From 9ce100964366597e6c582186e79d412be6083017 Mon Sep 17 00:00:00 2001 From: Chris Frage Date: Mon, 20 Sep 2021 06:55:43 +0200 Subject: [PATCH] Add require_two_factor_authentication property to gitlab group (#3367) * feat: add require_two_factor_authentication property * chore: add changelog fragment * chore: add gitlab_group test tasks * chore: add gitlab tests * chore: add gitlab group tests * docs: apply suggestions * fix: removing default value --- ...uthentication-property-to-gitlab-group.yml | 2 ++ .../source_control/gitlab/gitlab_group.py | 13 +++++++++- .../targets/gitlab_group/tasks/main.yml | 25 +++++++++++++++++++ .../modules/source_control/gitlab/gitlab.py | 7 ++++-- .../gitlab/test_gitlab_group.py | 12 ++++++--- 5 files changed, 53 insertions(+), 6 deletions(-) create mode 100644 changelogs/fragments/3367-add-require_two_factor_authentication-property-to-gitlab-group.yml diff --git a/changelogs/fragments/3367-add-require_two_factor_authentication-property-to-gitlab-group.yml b/changelogs/fragments/3367-add-require_two_factor_authentication-property-to-gitlab-group.yml new file mode 100644 index 0000000000..c2f9e7181d --- /dev/null +++ b/changelogs/fragments/3367-add-require_two_factor_authentication-property-to-gitlab-group.yml @@ -0,0 +1,2 @@ +minor_changes: + - gitlab_group - add new property ``require_two_factor_authentication`` (https://github.com/ansible-collections/community.general/pull/3367). diff --git a/plugins/modules/source_control/gitlab/gitlab_group.py b/plugins/modules/source_control/gitlab/gitlab_group.py index cdf0f41b65..6ea252e7e0 100644 --- a/plugins/modules/source_control/gitlab/gitlab_group.py +++ b/plugins/modules/source_control/gitlab/gitlab_group.py @@ -78,6 +78,11 @@ options: choices: ["maintainer", "owner"] type: str version_added: 3.7.0 + require_two_factor_authentication: + description: + - Require all users in this group to setup two-factor authentication. + type: bool + version_added: 3.7.0 ''' EXAMPLES = ''' @@ -201,6 +206,7 @@ class GitLabGroup(object): 'project_creation_level': options['project_creation_level'], 'auto_devops_enabled': options['auto_devops_enabled'], 'subgroup_creation_level': options['subgroup_creation_level'], + 'require_two_factor_authentication': options['require_two_factor_authentication'], } if options.get('description'): payload['description'] = options['description'] @@ -214,6 +220,7 @@ class GitLabGroup(object): 'project_creation_level': options['project_creation_level'], 'auto_devops_enabled': options['auto_devops_enabled'], 'subgroup_creation_level': options['subgroup_creation_level'], + 'require_two_factor_authentication': options['require_two_factor_authentication'], }) self.groupObject = group @@ -299,6 +306,7 @@ def main(): project_creation_level=dict(type='str', choices=['developer', 'maintainer', 'noone']), auto_devops_enabled=dict(type='bool'), subgroup_creation_level=dict(type='str', choices=['maintainer', 'owner']), + require_two_factor_authentication=dict(type='bool'), )) module = AnsibleModule( @@ -325,6 +333,7 @@ def main(): project_creation_level = module.params['project_creation_level'] auto_devops_enabled = module.params['auto_devops_enabled'] subgroup_creation_level = module.params['subgroup_creation_level'] + require_two_factor_authentication = module.params['require_two_factor_authentication'] if not HAS_GITLAB_PACKAGE: module.fail_json(msg=missing_required_lib("python-gitlab"), exception=GITLAB_IMP_ERR) @@ -361,7 +370,9 @@ def main(): "visibility": group_visibility, "project_creation_level": project_creation_level, "auto_devops_enabled": auto_devops_enabled, - "subgroup_creation_level": subgroup_creation_level}): + "subgroup_creation_level": subgroup_creation_level, + "require_two_factor_authentication": require_two_factor_authentication, + }): module.exit_json(changed=True, msg="Successfully created or updated the group %s" % group_name, group=gitlab_group.groupObject._attrs) else: module.exit_json(changed=False, msg="No need to update the group %s" % group_name, group=gitlab_group.groupObject._attrs) diff --git a/tests/integration/targets/gitlab_group/tasks/main.yml b/tests/integration/targets/gitlab_group/tasks/main.yml index fbf8de29a0..0d17f6a9d4 100644 --- a/tests/integration/targets/gitlab_group/tasks/main.yml +++ b/tests/integration/targets/gitlab_group/tasks/main.yml @@ -97,3 +97,28 @@ assert: that: - gitlab_group_state_pcl.group.project_creation_level == "noone" + +- name: Cleanup GitLab Group for require_two_factor_authentication Test + gitlab_group: + api_url: "{{ gitlab_host }}" + validate_certs: false + api_token: "{{ gitlab_login_token }}" + name: ansible_test_group + path: ansible_test_group + state: absent + +- name: Create GitLab Group for