mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
gitlab_user: add expires_at option (#2450)
* gitlab_user: add expires_at option * Add changelog * Add integration test * Add expires_at to addSshKeyToUser function * password is required if state is set to present * Check expires_at will not be added to a present ssh key * add documentation about present ssh key * add expires_at to unit tests * Improve documentation Co-authored-by: Felix Fontein <felix@fontein.de> * Only pass expires_at to api when it is not None * Emphasize on SSH public key * Apply felixfontein suggestion Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
ee9770cff7
commit
054eb90ae5
6 changed files with 172 additions and 14 deletions
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
minor_changes:
|
||||
- gitlab_user - add ``expires_at`` option (https://github.com/ansible-collections/community.general/issues/2325).
|
|
@ -57,16 +57,22 @@ options:
|
|||
type: str
|
||||
sshkey_name:
|
||||
description:
|
||||
- The name of the sshkey
|
||||
- The name of the SSH public key.
|
||||
type: str
|
||||
sshkey_file:
|
||||
description:
|
||||
- The ssh key itself.
|
||||
- The SSH public key itself.
|
||||
type: str
|
||||
sshkey_expires_at:
|
||||
description:
|
||||
- The expiration date of the SSH public key in ISO 8601 format C(YYYY-MM-DDTHH:MM:SSZ).
|
||||
- This is only used when adding new SSH public keys.
|
||||
type: str
|
||||
version_added: 3.1.0
|
||||
group:
|
||||
description:
|
||||
- Id or Full path of parent group in the form of group/name.
|
||||
- Add user as an member to this group.
|
||||
- Add user as a member to this group.
|
||||
type: str
|
||||
access_level:
|
||||
description:
|
||||
|
@ -254,7 +260,8 @@ class GitLabUser(object):
|
|||
if options['sshkey_name'] and options['sshkey_file']:
|
||||
key_changed = self.addSshKeyToUser(user, {
|
||||
'name': options['sshkey_name'],
|
||||
'file': options['sshkey_file']})
|
||||
'file': options['sshkey_file'],
|
||||
'expires_at': options['sshkey_expires_at']})
|
||||
changed = changed or key_changed
|
||||
|
||||
# Assign group
|
||||
|
@ -295,7 +302,7 @@ class GitLabUser(object):
|
|||
|
||||
'''
|
||||
@param user User object
|
||||
@param sshkey Dict containing sshkey infos {"name": "", "file": ""}
|
||||
@param sshkey Dict containing sshkey infos {"name": "", "file": "", "expires_at": ""}
|
||||
'''
|
||||
def addSshKeyToUser(self, user, sshkey):
|
||||
if not self.sshKeyExists(user, sshkey['name']):
|
||||
|
@ -303,9 +310,13 @@ class GitLabUser(object):
|
|||
return True
|
||||
|
||||
try:
|
||||
user.keys.create({
|
||||
parameter = {
|
||||
'title': sshkey['name'],
|
||||
'key': sshkey['file']})
|
||||
'key': sshkey['file'],
|
||||
}
|
||||
if sshkey['expires_at'] is not None:
|
||||
parameter['expires_at'] = sshkey['expires_at']
|
||||
user.keys.create(parameter)
|
||||
except gitlab.exceptions.GitlabCreateError as e:
|
||||
self._module.fail_json(msg="Failed to assign sshkey to user: %s" % to_native(e))
|
||||
return True
|
||||
|
@ -471,6 +482,7 @@ def main():
|
|||
email=dict(type='str'),
|
||||
sshkey_name=dict(type='str'),
|
||||
sshkey_file=dict(type='str', no_log=False),
|
||||
sshkey_expires_at=dict(type='str', no_log=False),
|
||||
group=dict(type='str'),
|
||||
access_level=dict(type='str', default="guest", choices=["developer", "guest", "maintainer", "master", "owner", "reporter"]),
|
||||
confirm=dict(type='bool', default=True),
|
||||
|
@ -503,6 +515,7 @@ def main():
|
|||
user_email = module.params['email']
|
||||
user_sshkey_name = module.params['sshkey_name']
|
||||
user_sshkey_file = module.params['sshkey_file']
|
||||
user_sshkey_expires_at = module.params['sshkey_expires_at']
|
||||
group_path = module.params['group']
|
||||
access_level = module.params['access_level']
|
||||
confirm = module.params['confirm']
|
||||
|
@ -549,6 +562,7 @@ def main():
|
|||
"email": user_email,
|
||||
"sshkey_name": user_sshkey_name,
|
||||
"sshkey_file": user_sshkey_file,
|
||||
"sshkey_expires_at": user_sshkey_expires_at,
|
||||
"group_path": group_path,
|
||||
"access_level": access_level,
|
||||
