Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ansible-galaxy collection publish ignores --token argument when custom galaxy server is configured #81698

Open
1 task done
mshonichev opened this issue Sep 14, 2023 · 4 comments
Open
1 task done

ansible-galaxy collection publish ignores --token argument when custom galaxy server is configured #81698

mshonichev opened this issue Sep 14, 2023 · 4 comments
Labels
affects_2.15 bug This issue/PR relates to a bug. P3 Priority 3 - Approved, No Time Limitation

Comments

@mshonichev
Copy link

mshonichev commented Sep 14, 2023
edited

Summary

When a custom Galaxy servers configured without token in ansible.cfg as follows:

[galaxy]
server_list = private
ignore_certs = yes

[galaxy_server.private]
url = https://MYSERVER.local/api

Then token passed via command line argument is not used at all,
e.g. ansible-galaxy collection publish --token <MYTOKEN> <MYCOLLECTION>.tar.gz
DOES NOT send Authorization: Token <MYTOKEN> header, that results in 401 authorisation error.

However, token IS sent when server url is also passed via command line argument, e.g.following command completes successfully:
ansible-galaxy collection publish --server https://MYSERVER.local/api --token <MYTOKEN> <MYCOLLECTION>.tar.gz

Also, token IS sent when token=<MYTOKEN> is set in the [galaxy_server.private] section, e.g.

[galaxy]
server_list = private
ignore_certs = yes

[galaxy_server.private]
url = https://MYSERVER.local/api
token = <MYTOKEN>

That issue is important for CI integration, because default configuration usually resides in git and secrets are usually passed as either environment variable or command line argument

Issue Type

Bug Report

Component Name

lib/ansible/galaxy

Ansible Version

$ ansible --version

ansible [core 2.15.4]
  config file = /Users/m.shonichev/ansible.cfg
  configured module search path = ['/Users/m.shonichev/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.11/site-packages/ansible
  ansible collection location = /Users/m.shonichev/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.11.4 (main, Jun 20 2023, 16:52:35) [Clang 13.0.0 (clang-1300.0.29.30)] (/usr/local/opt/python@3.11/bin/python3.11)
  jinja version = 3.1.2
  libyaml = True

Configuration

$ ansible-config dump --only-changed -t all
CONFIG_FILE() = /Users/m.shonichev/ansible.cfg
GALAXY_IGNORE_CERTS(/Users/m.shonichev/ansible.cfg) = True
GALAXY_SERVER_LIST(/Users/m.shonichev/ansible.cfg) = ['private']

OS / Environment

Mac OS

Steps to Reproduce

  1. deploy a Galaxy compatible REST API server with token authorization at some URL, e.g. https://galaxy-ng.local/
    https://github.com/ansible/galaxy_ng for example

  2. configure server URL in the ANSIBLE_CONFIG. Do NOT configure token in the config.

cat <<EOF >~/ansible.cfg        
[galaxy]
server_list = private
[galaxy_server.private]
url = https://galaxy-ng.local/api
EOF
  1. create a collection
ansible-galaxy collection init my.test
cd my/test
ansible-galaxy collection build
  1. try to publish collection, do NOT specify server URL, only pass authorisation token.
ansible-galaxy collection publish --token MYTOKEN my-test-*.tar.gz

Expected Results

I expect token to be correctly passed to the configured server and collection published successfully

Actual Results

token is not passed, 401 authorization error thrown

Using /Users/m.shonichev/ansible.cfg as config file
Publishing collection artifact '/Users/m.shonichev/my/test/my-test-1.0.0.tar.gz' to private https://galaxy-ng.local/api
ERROR! Error when publishing collection to private (https://galaxy-ng.local/api) (HTTP Code: 401, Message: UNAUTHORIZED Code: Unknown)

Code of Conduct

  • I agree to follow the Ansible Code of Conduct
@ansibot ansibot added bug This issue/PR relates to a bug. needs_triage Needs a first human triage before being processed. affects_2.15 labels Sep 14, 2023
@ansibot
Copy link
Contributor

ansibot commented Sep 14, 2023

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the component bot command.

@jborean93 jborean93 removed the needs_triage Needs a first human triage before being processed. label Sep 14, 2023
@jborean93
Copy link
Contributor

jborean93 commented Sep 14, 2023
edited

An option here is to apply the env var for the server token when you run the command

ANSIBLE_GALAXY_SERVER_PRIVATE_TOKEN=token_here ansible-galaxy collection publish ...

The reason why it currently does work is because --token is a very server specific setting and setting it on the cli will set on each server in the config without an explicit token option. The env var was viewed as a workaround at the time if you needed a token for a specific server but didn't want it in the config file.

As this is for publish it makes sense for --token to apply to the server selected if one isn't in the config. This would have to be fixed in the code.

@jborean93 jborean93 added the P3 Priority 3 - Approved, No Time Limitation label Sep 14, 2023
@mshonichev
Copy link
Author

Totally agree for the environment variable, but some CLI checks and warnings about misuse would be very helpful as well!

Thanks a lot!

@s-hertel s-hertel mentioned this issue Nov 21, 2023
Open
1 task
@onefourfive
Copy link

Reproduced in 2.17.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects_2.15 bug This issue/PR relates to a bug. P3 Priority 3 - Approved, No Time Limitation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ansibot @jborean93 @onefourfive @mshonichev