mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
gitlab_user: add expires_at option (#2450)
* gitlab_user: add expires_at option * Add changelog * Add integration test * Add expires_at to addSshKeyToUser function * password is required if state is set to present * Check expires_at will not be added to a present ssh key * add documentation about present ssh key * add expires_at to unit tests * Improve documentation Co-authored-by: Felix Fontein <felix@fontein.de> * Only pass expires_at to api when it is not None * Emphasize on SSH public key * Apply felixfontein suggestion Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
ee9770cff7
commit
054eb90ae5
6 changed files with 172 additions and 14 deletions
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
minor_changes:
|
||||||
|
- gitlab_user - add ``expires_at`` option (https://github.com/ansible-collections/community.general/issues/2325).
|
|
@ -57,16 +57,22 @@ options:
|
||||||
type: str
|
type: str
|
||||||
sshkey_name:
|
sshkey_name:
|
||||||
description:
|
description:
|
||||||
- The name of the sshkey
|
- The name of the SSH public key.
|
||||||
type: str
|
type: str
|
||||||
sshkey_file:
|
sshkey_file:
|
||||||
description:
|
description:
|
||||||
- The ssh key itself.
|
- The SSH public key itself.
|
||||||
type: str
|
type: str
|
||||||
|
sshkey_expires_at:
|
||||||
|
description:
|
||||||
|
- The expiration date of the SSH public key in ISO 8601 format C(YYYY-MM-DDTHH:MM:SSZ).
|
||||||
|
- This is only used when adding new SSH public keys.
|
||||||
|
type: str
|
||||||
|
version_added: 3.1.0
|
||||||
group:
|
group:
|
||||||
description:
|
description:
|
||||||
- Id or Full path of parent group in the form of group/name.
|
- Id or Full path of parent group in the form of group/name.
|
||||||
- Add user as an member to this group.
|
- Add user as a member to this group.
|
||||||
type: str
|
type: str
|
||||||
access_level:
|
access_level:
|
||||||
description:
|
description:
|
||||||
|
@ -254,7 +260,8 @@ class GitLabUser(object):
|
||||||
if options['sshkey_name'] and options['sshkey_file']:
|
if options['sshkey_name'] and options['sshkey_file']:
|
||||||
key_changed = self.addSshKeyToUser(user, {
|
key_changed = self.addSshKeyToUser(user, {
|
||||||
'name': options['sshkey_name'],
|
'name': options['sshkey_name'],
|
||||||
'file': options['sshkey_file']})
|
'file': options['sshkey_file'],
|
||||||
|
'expires_at': options['sshkey_expires_at']})
|
||||||
changed = changed or key_changed
|
changed = changed or key_changed
|
||||||
|
|
||||||
# Assign group
|
# Assign group
|
||||||
|
@ -295,7 +302,7 @@ class GitLabUser(object):
|
||||||
|
|
||||||
'''
|
'''
|
||||||
@param user User object
|
@param user User object
|
||||||
@param sshkey Dict containing sshkey infos {"name": "", "file": ""}
|
@param sshkey Dict containing sshkey infos {"name": "", "file": "", "expires_at": ""}
|
||||||
'''
|
'''
|
||||||
def addSshKeyToUser(self, user, sshkey):
|
def addSshKeyToUser(self, user, sshkey):
|
||||||
if not self.sshKeyExists(user, sshkey['name']):
|
if not self.sshKeyExists(user, sshkey['name']):
|
||||||
|
@ -303,9 +310,13 @@ class GitLabUser(object):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
try:
|
try:
|
||||||
user.keys.create({
|
parameter = {
|
||||||
'title': sshkey['name'],
|
'title': sshkey['name'],
|
||||||
'key': sshkey['file']})
|
'key': sshkey['file'],
|
||||||
|
}
|
||||||
|
if sshkey['expires_at'] is not None:
|
||||||
|
parameter['expires_at'] = sshkey['expires_at']
|
||||||
|
user.keys.create(parameter)
|
||||||
