You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Then token passed via command line argument is not used at all,
e.g. ansible-galaxy collection publish --token <MYTOKEN> <MYCOLLECTION>.tar.gz
DOES NOT send Authorization: Token <MYTOKEN> header, that results in 401 authorisation error.
However, token IS sent when server url is also passed via command line argument, e.g.following command completes successfully: ansible-galaxy collection publish --server https://MYSERVER.local/api --token <MYTOKEN> <MYCOLLECTION>.tar.gz
Also, token IS sent when token=<MYTOKEN> is set in the [galaxy_server.private] section, e.g.
That issue is important for CI integration, because default configuration usually resides in git and secrets are usually passed as either environment variable or command line argument
deploy a Galaxy compatible REST API server with token authorization at some URL, e.g. https://galaxy-ng.local/ https://github.com/ansible/galaxy_ng for example
configure server URL in the ANSIBLE_CONFIG. Do NOT configure token in the config.
I expect token to be correctly passed to the configured server and collection published successfully
Actual Results
token is not passed, 401 authorization error thrown
Using /Users/m.shonichev/ansible.cfg as config filePublishing collection artifact '/Users/m.shonichev/my/test/my-test-1.0.0.tar.gz' to private https://galaxy-ng.local/apiERROR! Error when publishing collection to private (https://galaxy-ng.local/api) (HTTP Code: 401, Message: UNAUTHORIZED Code: Unknown)
Code of Conduct
I agree to follow the Ansible Code of Conduct
The text was updated successfully, but these errors were encountered:
The reason why it currently does work is because --token is a very server specific setting and setting it on the cli will set on each server in the config without an explicit token option. The env var was viewed as a workaround at the time if you needed a token for a specific server but didn't want it in the config file.
As this is for publish it makes sense for --token to apply to the server selected if one isn't in the config. This would have to be fixed in the code.
Summary
When a custom Galaxy servers configured without token in
ansible.cfg
as follows:Then token passed via command line argument is not used at all,
e.g.
ansible-galaxy collection publish --token <MYTOKEN> <MYCOLLECTION>.tar.gz
DOES NOT send
Authorization: Token <MYTOKEN>
header, that results in 401 authorisation error.However, token IS sent when server url is also passed via command line argument, e.g.following command completes successfully:
ansible-galaxy collection publish --server https://MYSERVER.local/api --token <MYTOKEN> <MYCOLLECTION>.tar.gz
Also, token IS sent when
token=<MYTOKEN>
is set in the[galaxy_server.private]
section, e.g.That issue is important for CI integration, because default configuration usually resides in git and secrets are usually passed as either environment variable or command line argument
Issue Type
Bug Report
Component Name
lib/ansible/galaxy
Ansible Version
Configuration
OS / Environment
Mac OS
Steps to Reproduce
deploy a Galaxy compatible REST API server with token authorization at some URL, e.g.
https://galaxy-ng.local/
https://github.com/ansible/galaxy_ng for example
configure server URL in the ANSIBLE_CONFIG. Do NOT configure token in the config.
ansible-galaxy collection init my.test cd my/test ansible-galaxy collection build
ansible-galaxy collection publish --token MYTOKEN my-test-*.tar.gz
Expected Results
I expect token to be correctly passed to the configured server and collection published successfully
Actual Results
token is not passed, 401 authorization error thrown
Code of Conduct
The text was updated successfully, but these errors were encountered: