1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

feat(gitlab modules): remove basic auth (#8405)

BREAKING CHANGE : Remove basic auth against GitLab API
This commit is contained in:
Léo GATELLIER 2024-06-01 22:45:51 +02:00 committed by GitHub
parent 54df0c9b3a
commit 58ce19d2c2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 22 deletions

View file

@ -0,0 +1,2 @@
removed_features:
- gitlab modules - remove basic auth feature (https://github.com/ansible-collections/community.general/pull/8405).

View file

@ -111,29 +111,16 @@ def gitlab_authentication(module, min_version=None):
verify = ca_path if validate_certs and ca_path else validate_certs verify = ca_path if validate_certs and ca_path else validate_certs
try: try:
# python-gitlab library remove support for username/password authentication since 1.13.0 # We can create an oauth_token using a username and password
# Changelog : https://github.com/python-gitlab/python-gitlab/releases/tag/v1.13.0 # https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow
# This condition allow to still support older version of the python-gitlab library if gitlab_user:
if LooseVersion(gitlab.__version__) < LooseVersion("1.13.0"): data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password}
module.deprecate( resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify)
"GitLab basic auth is deprecated and will be removed in next major version, " resp_data = resp.json()
"using another auth method (API token or OAuth) is strongly recommended.", gitlab_oauth_token = resp_data["access_token"]
version='10.0.0',
collection_name='community.general')
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, email=gitlab_user, password=gitlab_password,
private_token=gitlab_token, api_version=4)
else:
# We can create an oauth_token using a username and password
# https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow
if gitlab_user:
data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password}
resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify)
resp_data = resp.json()
gitlab_oauth_token = resp_data["access_token"]
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token,
oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4)
gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token,
oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4)
gitlab_instance.auth() gitlab_instance.auth()
except (gitlab.exceptions.GitlabAuthenticationError, gitlab.exceptions.GitlabGetError) as e: except (gitlab.exceptions.GitlabAuthenticationError, gitlab.exceptions.GitlabGetError) as e:
module.fail_json(msg="Failed to connect to GitLab server: %s" % to_native(e)) module.fail_json(msg="Failed to connect to GitLab server: %s" % to_native(e))