Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature(gitlab): add 'ca_path' option
Browse files Browse the repository at this point in the history
lgatellier committed Nov 3, 2023
1 parent 6d0bcec commit ca15091
Showing 3 changed files with 14 additions and 3 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/0000-gitlab-add-ca-path-option.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
features:
- gitlab modules - add ``ca_path`` option (https://github.com/ansible-collections/community.general/pull/0000).
5 changes: 5 additions & 0 deletions plugins/doc_fragments/gitlab.py
Original file line number Diff line number Diff line change
@@ -29,4 +29,9 @@ class ModuleDocFragment(object):
- GitLab CI job token for logging in.
type: str
version_added: 4.2.0
ca_path:
description:
- The CA certificates bundle to use to verify GitLab server certificate.
type: str
version_added: 8.1.0
'''
10 changes: 7 additions & 3 deletions plugins/module_utils/gitlab.py
Original file line number Diff line number Diff line change
@@ -34,6 +34,7 @@

def auth_argument_spec(spec=None):
arg_spec = (dict(
ca_path=dict(type='str'),
api_token=dict(type='str', no_log=True),
api_oauth_token=dict(type='str', no_log=True),
api_job_token=dict(type='str', no_log=True),
@@ -76,6 +77,7 @@ def ensure_gitlab_package(module):
def gitlab_authentication(module):
gitlab_url = module.params['api_url']
validate_certs = module.params['validate_certs']
ca_path = module.params['ca_path']
gitlab_user = module.params['api_username']
gitlab_password = module.params['api_password']
gitlab_token = module.params['api_token']
@@ -84,23 +86,25 @@ def gitlab_authentication(module):

ensure_gitlab_package(module)

verify = ca_path if validate_certs and ca_path else validate_certs

try:
# python-gitlab library remove support for username/password authentication since 1.13.0
# Changelog : https://github.com/python-gitlab/python-gitlab/releases/tag/v1.13.0
# This condition allow to still support older version of the python-gitlab library
if LooseVersion(gitlab.__version__) < LooseVersion("1.13.0"):
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, email=gitlab_user, password=gitlab_password,
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, email=gitlab_user, password=gitlab_password,
private_token=gitlab_token, api_version=4)
else:
# We can create an oauth_token using a username and password
# https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow
if gitlab_user:
data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password}
resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=validate_certs)
resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify)
resp_data = resp.json()
gitlab_oauth_token = resp_data["access_token"]

gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, private_token=gitlab_token,
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token,
oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4)

gitlab_instance.auth()

0 comments on commit ca15091

Please sign in to comment.