except gitlab.exceptions.GitlabCreateError as e:
|
except gitlab.exceptions.GitlabCreateError as e:
|
||||||
self._module.fail_json(msg="Failed to assign sshkey to user: %s" % to_native(e))
|
self._module.fail_json(msg="Failed to assign sshkey to user: %s" % to_native(e))
|
||||||
return True
|
return True
|
||||||
|
@ -471,6 +482,7 @@ def main():
|
||||||
email=dict(type='str'),
|
email=dict(type='str'),
|
||||||
sshkey_name=dict(type='str'),
|
sshkey_name=dict(type='str'),
|
||||||
sshkey_file=dict(type='str', no_log=False),
|
sshkey_file=dict(type='str', no_log=False),
|
||||||
|
sshkey_expires_at=dict(type='str', no_log=False),
|
||||||
group=dict(type='str'),
|
group=dict(type='str'),
|
||||||
access_level=dict(type='str', default="guest", choices=["developer", "guest", "maintainer", "master", "owner", "reporter"]),
|
access_level=dict(type='str', default="guest", choices=["developer", "guest", "maintainer", "master", "owner", "reporter"]),
|
||||||
confirm=dict(type='bool', default=True),
|
confirm=dict(type='bool', default=True),
|
||||||
|
@ -503,6 +515,7 @@ def main():
|
||||||
user_email = module.params['email']
|
user_email = module.params['email']
|
||||||
user_sshkey_name = module.params['sshkey_name']
|
user_sshkey_name = module.params['sshkey_name']
|
||||||
user_sshkey_file = module.params['sshkey_file']
|
user_sshkey_file = module.params['sshkey_file']
|
||||||
|
user_sshkey_expires_at = module.params['sshkey_expires_at']
|
||||||
group_path = module.params['group']
|
group_path = module.params['group']
|
||||||
access_level = module.params['access_level']
|
access_level = module.params['access_level']
|
||||||
confirm = module.params['confirm']
|
confirm = module.params['confirm']
|
||||||
|
@ -549,6 +562,7 @@ def main():
|
||||||
"email": user_email,
|
"email": user_email,
|
||||||
"sshkey_name": user_sshkey_name,
|
"sshkey_name": user_sshkey_name,
|
||||||
"sshkey_file": user_sshkey_file,
|
"sshkey_file": user_sshkey_file,
|
||||||
|
"sshkey_expires_at": user_sshkey_expires_at,
|
||||||
"group_path": group_path,
|
"group_path": group_path,
|
||||||
"access_level": access_level,
|
"access_level": access_level,
|
||||||
"confirm": confirm,
|
"confirm": confirm,
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
gitlab_user: ansible_test_user
|
gitlab_user: ansible_test_user
|
||||||
gitlab_user_pass: Secr3tPassw00rd
|
gitlab_user_pass: Secr3tPassw00rd
|
||||||
gitlab_user_email: root@localhost
|
gitlab_user_email: root@localhost
|
||||||
|
gitlab_sshkey_name: ansibletest
|
||||||
|
gitlab_sshkey_file: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDI8GIMlrirf+zsvBpxnF0daykP6YEJ5wytZXhDGD2dZXg9Tln0KUSDgreT3FDgoabjlOmG1L/nhu6ML76WCsmc/wnVMlXlDlQpVJSQ2PCxGNs9WRW7Y/Pk6t9KtV/VSYr0LaPgLEU8VkffSUBJezbKa1cssjb4CmRRqcePRNYpgCXdK05TEgFvmXl9qIM8Domf1ak1PlbyMmi/MytzHmnVFzxgUKv5c0Mr+vguCi131gPdh3QSf5AHPLEoO9LcMfu2IO1zvl61wYfsJ0Wn2Fncw+tJQfUin0ffTFgUIsGqki04/YjXyWynjSwQf5Jym4BYM0i2zlDUyRxs4/Tfp4yvJFik42ambzjLK6poq+iCpQReeYih9WZUaZwUQe7zYWhTOuoV7ydsk8+kDRMPidF9K5zWkQnglGrOzdbTqnhxNpwHCg2eSRJ49kPYLOH76g8P7IQvl+zluG0o8Nndir1WcYil4D4CCBskM8WbmrElZH1CRyP/NQMNIf4hFMItTjk= ansible@ansible
|
||||||
|
gitlab_sshkey_expires_at: 2030-01-01T00:00:00.000Z
|
||||||
|
|
|
@ -248,3 +248,5 @@
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- gitlab_user_state is not changed
|
- gitlab_user_state is not changed
|
||||||
|
|
||||||
|
- include_tasks: sshkey.yml
|
||||||
|
|
134
tests/integration/targets/gitlab_user/tasks/sshkey.yml
Normal file
134
tests/integration/targets/gitlab_user/tasks/sshkey.yml
