Skip to content

Commit

Permalink
feature(gitlab): add 'ca_path' option (#7472)
Browse files Browse the repository at this point in the history
  • Loading branch information
lgatellier authored Nov 5, 2023
1 parent 74e941e commit 567c7d1
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 3 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/7472-gitlab-add-ca-path-option.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- gitlab modules - add ``ca_path`` option (https://github.com/ansible-collections/community.general/pull/7472).
5 changes: 5 additions & 0 deletions plugins/doc_fragments/gitlab.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,9 @@ class ModuleDocFragment(object):
- GitLab CI job token for logging in.
type: str
version_added: 4.2.0
ca_path:
description:
- The CA certificates bundle to use to verify GitLab server certificate.
type: str
version_added: 8.1.0
'''
10 changes: 7 additions & 3 deletions plugins/module_utils/gitlab.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@

def auth_argument_spec(spec=None):
arg_spec = (dict(
ca_path=dict(type='str'),
api_token=dict(type='str', no_log=True),
api_oauth_token=dict(type='str', no_log=True),
api_job_token=dict(type='str', no_log=True),
Expand Down Expand Up @@ -76,6 +77,7 @@ def ensure_gitlab_package(module):
def gitlab_authentication(module):
gitlab_url = module.params['api_url']
validate_certs = module.params['validate_certs']
ca_path = module.params['ca_path']
gitlab_user = module.params['api_username']
gitlab_password = module.params['api_password']
gitlab_token = module.params['api_token']
Expand All @@ -84,23 +86,25 @@ def gitlab_authentication(module):

ensure_gitlab_package(module)

verify = ca_path if validate_certs and ca_path else validate_certs

try:
# python-gitlab library remove support for username/password authentication since 1.13.0
# Changelog : https://github.com/python-gitlab/python-gitlab/releases/tag/v1.13.0
# This condition allow to still support older version of the python-gitlab library
if LooseVersion(gitlab.__version__) < LooseVersion("1.13.0"):
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, email=gitlab_user, password=gitlab_password,
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, email=gitlab_user, password=gitlab_password,
private_token=gitlab_token, api_version=4)
else:
# We can create an oauth_token using a username and password
# https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow
if gitlab_user:
data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password}
resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=validate_certs)
resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify)
resp_data = resp.json()
gitlab_oauth_token = resp_data["access_token"]

gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, private_token=gitlab_token,
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token,
oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4)

gitlab_instance.auth()
Expand Down

0 comments on commit 567c7d1

Please sign in to comment.