From 9c02d8915f6375aaeed7f2367786d5501fa44650 Mon Sep 17 00:00:00 2001
From: Mario Lenz <m@riolenz.de>
Date: Thu, 18 Jan 2024 18:03:30 +0100
Subject: [PATCH] Fix InsecureRequestWarning for VmwareRestClient based modules
 (#1969)

Fix InsecureRequestWarning

SUMMARY
It looks like we're sometimes running into an InsecureRequestWarning.
ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
plugins/module_utils/vmware_rest_client.py
ADDITIONAL INFORMATION
Vmware ssl certs (works in one module, not the other!)
---
 .../fragments/1969-InsecureRequestWarning.yml    |  3 +++
 plugins/module_utils/vmware_rest_client.py       | 16 +++++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/1969-InsecureRequestWarning.yml

diff --git a/changelogs/fragments/1969-InsecureRequestWarning.yml b/changelogs/fragments/1969-InsecureRequestWarning.yml
new file mode 100644
index 000000000..c8a136458
--- /dev/null
+++ b/changelogs/fragments/1969-InsecureRequestWarning.yml
@@ -0,0 +1,3 @@
+bugfixes:
+  - Fix InsecureRequestWarning for modules based on the VmwareRestClient module util when setting ``validate_certs`` to ``False``
+    (https://github.com/ansible-collections/community.vmware/pull/1969).
diff --git a/plugins/module_utils/vmware_rest_client.py b/plugins/module_utils/vmware_rest_client.py
index b56652d44..c51e3ad18 100644
--- a/plugins/module_utils/vmware_rest_client.py
+++ b/plugins/module_utils/vmware_rest_client.py
@@ -44,6 +44,16 @@
     VSPHERE_IMP_ERR = traceback.format_exc()
     HAS_VSPHERE = False
 
+try:
+    from requests.packages import urllib3
+    HAS_URLLIB3 = True
+except ImportError:
+    try:
+        import urllib3
+        HAS_URLLIB3 = True
+    except ImportError:
+        HAS_URLLIB3 = False
+
 from ansible.module_utils.basic import env_fallback, missing_required_lib
 from ansible.module_utils._text import to_native
 
@@ -131,13 +141,17 @@ def connect_to_vsphere_client(self):
         username = self.params.get('username')
         password = self.params.get('password')
         hostname = self.params.get('hostname')
+        validate_certs = self.params.get('validate_certs')
         port = self.params.get('port')
         session = requests.Session()
-        session.verify = self.params.get('validate_certs')
+        session.verify = validate_certs
         protocol = self.params.get('protocol')
         proxy_host = self.params.get('proxy_host')
         proxy_port = self.params.get('proxy_port')
 
+        if validate_certs is False:
+            if HAS_URLLIB3:
+                urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
         if all([protocol, proxy_host, proxy_port]):
             proxies = {protocol: "{0}://{1}:{2}".format(protocol, proxy_host, proxy_port)}
             session.proxies.update(proxies)