From 16394c4b327dc2949af6933f666aef431f0a3c42 Mon Sep 17 00:00:00 2001 From: Pablo Rodriguez Nava Date: Tue, 14 Jan 2025 09:14:46 +0100 Subject: [PATCH] Make requests_kerberos optional if endpoint is not secured If the url to fetch using uri_request is not secured (it does not return 401/403) make requests_kerberos optional. --- plugins/modules/url_request.py | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/plugins/modules/url_request.py b/plugins/modules/url_request.py index bb5a62c324..51bfe1802f 100644 --- a/plugins/modules/url_request.py +++ b/plugins/modules/url_request.py @@ -89,7 +89,7 @@ try: - from requests import get + from requests import get, head python_requests_installed = True except ImportError: @@ -102,6 +102,19 @@ python_requests_kerberos_installed = False +def _validate_auth_module(module, url, verify_ssl): + if python_requests_kerberos_installed: + # The module are loaded if requires, no need to validate if it's necessary or not + return + response = head(url=url, verify=verify_ssl, allow_redirects=True, timeout=30) + # If the response in a 401 or 403 we need to authenticate + if response.status_code in [401, 403]: + # Kerberos module not present, fail + module.fail_json( + msg="requests_kerberos required for this module to authenticate against the given url" + ) + + def main(): module_args = { "url": {"type": "str", "required": True}, @@ -120,13 +133,15 @@ def main(): if not python_requests_installed: module.fail_json(msg="requests required for this module.") - if not python_requests_kerberos_installed: - module.fail_json(msg="requests_kerberos required for this module.") - url = module.params["url"] verify_ssl = module.params["verify_ssl"] - auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL) + _validate_auth_module(module, url, verify_ssl) + if python_requests_kerberos_installed: + auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL) + else: + auth = None + try: response = get(url=url, auth=auth, verify=verify_ssl, allow_redirects=True)