From e0489d738af2b1000e574b87cc6017e8a8f12d87 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Mon, 13 Nov 2023 20:21:43 +0100 Subject: [PATCH] [PR #7472/567c7d18 backport][stable-8] feature(gitlab): add 'ca_path' option (#7487) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit feature(gitlab): add 'ca_path' option (#7472) (cherry picked from commit 567c7d183977a97cb5939dcb6d5ec8d313365c67) Co-authored-by: Léo GATELLIER <26511053+lgatellier@users.noreply.github.com> --- .../fragments/7472-gitlab-add-ca-path-option.yml | 2 ++ plugins/doc_fragments/gitlab.py | 5 +++++ plugins/module_utils/gitlab.py | 10 +++++++--- 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/7472-gitlab-add-ca-path-option.yml diff --git a/changelogs/fragments/7472-gitlab-add-ca-path-option.yml b/changelogs/fragments/7472-gitlab-add-ca-path-option.yml new file mode 100644 index 0000000000..48c041ea31 --- /dev/null +++ b/changelogs/fragments/7472-gitlab-add-ca-path-option.yml @@ -0,0 +1,2 @@ +minor_changes: + - gitlab modules - add ``ca_path`` option (https://github.com/ansible-collections/community.general/pull/7472). diff --git a/plugins/doc_fragments/gitlab.py b/plugins/doc_fragments/gitlab.py index 705a93c023..c6434c0ced 100644 --- a/plugins/doc_fragments/gitlab.py +++ b/plugins/doc_fragments/gitlab.py @@ -29,4 +29,9 @@ options: - GitLab CI job token for logging in. type: str version_added: 4.2.0 + ca_path: + description: + - The CA certificates bundle to use to verify GitLab server certificate. + type: str + version_added: 8.1.0 ''' diff --git a/plugins/module_utils/gitlab.py b/plugins/module_utils/gitlab.py index 8c8aab420a..5ed57c099e 100644 --- a/plugins/module_utils/gitlab.py +++ b/plugins/module_utils/gitlab.py @@ -34,6 +34,7 @@ except Exception: def auth_argument_spec(spec=None): arg_spec = (dict( + ca_path=dict(type='str'), api_token=dict(type='str', no_log=True), api_oauth_token=dict(type='str', no_log=True), api_job_token=dict(type='str', no_log=True), @@ -76,6 +77,7 @@ def ensure_gitlab_package(module): def gitlab_authentication(module): gitlab_url = module.params['api_url'] validate_certs = module.params['validate_certs'] + ca_path = module.params['ca_path'] gitlab_user = module.params['api_username'] gitlab_password = module.params['api_password'] gitlab_token = module.params['api_token'] @@ -84,23 +86,25 @@ def gitlab_authentication(module): ensure_gitlab_package(module) + verify = ca_path if validate_certs and ca_path else validate_certs + try: # python-gitlab library remove support for username/password authentication since 1.13.0 # Changelog : https://github.com/python-gitlab/python-gitlab/releases/tag/v1.13.0 # This condition allow to still support older version of the python-gitlab library if LooseVersion(gitlab.__version__) < LooseVersion("1.13.0"): - gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, email=gitlab_user, password=gitlab_password, + gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, email=gitlab_user, password=gitlab_password, private_token=gitlab_token, api_version=4) else: # We can create an oauth_token using a username and password # https://docs.gitlab.com/ee/api/oauth2.html#authorization-code-flow if gitlab_user: data = {'grant_type': 'password', 'username': gitlab_user, 'password': gitlab_password} - resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=validate_certs) + resp = requests.post(urljoin(gitlab_url, "oauth/token"), data=data, verify=verify) resp_data = resp.json() gitlab_oauth_token = resp_data["access_token"] - gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=validate_certs, private_token=gitlab_token, + gitlab_instance = gitlab.Gitlab(url=gitlab_url, ssl_verify=verify, private_token=gitlab_token, oauth_token=gitlab_oauth_token, job_token=gitlab_job_token, api_version=4) gitlab_instance.auth()