From 0a87d0e8250e0dc6e6eb3b0891c302e495010c44 Mon Sep 17 00:00:00 2001 From: Zach Peterson Date: Thu, 28 Aug 2025 09:32:25 -0500 Subject: [PATCH 1/4] Add environment fallback support for validate_certs --- plugins/doc_fragments/ipa.py | 2 ++ plugins/module_utils/ipa.py | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/plugins/doc_fragments/ipa.py b/plugins/doc_fragments/ipa.py index 665a8171a9c..b08db8fc5f4 100644 --- a/plugins/doc_fragments/ipa.py +++ b/plugins/doc_fragments/ipa.py @@ -62,6 +62,8 @@ class ModuleDocFragment(object): - This only applies if O(ipa_prot) is V(https). - If set to V(false), the SSL certificates are not validated. - This should only set to V(false) used on personally controlled sites using self-signed certificates. + - If the value is not specified in the task, the value of environment variable E(IPA_VALIDATE_CERTS) is used instead. + - If both the environment variable E(IPA_VALIDATE_CERTS) and the value are not specified in the task, then default value is set. type: bool default: true ipa_timeout: diff --git a/plugins/module_utils/ipa.py b/plugins/module_utils/ipa.py index fb63d5556be..5377036cf61 100644 --- a/plugins/module_utils/ipa.py +++ b/plugins/module_utils/ipa.py @@ -211,5 +211,5 @@ def ipa_argument_spec(): ipa_user=dict(type='str', default='admin', fallback=(env_fallback, ['IPA_USER'])), ipa_pass=dict(type='str', no_log=True, fallback=(env_fallback, ['IPA_PASS'])), ipa_timeout=dict(type='int', default=10, fallback=(env_fallback, ['IPA_TIMEOUT'])), - validate_certs=dict(type='bool', default=True), + validate_certs=dict(type='bool', default=True, fallback=(env_fallback, ['IPA_VALIDATE_CERTS'])), ) From e9ffedd602e09b157409a95d0e49cb1d38d2c23a Mon Sep 17 00:00:00 2001 From: Zach Peterson Date: Thu, 28 Aug 2025 10:01:45 -0500 Subject: [PATCH 2/4] add changelog fragment --- changelogs/fragments/10751-ipa-validate.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/10751-ipa-validate.yml diff --git a/changelogs/fragments/10751-ipa-validate.yml b/changelogs/fragments/10751-ipa-validate.yml new file mode 100644 index 00000000000..cce7869d993 --- /dev/null +++ b/changelogs/fragments/10751-ipa-validate.yml @@ -0,0 +1,2 @@ +minor_changes: + - ipa module utils - support environment fallback for validate_certs parameter \ No newline at end of file From 3809ac9a647ab6a153a3e32c6e609048a5170c43 Mon Sep 17 00:00:00 2001 From: Zach Peterson Date: Thu, 28 Aug 2025 10:04:01 -0500 Subject: [PATCH 3/4] fix pr number --- .../fragments/{10751-ipa-validate.yml => 10753-ipa-validate.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename changelogs/fragments/{10751-ipa-validate.yml => 10753-ipa-validate.yml} (100%) diff --git a/changelogs/fragments/10751-ipa-validate.yml b/changelogs/fragments/10753-ipa-validate.yml similarity index 100% rename from changelogs/fragments/10751-ipa-validate.yml rename to changelogs/fragments/10753-ipa-validate.yml From 3bce37779c6351943fd6cf6e44665ad6b3030dd1 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Thu, 4 Sep 2025 07:05:33 +0200 Subject: [PATCH 4/4] Apply suggestions from code review. --- changelogs/fragments/10753-ipa-validate.yml | 2 +- plugins/doc_fragments/ipa.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/changelogs/fragments/10753-ipa-validate.yml b/changelogs/fragments/10753-ipa-validate.yml index cce7869d993..e929939e890 100644 --- a/changelogs/fragments/10753-ipa-validate.yml +++ b/changelogs/fragments/10753-ipa-validate.yml @@ -1,2 +1,2 @@ minor_changes: - - ipa module utils - support environment fallback for validate_certs parameter \ No newline at end of file + - ipa_* modules - support environment fallback for ``validate_certs`` parameter (https://github.com/ansible-collections/community.general/pull/10753). \ No newline at end of file diff --git a/plugins/doc_fragments/ipa.py b/plugins/doc_fragments/ipa.py index b08db8fc5f4..3e75157346d 100644 --- a/plugins/doc_fragments/ipa.py +++ b/plugins/doc_fragments/ipa.py @@ -63,7 +63,7 @@ class ModuleDocFragment(object): - If set to V(false), the SSL certificates are not validated. - This should only set to V(false) used on personally controlled sites using self-signed certificates. - If the value is not specified in the task, the value of environment variable E(IPA_VALIDATE_CERTS) is used instead. - - If both the environment variable E(IPA_VALIDATE_CERTS) and the value are not specified in the task, then default value is set. + If both the environment variable E(IPA_VALIDATE_CERTS) and the value are not specified in the task, then default value is used. type: bool default: true ipa_timeout: