Add possibility to skip certificate validation (#131)

plugins/doc_fragments/cloudstack.py

@@ -48,6 +48,13 @@ class ModuleDocFragment(object):
       - Verify CA authority cert file.
       - If not given, the C(CLOUDSTACK_VERIFY) env variable is considered.
     type: str
+  validate_certs:
+    description:
+      - If V(false), SSL certificates will not be validated.
+      - If not given, the C(CLOUDSTACK_DANGEROUS_NO_TLS_VERIFY) env variable is considered.
+      - This should only be used on personally controlled sites using self-signed certificates.
+    type: bool
+    default: true
 requirements:
   - python >= 2.6
   - cs >= 0.9.0

plugins/module_utils/cloudstack.py

@@ -35,6 +35,7 @@ def cs_argument_spec():
         api_http_method=dict(type='str', fallback=(env_fallback, ['CLOUDSTACK_METHOD']), choices=['get', 'post'], default='get'),
         api_timeout=dict(type='int', fallback=(env_fallback, ['CLOUDSTACK_TIMEOUT']), default=10),
         api_verify_ssl_cert=dict(type='str', fallback=(env_fallback, ['CLOUDSTACK_VERIFY'])),
+        validate_certs=dict(type='str', fallback=(env_fallback, ['CLOUDSTACK_DANGEROUS_NO_TLS_VERIFY']), default=True),
     )
 
 
@@ -121,13 +122,16 @@ def get_api_config(self):
             'timeout': self.module.params.get('api_timeout'),
             'method': self.module.params.get('api_http_method'),
             'verify': self.module.params.get('api_verify_ssl_cert'),
+            'dangerous_no_tls_verify': self.module.params.get('validate_certs'),
         }
+
         self.result.update({
             'api_url': api_config['endpoint'],
             'api_key': api_config['key'],
             'api_timeout': int(api_config['timeout']),
             'api_http_method': api_config['method'],
             'api_verify_ssl_cert': api_config['verify'],
+            'validate_certs': api_config['dangerous_no_tls_verify'],
         })
         return api_config