Normal file
|
@ -0,0 +1,134 @@
|
||||||
|
####################################################################
|
||||||
|
# WARNING: These are designed specifically for Ansible tests #
|
||||||
|
# and should not be used as examples of how to write Ansible roles #
|
||||||
|
####################################################################
|
||||||
|
|
||||||
|
- name: Create gitlab user with sshkey credentials
|
||||||
|
gitlab_user:
|
||||||
|
api_url: "{{ gitlab_host }}"
|
||||||
|
api_token: "{{ gitlab_login_token }}"
|
||||||
|
email: "{{ gitlab_user_email }}"
|
||||||
|
name: "{{ gitlab_user }}"
|
||||||
|
username: "{{ gitlab_user }}"
|
||||||
|
password: "{{ gitlab_user_pass }}"
|
||||||
|
validate_certs: false
|
||||||
|
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||||
|
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||||
|
state: present
|
||||||
|
register: gitlab_user_sshkey
|
||||||
|
|
||||||
|
- name: Check user has been created correctly
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_user_sshkey is changed
|
||||||
|
|
||||||
|
- name: Create gitlab user again
|
||||||
|
gitlab_user:
|
||||||
|
api_url: "{{ gitlab_host }}"
|
||||||
|
api_token: "{{ gitlab_login_token }}"
|
||||||
|
email: "{{ gitlab_user_email }}"
|
||||||
|
name: "{{ gitlab_user }}"
|
||||||
|
username: "{{ gitlab_user }}"
|
||||||
|
password: "{{ gitlab_user_pass }}"
|
||||||
|
validate_certs: false
|
||||||
|
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||||
|
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||||
|
state: present
|
||||||
|
register: gitlab_user_sshkey_again
|
||||||
|
|
||||||
|
- name: Check state is not changed
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_user_sshkey_again is not changed
|
||||||
|
|
||||||
|
- name: Add expires_at to an already created gitlab user with ssh key
|
||||||
|
gitlab_user:
|
||||||
|
api_url: "{{ gitlab_host }}"
|
||||||
|
api_token: "{{ gitlab_login_token }}"
|
||||||
|
email: "{{ gitlab_user_email }}"
|
||||||
|
name: "{{ gitlab_user }}"
|
||||||
|
username: "{{ gitlab_user }}"
|
||||||
|
password: "{{ gitlab_user_pass }}"
|
||||||
|
validate_certs: false
|
||||||
|
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||||
|
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||||
|
sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
|
||||||
|
state: present
|
||||||
|
register: gitlab_user_created_user_sshkey_expires_at
|
||||||
|
|
||||||
|
- name: Check expires_at will not be added to a present ssh key
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_user_created_user_sshkey_expires_at is not changed
|
||||||
|
|
||||||
|
- name: Remove created gitlab user
|
||||||
|
gitlab_user:
|
||||||
|
api_url: "{{ gitlab_host }}"
|
||||||
|
api_token: "{{ gitlab_login_token }}"
|
||||||
|
email: "{{ gitlab_user_email }}"
|
||||||
|
name: "{{ gitlab_user }}"
|
||||||
|
username: "{{ gitlab_user }}"
|
||||||
|
validate_certs: false
|
||||||
|
state: absent
|
||||||
|
register: gitlab_user_sshkey_remove
|
||||||
|
|
||||||
|
- name: Check user has been removed correctly
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_user_sshkey_remove is changed
|
||||||
|
|
||||||
|
- name: Create gitlab user with sshkey and expires_at
|
||||||
|
gitlab_user:
|
||||||
|
api_url: "{{ gitlab_host }}"
|
||||||
|
api_token: "{{ gitlab_login_token }}"
|
||||||
|
email: "{{ gitlab_user_email }}"
|
||||||
|
name: "{{ gitlab_user }}"
|
||||||
|
username: "{{ gitlab_user }}"
|
||||||
|
password: "{{ gitlab_user_pass }}"
|
||||||
|