"confirm": confirm,
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
gitlab_user: ansible_test_user
|
||||
gitlab_user_pass: Secr3tPassw00rd
|
||||
gitlab_user_email: root@localhost
|
||||
gitlab_sshkey_name: ansibletest
|
||||
gitlab_sshkey_file: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDI8GIMlrirf+zsvBpxnF0daykP6YEJ5wytZXhDGD2dZXg9Tln0KUSDgreT3FDgoabjlOmG1L/nhu6ML76WCsmc/wnVMlXlDlQpVJSQ2PCxGNs9WRW7Y/Pk6t9KtV/VSYr0LaPgLEU8VkffSUBJezbKa1cssjb4CmRRqcePRNYpgCXdK05TEgFvmXl9qIM8Domf1ak1PlbyMmi/MytzHmnVFzxgUKv5c0Mr+vguCi131gPdh3QSf5AHPLEoO9LcMfu2IO1zvl61wYfsJ0Wn2Fncw+tJQfUin0ffTFgUIsGqki04/YjXyWynjSwQf5Jym4BYM0i2zlDUyRxs4/Tfp4yvJFik42ambzjLK6poq+iCpQReeYih9WZUaZwUQe7zYWhTOuoV7ydsk8+kDRMPidF9K5zWkQnglGrOzdbTqnhxNpwHCg2eSRJ49kPYLOH76g8P7IQvl+zluG0o8Nndir1WcYil4D4CCBskM8WbmrElZH1CRyP/NQMNIf4hFMItTjk= ansible@ansible
|
||||
gitlab_sshkey_expires_at: 2030-01-01T00:00:00.000Z
|
||||
|
|
|
@ -56,7 +56,7 @@
|
|||
- gitlab_user_state_again.user.is_admin == False
|
||||
|
||||
|
||||
- name: Update User Test => Make User Admin
|
||||
- name: Update User Test => Make User Admin
|
||||
gitlab_user:
|
||||
api_url: "{{ gitlab_host }}"
|
||||
email: "{{ gitlab_user_email }}"
|
||||
|
@ -189,8 +189,8 @@
|
|||
api_url: "{{ gitlab_host }}"
|
||||
validate_certs: False
|
||||
|
||||
# note: the only way to check if a password really is what it is expected
|
||||
# to be is to use it for login, so we use it here instead of the
|
||||
# note: the only way to check if a password really is what it is expected
|
||||
# to be is to use it for login, so we use it here instead of the
|
||||
# default token assuming that a user can always change its own password
|
||||
api_username: "{{ gitlab_user }}"
|
||||
api_password: "{{ gitlab_user_pass }}"
|
||||
|
@ -205,8 +205,8 @@
|
|||
- name: Check PW setting return state
|
||||
assert:
|
||||
that:
|
||||
# note: there is no way to determine if a password has changed or
|
||||
# not, so it can only be always yellow or always green, we
|
||||
# note: there is no way to determine if a password has changed or
|
||||
# not, so it can only be always yellow or always green, we
|
||||
# decided for always green for now
|
||||
- gitlab_user_state is not changed
|
||||
|
||||
|
@ -248,3 +248,5 @@
|
|||
assert:
|
||||
that:
|
||||
- gitlab_user_state is not changed
|
||||
|
||||
- include_tasks: sshkey.yml
|
||||
|
|
134
tests/integration/targets/gitlab_user/tasks/sshkey.yml
Normal file
134
tests/integration/targets/gitlab_user/tasks/sshkey.yml
Normal file
|
@ -0,0 +1,134 @@
|
|||
####################################################################
|
||||
# WARNING: These are designed specifically for Ansible tests #
|
||||
# and should not be used as examples of how to write Ansible roles #
|
||||
####################################################################
|
||||
|
||||
- name: Create gitlab user with sshkey credentials
|
||||
gitlab_user:
|
||||
api_url: "{{ gitlab_host }}"
|
||||
api_token: "{{ gitlab_login_token }}"
|
||||
email: "{{ gitlab_user_email }}"
|
||||
name: "{{ gitlab_user }}"
|
||||
username: "{{ gitlab_user }}"
|
||||
password: "{{ gitlab_user_pass }}"
|
||||
validate_certs: false
|
||||
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||
state: present
|
||||
register: gitlab_user_sshkey
|
||||
|
||||
- name: Check user has been created correctly
|
||||
assert:
|
||||
that:
|
||||
- gitlab_user_sshkey is changed
|
||||
|
||||
- name: Create gitlab user again
|
||||
gitlab_user:
|
||||
api_url: "{{ gitlab_host }}"
|
||||
api_token: "{{ gitlab_login_token }}"
|
||||
email: "{{ gitlab_user_email }}"
|
||||
name: "{{ gitlab_user }}"
|
||||
username: "{{ gitlab_user }}"
|
||||
password: "{{ gitlab_user_pass }}"
|
||||
validate_certs: false
|
||||
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||
state: present
|
||||
register: gitlab_user_sshkey_again
|
||||
|
||||
- name: Check state is not changed
|
||||
assert:
|
||||
that:
|
||||
- gitlab_user_sshkey_again is not changed
|
||||
|
||||
- name: Add expires_at to an already created gitlab user with ssh key
|
||||
gitlab_user:
|
||||
api_url: "{{ gitlab_host }}"