project_creation_level Test + gitlab_group: + api_url: "{{ gitlab_host }}" + validate_certs: false + api_token: "{{ gitlab_login_token }}" + name: ansible_test_group + path: ansible_test_group + require_two_factor_authentication: true + state: present + register: gitlab_group_state_rtfa + +- name: Test group created with project_creation_level + assert: + that: + - gitlab_group_state_rtfa.group.require_two_factor_authentication == true diff --git a/tests/unit/plugins/modules/source_control/gitlab/gitlab.py b/tests/unit/plugins/modules/source_control/gitlab/gitlab.py index cca9ab5ae6..de51144069 100644 --- a/tests/unit/plugins/modules/source_control/gitlab/gitlab.py +++ b/tests/unit/plugins/modules/source_control/gitlab/gitlab.py @@ -195,6 +195,7 @@ def resp_get_group(url, request): '"web_url": "http://localhost:3000/groups/foo-bar", "request_access_enabled": false,' '"full_name": "Foobar Group", "full_path": "foo-bar",' '"project_creation_level": "maintainer", "subgroup_creation_level": "maintainer",' + '"require_two_factor_authentication": true,' '"file_template_project_id": 1, "parent_id": null, "projects": [{"id": 1,"description": null, "default_branch": "master",' '"ssh_url_to_repo": "git@example.com:diaspora/diaspora-client.git",' '"http_url_to_repo": "http://example.com/diaspora/diaspora-client.git",' @@ -227,7 +228,8 @@ def resp_create_group(url, request): '"web_url": "http://localhost:3000/groups/foo-bar", "request_access_enabled": false,' '"full_name": "Foobar Group", "full_path": "foo-bar",' '"file_template_project_id": 1, "parent_id": null,' - '"project_creation_level": "developer", "subgroup_creation_level": "maintainer"}') + '"project_creation_level": "developer", "subgroup_creation_level": "maintainer",' + '"require_two_factor_authentication": true}') content = content.encode("utf-8") return response(200, content, headers, None, 5, request) @@ -241,7 +243,8 @@ def resp_create_subgroup(url, request): '"web_url": "http://localhost:3000/groups/foo-bar/bar-foo", "request_access_enabled": false,' '"full_name": "BarFoo Group", "full_path": "foo-bar/bar-foo",' '"file_template_project_id": 1, "parent_id": 1,' - '"project_creation_level": "noone"}') + '"project_creation_level": "noone",' + '"require_two_factor_authentication": true}') content = content.encode("utf-8") return response(200, content, headers, None, 5, request) diff --git a/tests/unit/plugins/modules/source_control/gitlab/test_gitlab_group.py b/tests/unit/plugins/modules/source_control/gitlab/test_gitlab_group.py index 0b05f8a7ff..d4e53721ef 100644 --- a/tests/unit/plugins/modules/source_control/gitlab/test_gitlab_group.py +++ b/tests/unit/plugins/modules/source_control/gitlab/test_gitlab_group.py @@ -70,7 +70,8 @@ class TestGitlabGroup(GitlabModuleTestCase): 'path': "foo-bar", 'description': "An interesting group", 'project_creation_level': "developer", - 'subgroup_creation_level': "maintainer"}) + 'subgroup_creation_level': "maintainer", + 'require_two_factor_authentication': True}) self.assertEqual(type(group), Group) self.assertEqual(group.name, "Foobar Group") @@ -78,6 +79,7 @@ class TestGitlabGroup(GitlabModuleTestCase): self.assertEqual(group.description, "An interesting group") self.assertEqual(group.project_creation_level, "developer") self.assertEqual(group.subgroup_creation_level, "maintainer") + self.assertEqual(group.require_two_factor_authentication, True) self.assertEqual(group.id, 1) @with_httmock(resp_create_subgroup) @@ -85,12 +87,14 @@ class TestGitlabGroup(GitlabModuleTestCase): group = self.moduleUtil.createGroup({'name': "BarFoo Group", 'path': "bar-foo", 'parent_id': 1, - 'project_creation_level': "noone"}) + 'project_creation_level': "noone", + 'require_two_factor_authentication': True}) self.assertEqual(type(group), Group) self.assertEqual(group.name, "BarFoo Group") self.assertEqual(group.full_path, "foo-bar/bar-foo") self.assertEqual(group.project_creation_level, "noone") + self.assertEqual(group.require_two_factor_authentication, True) self.assertEqual(group.id, 2) self.assertEqual(group.parent_id, 1) @@ -99,12 +103,14 @@ class TestGitlabGroup(GitlabModuleTestCase): group = self.gitlab_instance.groups.get(1) changed, newGroup = self.moduleUtil.updateGroup(group, {'name': "BarFoo Group", 'visibility': "private", - 'project_creation_level': "maintainer"}) + 'project_creation_level': "maintainer", + 'require_two_factor_authentication': True}) self.assertEqual(changed, True) self.assertEqual(newGroup.name, "BarFoo Group") self.assertEqual(newGroup.visibility, "private") self.assertEqual(newGroup.project_creation_level, "maintainer") + self.assertEqual(newGroup.require_two_factor_authentication, True) changed, newGroup = self.moduleUtil.updateGroup(group, {'name': "BarFoo Group"})