From 567c7d183977a97cb5939dcb6d5ec8d313365c67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20GATELLIER?= <26511053+lgatellier@users.noreply.github.com> Date: Sun, 5 Nov 2023 12:20:36 +0100 Subject: [PATCH] feature(gitlab): add 'ca_path' option (#7472) --- .../fragments/7472-gitlab-add-ca-path-option.yml | 2 ++ plugins/doc_fragments/gitlab.py | 5 +++++ plugins/module_utils/gitlab.py | 10 +++++++--- 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/7472-gitlab-add-ca-path-option.yml diff --git a/changelogs/fragments/7472-gitlab-add-ca-path-option.yml b/changelogs/fragments/7472-gitlab-add-ca-path-option.yml new file mode 100644 index 00000000000..48c041ea310 --- /dev/null +++ b/changelogs/fragments/7472-gitlab-add-ca-path-option.yml @@ -0,0 +1,2 @@ +minor_changes: + - gitlab modules - add ``ca_path`` option (https://github.com/ansible-collections/community.general/pull/7472). diff --git a/plugins/doc_fragments/gitlab.py b/plugins/doc_fragments/gitlab.py index 705a93c0231..c6434c0cedf 100644 --- a/plugins/doc_fragments/gitlab.py +++ b/plugins/doc_fragments/gitlab.py @@ -29,4 +29,9 @@ class ModuleDocFragment(object): - GitLab CI job token for logging in. type: str version_added: 4.2.0 + ca_path: + description: + - The CA certificates bundle to use to verify GitLab server certificate. + type: str + version_added: 8.1.0 ''' diff --git a/plugins/module_utils/gitlab.py b/plugins/module_utils/gitlab.py index 8c8aab420af..5ed57c099ee 100644 --- a/plugins/module_utils/gitlab.py +++ b/plugins/module_utils/gitlab.py @@ -34,6 +34,7 @@ def auth_argument_spec(spec=None): arg_spec = (dict( + ca_path=dict(type='str'), api_token=dict(type='str', no_log=True), api_oauth_token=dict(type='str', no_log=True), api_job_token=dict(type='str', no_log=True), @@ -76,6 +77,7 @@ def ensure_gitlab_package(module): def gitlab_authentication(module): gitlab_url = module.params['api_url'] validate_certs = module.params['validate_certs'] + ca_path = module.params['ca_path'] gitlab_user = module.params['api_username'] gitlab_password = module.params['api_password'] gitlab_token = module.params['api_token'] @@ -84,23 +86,25 @@ def gitlab_authentication(module): ensure_gitlab_package(module) + verify = ca_path if validate_certs and ca_path else validate_certs + try: # python-gitlab library remove support for username/password authentication since 1.13.0 # Changelog : https://github.com/python-gitlab/python-gitlab/releases/tag/v1.13.0 # This condition allow to still support older version of the python-gitlab library if LooseVersion(gitlab.__version__) < LooseVersion("1.13.0"): - gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, email=gitlab_user, password=gitlab_password, + gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, email=gitlab_user, password=gitlab_password, private_token=gitlab_token, api_version=4) else: # We can create an oauth_token using a username and password # https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow if gitlab_user: data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password} - resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=validate_certs) + resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify) resp_data = resp.json() gitlab_oauth_token = resp_data["access_token"] - gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, private_token=gitlab_token, + gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token, oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4) gitlab_instance.auth()