|
||||
api_token: "{{ gitlab_login_token }}"
|
||||
email: "{{ gitlab_user_email }}"
|
||||
name: "{{ gitlab_user }}"
|
||||
username: "{{ gitlab_user }}"
|
||||
password: "{{ gitlab_user_pass }}"
|
||||
validate_certs: false
|
||||
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||
sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
|
||||
state: present
|
||||
register: gitlab_user_created_user_sshkey_expires_at
|
||||
|
||||
- name: Check expires_at will not be added to a present ssh key
|
||||
assert:
|
||||
that:
|
||||
- gitlab_user_created_user_sshkey_expires_at is not changed
|
||||
|
||||
- name: Remove created gitlab user
|
||||
gitlab_user:
|
||||
api_url: "{{ gitlab_host }}"
|
||||
api_token: "{{ gitlab_login_token }}"
|
||||
email: "{{ gitlab_user_email }}"
|
||||
name: "{{ gitlab_user }}"
|
||||
username: "{{ gitlab_user }}"
|
||||
validate_certs: false
|
||||
state: absent
|
||||
register: gitlab_user_sshkey_remove
|
||||
|
||||
- name: Check user has been removed correctly
|
||||
assert:
|
||||
that:
|
||||
- gitlab_user_sshkey_remove is changed
|
||||
|
||||
- name: Create gitlab user with sshkey and expires_at
|
||||
gitlab_user:
|
||||
api_url: "{{ gitlab_host }}"
|
||||
api_token: "{{ gitlab_login_token }}"
|
||||
email: "{{ gitlab_user_email }}"
|
||||
name: "{{ gitlab_user }}"
|
||||
username: "{{ gitlab_user }}"
|
||||
password: "{{ gitlab_user_pass }}"
|
||||
validate_certs: false
|
||||
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||
sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
|
||||
state: present
|
||||
register: gitlab_user_sshkey_expires_at
|
||||
|
||||
- name: Check user has been created correctly
|
||||
assert:
|
||||
that:
|
||||
- gitlab_user_sshkey_expires_at is changed
|
||||
|
||||
- name: Create gitlab user with sshkey and expires_at again
|
||||
gitlab_user:
|
||||
api_url: "{{ gitlab_host }}"
|
||||
api_token: "{{ gitlab_login_token }}"
|
||||
email: "{{ gitlab_user_email }}"
|
||||
name: "{{ gitlab_user }}"
|
||||
username: "{{ gitlab_user }}"
|
||||
password: "{{ gitlab_user_pass }}"
|
||||
validate_certs: false
|
||||
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||
sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
|
||||
state: present
|
||||
register: gitlab_user_sshkey_expires_at_again
|
||||
|
||||
- name: Check state is not changed
|
||||
assert:
|
||||
that:
|
||||
- gitlab_user_sshkey_expires_at_again is not changed
|
||||
|
||||
- name: Remove created gitlab user
|
||||
gitlab_user:
|
||||
api_url: "{{ gitlab_host }}"
|
||||
api_token: "{{ gitlab_login_token }}"
|
||||
email: "{{ gitlab_user_email }}"
|
||||
name: "{{ gitlab_user }}"
|
||||
username: "{{ gitlab_user }}"
|
||||
validate_certs: false
|
||||
state: absent
|
||||
register: gitlab_user_sshkey_expires_at_remove
|
||||
|
||||
- name: Check user has been removed correctly
|
||||
assert:
|
||||
that:
|
||||
- gitlab_user_sshkey_expires_at_remove is changed
|
|
@ -144,7 +144,8 @@ class TestGitlabUser(GitlabModuleTestCase):
|
|||
'name': "Public key",
|
||||
'file': "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJe"
|
||||
"jgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4"
|
||||
"soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="})
|
||||
"soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
|
||||
'expires_at': ""})
|
||||
self.assertEqual(rvalue, False)
|
||||
|
||||
rvalue = self.moduleUtil.addSshKeyToUser(user, {
|
||||
|
@ -153,7 +154,8 @@ class TestGitlabUser(GitlabModuleTestCase):
|
|||
"dRuSuA5zszUJzYPPUSRAX3BCgTqLqYx//UuVncK7YqLVSbbwjKR2Ez5lISgCnVfLVEXzwhv+"
|
||||
"xawxKWmI7hJ5S0tOv6MJ+IxyTa4xcKwJTwB86z22n9fVOQeJTR2dSOH1WJrf0PvRk+KVNY2j"
|
||||
"TiGHTi9AIjLnyD/jWRpOgtdfkLRc8EzAWrWlgNmH2WOKBw6za0az6XoG75obUdFVdW3qcD0x"
|
||||
"c809OHLi7FDf+E7U4wiZJCFuUizMeXyuK/SkaE1aee4Qp5R4dxTR4TP9M1XAYkf+kF0W9srZ+mhF069XD/zhUPJsvwEF"})
|
||||
"c809OHLi7FDf+E7U4wiZJCFuUizMeXyuK/SkaE1aee4Qp5R4dxTR4TP9M1XAYkf+kF0W9srZ+mhF069XD/zhUPJsvwEF",
|
||||
'expires_at': "2027-01-01"})
|
||||
self.assertEqual(rvalue, True)
|
||||
|
||||
@with_httmock(resp_get_group)
|
||||
|
|
Loading…
Reference in a new issue