Don't follow redirects in credential plugins

2026-02-28 16:28:43 -03:30 · 2020-07-06 15:26:39 -04:00
parent 8aa11f4848
commit d14aee70a1
3 changed files with 12 additions and 3 deletions
--- a/awx/main/credential_plugins/aim.py
+++ b/awx/main/credential_plugins/aim.py
@@ -95,6 +95,7 @@ def aim_backend(**kwargs):
        timeout=30,
        cert=cert,
        verify=verify,
        allow_redirects=False,
    )
    res.raise_for_status()
    return res.json()['Content']
--- a/awx/main/credential_plugins/conjur.py
+++ b/awx/main/credential_plugins/conjur.py
@@ -63,7 +63,8 @@ def conjur_backend(**kwargs):
    auth_kwargs = {
        'headers': {'Content-Type': 'text/plain'},
-        'data': api_key
+        'data': api_key,
        'allow_redirects': False,
    }
    if cacert:
        auth_kwargs['verify'] = create_temporary_fifo(cacert.encode())
@@ -78,6 +79,7 @@ def conjur_backend(**kwargs):
    lookup_kwargs = {
        'headers': {'Authorization': 'Token token="{}"'.format(token)},
        'allow_redirects': False,
    }
    if cacert:
        lookup_kwargs['verify'] = create_temporary_fifo(cacert.encode())
--- a/awx/main/credential_plugins/hashivault.py
+++ b/awx/main/credential_plugins/hashivault.py
@@ -97,7 +97,10 @@ def kv_backend(**kwargs):
    cacert = kwargs.get('cacert', None)
    api_version = kwargs['api_version']
-    request_kwargs = {'timeout': 30}
+    request_kwargs = {
        'timeout': 30,
        'allow_redirects': False,
    }
    if cacert:
        request_kwargs['verify'] = create_temporary_fifo(cacert.encode())
@@ -150,7 +153,10 @@ def ssh_backend(**kwargs):
    role = kwargs['role']
    cacert = kwargs.get('cacert', None)
-    request_kwargs = {'timeout': 30}
+    request_kwargs = {
        'timeout': 30,
        'allow_redirects': False,
    }
    if cacert:
        request_kwargs['verify'] = create_temporary_fifo(cacert.encode())