Only disable cert validation in examples for local network access (#7576

)

Only disable cert validation in examples for local network access!

plugins/inventory/icinga2.py

@@ -72,7 +72,7 @@
 user: ansible
 password: secure
 host_filter: \"linux-servers\" in host.groups
-validate_certs: false
+validate_certs: false  # only do this when connecting to localhost!
 inventory_attr: name
 groups:
   # simple name matching

plugins/inventory/proxmox.py

@@ -171,7 +171,6 @@
 url: http://pve.domain.com:8006
 user: ansible@pve
 password: secure
-validate_certs: false
 want_facts: true
 keyed_groups:
     # proxmox_tags_parsed is an example of a fact only returned when 'want_facts=true'
@@ -192,10 +191,10 @@
 # Note: my_inv_var demonstrates how to add a string variable to every host used by the inventory.
 # my.proxmox.yml
 plugin: community.general.proxmox
-url: http://pve.domain.com:8006
+url: http://192.168.1.2:8006
 user: ansible@pve
 password: secure
-validate_certs: false
+validate_certs: false  # only do this when you trust the network!
 want_facts: true
 want_proxmox_nodes_ansible_host: false
 compose:

plugins/modules/gitlab_group.py

@@ -107,7 +107,6 @@
   community.general.gitlab_group:
     api_url: https://gitlab.example.com/
     api_token: "{{ access_token }}"
-    validate_certs: false
     name: my_first_group
     state: absent
 

plugins/modules/gitlab_hook.py

@@ -122,7 +122,6 @@
     state: present
     push_events: true
     tag_push_events: true
-    hook_validate_certs: false
     token: "my-super-secret-token-that-my-ci-server-will-check"
 
 - name: "Delete the previous hook"

plugins/modules/gitlab_project.py

@@ -273,7 +273,6 @@
   community.general.gitlab_project:
     api_url: https://gitlab.example.com/
     api_token: "{{ access_token }}"
-    validate_certs: false
     name: my_first_project
     state: absent
   delegate_to: localhost

plugins/modules/gitlab_project_members.py

@@ -106,7 +106,6 @@
   community.general.gitlab_project_members:
     api_url: 'https://gitlab.example.com'
     api_token: 'Your-Private-Token'
-    validate_certs: false
     project: projectname
     gitlab_user: username
     state: absent

plugins/modules/gitlab_user.py

@@ -150,7 +150,6 @@
   community.general.gitlab_user:
     api_url: https://gitlab.example.com/
     api_token: "{{ access_token }}"
-    validate_certs: false
     username: myusername
     state: absent
 
@@ -190,15 +189,13 @@
   community.general.gitlab_user:
     api_url: https://gitlab.example.com/
     api_token: "{{ access_token }}"
-    validate_certs: false
     username: myusername
     state: blocked
 
 - name: "Unblock GitLab User"
   community.general.gitlab_user:
     api_url: https://gitlab.example.com/
     api_token: "{{ access_token }}"
-    validate_certs: false
     username: myusername
     state: unblocked
 '''

plugins/modules/imc_rest.py

@@ -100,7 +100,7 @@
     hostname: '{{ imc_hostname }}'
     username: '{{ imc_username }}'
     password: '{{ imc_password }}'
-    validate_certs: false
+    validate_certs: false  # only do this when you trust the network!
     content: |
       <configConfMo><inConfig>
         <computeRackUnit dn="sys/rack-unit-1" adminPower="down"/>
@@ -112,7 +112,7 @@
     hostname: '{{ imc_hostname }}'
     username: '{{ imc_username }}'
     password: '{{ imc_password }}'
-    validate_certs: false
+    validate_certs: false  # only do this when you trust the network!
     timeout: 120
     content: |
       <!-- Configure Serial-on-LAN -->
@@ -137,7 +137,7 @@
     hostname: '{{ imc_hostname }}'
     username: '{{ imc_username }}'
     password: '{{ imc_password }}'
-    validate_certs: false
+    validate_certs: false  # only do this when you trust the network!
     content: |
       <!-- Configure PXE boot -->
       <configConfMo><inConfig>
@@ -155,7 +155,7 @@
     hostname: '{{ imc_host }}'
     username: '{{ imc_username }}'
     password: '{{ imc_password }}'
-    validate_certs: false
+    validate_certs: false  # only do this when you trust the network!
     content: |
       <configConfMo><inConfig>
         <lsbootStorage dn="sys/rack-unit-1/boot-policy/storage-read-write" access="read-write" order="1" type="storage"/>
@@ -167,7 +167,7 @@
     hostname: '{{ imc_host }}'
     username: '{{ imc_username }}'
     password: '{{ imc_password }}'
-    validate_certs: false
+    validate_certs: false  # only do this when you trust the network!
     content: |
         <configConfMo><inConfig>
           <computeRackUnit dn="sys/rack-unit-1" usrLbl="Customer Lab - POD{{ pod_id }} - {{ inventory_hostname_short }}"/>
@@ -179,7 +179,7 @@
     hostname: '{{ imc_host }}'
     username: '{{ imc_username }}'
     password: '{{ imc_password }}'
-    validate_certs: false
+    validate_certs: false  # only do this when you trust the network!
     timeout: 120
     content: |
         <configConfMo><inConfig>

plugins/modules/influxdb_retention_policy.py

@@ -114,7 +114,6 @@
       duration: INF
       replication: 1
       ssl: false
-      validate_certs: false
       shard_group_duration: 1w
       state: present
 
