[PR #11078/dcb580c4 backport][stable-12] discard Python 2 ssl handling (#11086)

discard Python 2 ssl handling (#11078)

* discard Python 2 ssl handling

* add changelog frag

* Apply suggestion



---------


(cherry picked from commit dcb580c)

Co-authored-by: Alexei Znamensky <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>

Author: 3 people

changelogs/fragments/11078-py2-ssl.yml

@@ -0,0 +1,4 @@
+minor_changes:
+  - cobbler_sync - remove conditional code handling SSL for unsupported versions of Python (https://github.com/ansible-collections/community.general/pull/11078).
+  - cobbler_system - remove conditional code handling SSL for unsupported versions of Python (https://github.com/ansible-collections/community.general/pull/11078).
+  - jenkins_job_info - remove conditional code handling SSL for unsupported versions of Python (https://github.com/ansible-collections/community.general/pull/11078).

plugins/modules/cobbler_sync.py

@@ -110,22 +110,10 @@ def main():
 
     start = now()
 
-    ssl_context = None
-    if not validate_certs:
-        try:
-            ssl_context = ssl._create_unverified_context()
-        except AttributeError:
-            # Legacy Python that doesn't verify HTTPS certificates by default
-            pass
-        else:
-            # Handle target environment that doesn't support HTTPS verification
-            ssl._create_default_https_context = ssl._create_unverified_context
+    ssl_context = None if validate_certs or not use_ssl else ssl._create_unverified_context()
 
     url = "{proto}://{host}:{port}/cobbler_api".format(**module.params)
-    if ssl_context:
-        conn = xmlrpc_client.ServerProxy(url, context=ssl_context)
-    else:
-        conn = xmlrpc_client.Server(url)
+    conn = xmlrpc_client.ServerProxy(url, context=ssl_context)
 
     try:
         token = conn.login(username, password)

plugins/modules/cobbler_system.py

@@ -232,22 +232,10 @@ def main():
 
     start = now()
 
-    ssl_context = None
-    if not validate_certs:
-        try:
-            ssl_context = ssl._create_unverified_context()
-        except AttributeError:
-            # Legacy Python that doesn't verify HTTPS certificates by default
-            pass
-        else:
-            # Handle target environment that doesn't support HTTPS verification
-            ssl._create_default_https_context = ssl._create_unverified_context
+    ssl_context = None if validate_certs or not use_ssl else ssl._create_unverified_context()
 
     url = "{proto}://{host}:{port}/cobbler_api".format(**module.params)
-    if ssl_context:
-        conn = xmlrpc_client.ServerProxy(url, context=ssl_context)
-    else:
-        conn = xmlrpc_client.Server(url)
+    conn = xmlrpc_client.ServerProxy(url, context=ssl_context)
 
     try:
         token = conn.login(username, password)

plugins/modules/jenkins_job_info.py

@@ -160,13 +160,8 @@ def get_jenkins_connection(module):
     token = module.params.get("token")
 
     validate_certs = module.params.get("validate_certs")
-    if not validate_certs and hasattr(ssl, "SSLContext"):
+    if not validate_certs:
         ssl._create_default_https_context = ssl._create_unverified_context
-    if validate_certs and not hasattr(ssl, "SSLContext"):
-        module.fail_json(
-            msg="Module does not support changing verification mode with python < 2.7.9."
-            " Either update Python or use validate_certs=false."
-        )
 
     if username and (password or token):
         return jenkins.Jenkins(url, username, password or token)

tests/integration/targets/mail/files/smtpserver.py

@@ -41,13 +41,7 @@
 if len(sys.argv) > 3:
     keyfile = sys.argv[3]
 
-try:
-    ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-except AttributeError:
-    ssl_ctx = None
-    if HAS_TLS:
-        print('Python ssl library does not support SSLContext, hence starttls and TLS are not supported.')
-    import smtpd
+ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
 
 if HAS_TLS and ssl_ctx is not None:
     print('Using %s and %s' % (certfile, keyfile))