ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-04-21 11:19:00 +00:00
Code Activity

[PR #11817/175808d9 backport][stable-12] consul_kv: add ca_path option for custom CA certificate (#11852)

Browse source 
consul_kv: add ca_path option for custom CA certificate (#11817)

* consul_kv: add ca_path option for custom CA certificate

Adds ca_path parameter to both the consul_kv module and consul_kv lookup
plugin, allowing users to specify a CA bundle for HTTPS connections instead
of being limited to toggling certificate validation on/off.



* consul_kv: add changelog fragment for PR #11817



* consul_kv: address review comments from felixfontein

- Fix verify logic: ca_path is ignored when validate_certs=false
- Improve validate_certs description to nudge users toward ca_path



---------


(cherry picked from commit 175808d997)

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
patchback[bot] 2026-04-17 18:33:02 +02:00 committed by GitHub
parent 6e226f4588
commit 2bd64a891c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 31 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

14
plugins/modules/consul_kv.py
View file

@ -94,9 +94,15 @@ options:
default: http
validate_certs:
description:
- Whether to verify the tls certificate of the Consul agent.
- Whether to verify the TLS certificate of the Consul agent.
- Instead of setting this to V(false), please consider using O(ca_path) instead.
type: bool
default: true
ca_path:
description:
- The CA bundle to use for HTTPS connections.
type: str
version_added: "12.6.0"
datacenter:
description:
- The name of the datacenter to query. If unspecified, the query defaults to the datacenter of the Consul agent on O(host).
@ -263,11 +269,14 @@ def remove_value(module):
def get_consul_api(module):
ca_path = module.params.get("ca_path")
validate_certs = module.params.get("validate_certs")
verify = (ca_path or validate_certs) if validate_certs else False
return consul.Consul(
host=module.params.get("host"),
port=module.params.get("port"),
scheme=module.params.get("scheme"),
verify=module.params.get("validate_certs"),
verify=verify,
token=module.params.get("token"),
dc=module.params.get("datacenter"),
)
@ -291,6 +300,7 @@ def main():
host=dict(type="str", default="localhost"),
scheme=dict(type="str", default="http"),
validate_certs=dict(type="bool", default=True),
ca_path=dict(type="str"),
port=dict(type="int", default=8500),
recurse=dict(type="bool"),
retrieve=dict(type="bool", default=True),