#ansible-network log

16:00:08 <Qalthos> #startmeeting Ansible Network Working Group
16:00:08 <zodbot> Meeting started Wed Jan 11 16:00:08 2023 UTC.
16:00:08 <zodbot> This meeting is logged and archived in a public location.
16:00:08 <zodbot> The chair is Qalthos. Information about MeetBot at https://fedoraproject.org/wiki/Zodbot#Meeting_Functions.
16:00:08 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
16:00:08 <zodbot> The meeting name has been set to 'ansible_network_working_group'
16:00:25 <Qalthos> #topic Agenda https://github.com/ansible/community/issues/542
16:00:30 <Qalthos> #link https://github.com/ansible/community/labels/network is where you can always find the latest agenda
16:01:07 <Qalthos> #topic Core Updates
16:02:20 <Qalthos> I still don't have much to share this week, the team has been focusing on bugfixes and testing improvements lately
16:04:46 <Qalthos> #info Reminder that February will be a major release for netcommon and the various network platform collections we support
16:06:08 <Qalthos> #topic Open Floor
16:06:38 <Qalthos> Let me know if there's something you want to discuss for the meeting this week
16:12:00 <Warkdev[m]> I'd be interested to know if client cert authentication would be that difficult to implement on top of the current basic auth setup. I tried to check the other day and while the requests lib is fairly standard on that, the httpapi plug-in is a based on something else and I must admit I stopped digging at some point.
16:12:46 <Qalthos> #topic HTTPAPI Certificate Auth
16:14:22 <Qalthos> It's definitely possible, I can say that much. It would take some work in the connection plugin to make it happen, and I'm not sure how invasive that would end up being
16:17:36 <Warkdev[m]> That was my fear when I saw how tight that knot is with the inner thing of ansible.
16:17:37 <Qalthos> Warkdev: There's an open issue for this, right? Can you comment on that with a quick rundown on how the authentication works in practice?
16:19:06 <Qalthos> One of the issues is that we don't have any internal devices that work like that, so development and testing is a little tough, but I can make another go at it
16:19:11 <Warkdev[m]> Yes there's one. And I think I'm probably the creator of it. 😉
16:19:49 <Warkdev[m]> I understand. You may check against a raw nginx that accepts a ssl client cert. If you can get the page, you nailed it.
16:23:26 <Qalthos> Alright I think the issue might have enough info already. I can't promise anything, but I can put this back on my queue to reinvestigate
16:24:36 <Warkdev[m]> Thank you. I can share some examples on how I managed to do it with requests in the past but it's nothing more than passing the path to a private key in the connection setup. Then requests does the magic.
16:29:18 <Qalthos> #action Qalthos reinvestigate https://github.com/ansible-collections/ansible.netcommon/issues/422
16:29:46 <Qalthos> Alright anyone else?
16:29:48 <Qalthos> #topic Open Floor
16:41:33 <Qalthos> Thanks, everyone!
16:41:35 <Qalthos> #endmeeting