validate_certs: false
|
||||||
|
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||||
|
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||||
|
sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
|
||||||
|
state: present
|
||||||
|
register: gitlab_user_sshkey_expires_at
|
||||||
|
|
||||||
|
- name: Check user has been created correctly
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_user_sshkey_expires_at is changed
|
||||||
|
|
||||||
|
- name: Create gitlab user with sshkey and expires_at again
|
||||||
|
gitlab_user:
|
||||||
|
api_url: "{{ gitlab_host }}"
|
||||||
|
api_token: "{{ gitlab_login_token }}"
|
||||||
|
email: "{{ gitlab_user_email }}"
|
||||||
|
name: "{{ gitlab_user }}"
|
||||||
|
username: "{{ gitlab_user }}"
|
||||||
|
password: "{{ gitlab_user_pass }}"
|
||||||
|
validate_certs: false
|
||||||
|
sshkey_name: "{{ gitlab_sshkey_name }}"
|
||||||
|
sshkey_file: "{{ gitlab_sshkey_file }}"
|
||||||
|
sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
|
||||||
|
state: present
|
||||||
|
register: gitlab_user_sshkey_expires_at_again
|
||||||
|
|
||||||
|
- name: Check state is not changed
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_user_sshkey_expires_at_again is not changed
|
||||||
|
|
||||||
|
- name: Remove created gitlab user
|
||||||
|
gitlab_user:
|
||||||
|
api_url: "{{ gitlab_host }}"
|
||||||
|
api_token: "{{ gitlab_login_token }}"
|
||||||
|
email: "{{ gitlab_user_email }}"
|
||||||
|
name: "{{ gitlab_user }}"
|
||||||
|
username: "{{ gitlab_user }}"
|
||||||
|
validate_certs: false
|
||||||
|
state: absent
|
||||||
|
register: gitlab_user_sshkey_expires_at_remove
|
||||||
|
|
||||||
|
- name: Check user has been removed correctly
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- gitlab_user_sshkey_expires_at_remove is changed
|
|
@ -144,7 +144,8 @@ class TestGitlabUser(GitlabModuleTestCase):
|
||||||
'name': "Public key",
|
'name': "Public key",
|
||||||
'file': "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJe"
|
'file': "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJe"
|
||||||
"jgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4"
|
"jgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4"
|
||||||
"soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="})
|
"soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
|
||||||
|
'expires_at': ""})
|
||||||
self.assertEqual(rvalue, False)
|
self.assertEqual(rvalue, False)
|
||||||
|
|
||||||
rvalue = self.moduleUtil.addSshKeyToUser(user, {
|
rvalue = self.moduleUtil.addSshKeyToUser(user, {
|
||||||
|
@ -153,7 +154,8 @@ class TestGitlabUser(GitlabModuleTestCase):
|
||||||
"dRuSuA5zszUJzYPPUSRAX3BCgTqLqYx//UuVncK7YqLVSbbwjKR2Ez5lISgCnVfLVEXzwhv+"
|
"dRuSuA5zszUJzYPPUSRAX3BCgTqLqYx//UuVncK7YqLVSbbwjKR2Ez5lISgCnVfLVEXzwhv+"
|
||||||
"xawxKWmI7hJ5S0tOv6MJ+IxyTa4xcKwJTwB86z22n9fVOQeJTR2dSOH1WJrf0PvRk+KVNY2j"
|
"xawxKWmI7hJ5S0tOv6MJ+IxyTa4xcKwJTwB86z22n9fVOQeJTR2dSOH1WJrf0PvRk+KVNY2j"
|
||||||
"TiGHTi9AIjLnyD/jWRpOgtdfkLRc8EzAWrWlgNmH2WOKBw6za0az6XoG75obUdFVdW3qcD0x"
|
"TiGHTi9AIjLnyD/jWRpOgtdfkLRc8EzAWrWlgNmH2WOKBw6za0az6XoG75obUdFVdW3qcD0x"
|
||||||
"c809OHLi7FDf+E7U4wiZJCFuUizMeXyuK/SkaE1aee4Qp5R4dxTR4TP9M1XAYkf+kF0W9srZ+mhF069XD/zhUPJsvwEF"})
|
"c809OHLi7FDf+E7U4wiZJCFuUizMeXyuK/SkaE1aee4Qp5R4dxTR4TP9M1XAYkf+kF0W9srZ+mhF069XD/zhUPJsvwEF",
|
||||||
|
'expires_at': "2027-01-01"})
|
||||||
self.assertEqual(rvalue, True)
|
self.assertEqual(rvalue, True)
|
||||||
|
|
||||||
@with_httmock(resp_get_group)
|
@with_httmock(resp_get_group)
|
||||||
|
|
Loading…
Reference in a new issue