@@ -126,7 +125,6 @@
       duration: 5d1h30m
       replication: 1
       ssl: false
-      validate_certs: false
       shard_group_duration: 1d10h30m
       state: present
 

plugins/modules/ipa_host.py

@@ -118,7 +118,6 @@
     ipa_host: ipa.example.com
     ipa_user: admin
     ipa_pass: topsecret
-    validate_certs: false
     random_password: true
 
 - name: Ensure host is disabled

plugins/modules/ipa_vault.py

@@ -93,7 +93,6 @@
     ipa_host: ipa.example.com
     ipa_user: admin
     ipa_pass: topsecret
-    validate_certs: false
 
 - name: Ensure vault is present for Admin user
   community.general.ipa_vault:

plugins/modules/jenkins_job_info.py

@@ -121,7 +121,6 @@
     user: admin
     token: 126df5c60d66c66e3b75b11104a16a8a
     url: https://jenkins.example.com
-    validate_certs: false
   register: my_jenkins_job_info
 '''
 

plugins/modules/jenkins_script.py

@@ -99,7 +99,7 @@
     user: admin
     password: admin
     url: https://localhost
-    validate_certs: false
+    validate_certs: false  # only do this when you trust the network!
 '''
 
 RETURN = '''

plugins/modules/manageiq_alert_profiles.py

@@ -72,7 +72,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Delete an alert profile from ManageIQ
   community.general.manageiq_alert_profiles:
@@ -82,7 +82,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 '''
 
 RETURN = '''

plugins/modules/manageiq_alerts.py

@@ -91,7 +91,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Add an alert with a "miq expression" to ManageIQ
   community.general.manageiq_alerts:
@@ -118,7 +118,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Delete an alert from ManageIQ
   community.general.manageiq_alerts:
@@ -128,7 +128,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 '''
 
 RETURN = '''

plugins/modules/manageiq_group.py

@@ -103,21 +103,21 @@
     role: 'EvmRole-user'
     tenant: 'my_tenant'
     manageiq_connection:
-      url: 'https://manageiq_server'
+      url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Create a group in ManageIQ with the role EvmRole-user and tenant with tenant_id 4
   community.general.manageiq_group:
     description: 'MyGroup-user'
     role: 'EvmRole-user'
     tenant_id: 4
     manageiq_connection:
-      url: 'https://manageiq_server'
+      url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name:
   - Create or update a group in ManageIQ with the role EvmRole-user and tenant my_tenant.
@@ -140,10 +140,10 @@
     - "/belongsto/ExtManagementSystem|ProviderName/EmsFolder|Datacenters/EmsFolder|dc_name/EmsFolder|host/EmsCluster|Cluster name"
     belongsto_filters_merge_mode: merge
     manageiq_connection:
-      url: 'https://manageiq_server'
+      url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Delete a group in ManageIQ
   community.general.manageiq_group:

plugins/modules/manageiq_policies.py

@@ -74,7 +74,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Unassign a policy_profile for a provider in ManageIQ
   community.general.manageiq_policies:
@@ -87,7 +87,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 '''
 
 RETURN = '''

plugins/modules/manageiq_provider.py

@@ -438,7 +438,7 @@
       url: 'https://cf-6af0.rhpds.opentlc.com'
       username: 'admin'
       password: 'password'
-      validate_certs: false
+      validate_certs: true
 
 - name: Create a new OpenStack Director provider in ManageIQ with rsa keypair
   community.general.manageiq_provider:

plugins/modules/manageiq_tags.py

@@ -77,7 +77,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when connecting to localhost!
 
 - name: Create new tags for a provider in ManageIQ.
   community.general.manageiq_tags:
@@ -92,7 +92,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when connecting to localhost!
 
 - name: Remove tags for a provider in ManageIQ.
   community.general.manageiq_tags:
@@ -108,7 +108,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when connecting to localhost!
 '''
 
 RETURN = '''

plugins/modules/manageiq_tenant.py

@@ -83,7 +83,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Create a tenant in ManageIQ
   community.general.manageiq_tenant:
@@ -94,7 +94,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Delete a tenant in ManageIQ
   community.general.manageiq_tenant:
@@ -105,7 +105,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 - name: Set tenant quota for cpu_allocated, mem_allocated, remove quota for vms_allocated
   community.general.manageiq_tenant:
@@ -119,7 +119,7 @@
       url: 'http://127.0.0.1:3000'
       username: 'admin'
       password: 'smartvm'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 
 
 - name: Delete a tenant in ManageIQ using a token
@@ -130,7 +130,7 @@
     manageiq_connection:
       url: 'http://127.0.0.1:3000'
       token: 'sometoken'
-      validate_certs: false
+      validate_certs: false  # only do this when you trust the network!
 '''
 
 RETURN = '''