type=bool),
     )
 
-    state = module.params['state']
-    es_url = module.params['es_url']
-    es_user = module.params['es_user']
-    es_pass = module.params['es_pass']
-    user_name = module.params['user_name']
-    user_full_name = module.params['user_full_name']
-    user_email = module.params['user_email']
-    user_password = module.params['user_password']
-    user_roles = module.params['user_roles']
-    force = module.params['force']
-
-    es = Elasticsearch([es_url], basic_auth=(es_user, es_pass))
+    module = AnsibleModule(argument_spec=module_args, supports_check_mode=True)
+
+    state = module.params["state"]
+    es_url = module.params["es_url"]
+    es_user = module.params["es_user"]
+    es_pass = module.params["es_pass"]
+    user_name = module.params["user_name"]
+    user_full_name = module.params["user_full_name"]
+    user_email = module.params["user_email"]
+    user_password = module.params["user_password"]
+    user_roles = module.params["user_roles"]
+    force = module.params["force"]
+    tls_verify = module.params["tls_verify"]
+
+    if tls_verify == False:
+      es = Elasticsearch([es_url], basic_auth=(es_user, es_pass),  verify_certs=False)
+    else:
+      es = Elasticsearch([es_url], basic_auth=(es_user, es_pass))
 
     try:
         existing_user = es.security.get_user(username=user_name)
 
-        if state == 'present' and force:
+        if state == "present" and force:
             if user_name in existing_user:
                 es.security.delete_user(username=user_name)
                 es.security.put_user(
@@ -124,41 +131,51 @@ def main():
                     roles=user_roles,
                     full_name=user_full_name,
                     email=user_email,
-                    refresh='true'
+                    refresh="true",
                 )
             else:
                 raise NotFoundError
 
-        elif state == 'present':
+        elif state == "present":
             if user_name in existing_user:
-                module.exit_json(changed=False, msg=f'User {user_name} already exists. No state taken.')
+                module.exit_json(
+                    changed=False,
+                    msg=f"User {user_name} already exists. No state taken.",
+                )
             else:
                 raise NotFoundError
 
-        elif state == 'absent':
+        elif state == "absent":
             if user_name not in existing_user:
-                module.exit_json(changed=False, msg=f'User {user_name} does not exist. No state taken.')
+                module.exit_json(
+                    changed=False,
+                    msg=f"User {user_name} does not exist. No state taken.",
+                )
 
         if not module.check_mode:
-            if state == 'absent':
+            if state == "absent":
                 es.security.delete_user(username=user_name)
 
-        module.exit_json(changed=True, msg=f'User {user_name} {state}d successfully.')
+        module.exit_json(changed=True, msg=f"User {user_name} {state}d successfully.")
 
     except NotFoundError:
-        if state == 'present':
+        if state == "present":
             es.security.put_user(
                 username=user_name,
                 password=user_password,
                 roles=user_roles,
                 full_name=user_full_name,
                 email=user_email,
-                refresh='true'
+                refresh="true",
+            )
+            module.exit_json(
+                changed=True, msg=f"User {user_name} presentd successfully."
+            )
+        elif state == "absent":
+            module.exit_json(
+                changed=False, msg=f"User {user_name} does not exist. No state taken."
             )
-            module.exit_json(changed=True, msg=f'User {user_name} presentd successfully.')
-        elif state == 'absent':
-            module.exit_json(changed=False, msg=f'User {user_name} does not exist. No state taken.')
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()