External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-03 09:48:51 -03:30
Code Issues Packages Projects Releases Wiki Activity

feat: 38589 GitHub App Authentication (#15807)

Browse Source 
* feat: 38589 GitHub App Authentication

Allows both git@<personal-token> and x-access-token@<github-access-token> when authenticating using git.
This allows GitHub App tokens to work without interfering with existing authentication types.

---------

Co-authored-by: Jake Jackson <thedoubl3j@Jakes-MacBook-Pro.local>
This commit is contained in:
Andrea Restle-Lay
2025-02-19 18:13:45 -05:00
committed by GitHub
parent e56752d55b
commit bf4d45452c
5 changed files with 27 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
awx/main/tests/unit/utils/test_common.py
View File

@@ -240,7 +240,15 @@ def test_extract_ansible_vars():
('git', 'https://example.com/bar.git', 'user', 'pw', True, False, 'https://user:pw@example.com/bar.git'), ('git', 'https://example.com/bar.git', 'user', 'pw', True, False, 'https://user:pw@example.com/bar.git'),
('git', 'https://example@example.com/bar.git', False, 'something', True, False, 'https://example.com/bar.git'), ('git', 'https://example@example.com/bar.git', False, 'something', True, False, 'https://example.com/bar.git'),
# Special github/bitbucket cases # Special github/bitbucket cases
('git', 'notgit@github.com:ansible/awx.git', True, True, True, False, ValueError('Username must be "git" for SSH access to github.com.')), (
'git',
'notgit@github.com:ansible/awx.git',
True,
True,
True,
False,
ValueError('Username must be "git" or "x-access-token" (for github app) for SSH access to github.com.'),
),
( (
'git', 'git',
'notgit@bitbucket.org:does-not-exist/example.git', 'notgit@bitbucket.org:does-not-exist/example.git',
@@ -248,7 +256,7 @@ def test_extract_ansible_vars():
True, True,
True, True,
False, False,
ValueError('Username must be "git" for SSH access to bitbucket.org.'), ValueError('Username must be "git" or "x-access-token" (for github app) for SSH access to bitbucket.org.'),
), ),
( (
'git', 'git',
@@ -257,7 +265,7 @@ def test_extract_ansible_vars():
True, True,
True, True,
False, False,
ValueError('Username must be "git" for SSH access to altssh.bitbucket.org.'), ValueError('Username must be "git" or "x-access-token" (for github app) for SSH access to altssh.bitbucket.org.'),
), ),
('git', 'git:password@github.com:ansible/awx.git', True, True, True, False, 'git+ssh://git@github.com/ansible/awx.git'), ('git', 'git:password@github.com:ansible/awx.git', True, True, True, False, 'git+ssh://git@github.com/ansible/awx.git'),
# Disabling the special handling should not raise an error # Disabling the special handling should not raise an error

19
awx/main/utils/common.py
View File

@@ -329,12 +329,19 @@ def update_scm_url(scm_type, url, username=True, password=True, check_special_ca
# Special handling for github/bitbucket SSH URLs. # Special handling for github/bitbucket SSH URLs.
if check_special_cases: if check_special_cases:
special_git_hosts = ('github.com', 'bitbucket.org', 'altssh.bitbucket.org') special_hosts = ('github.com', 'bitbucket.org', 'altssh.bitbucket.org')
if scm_type == 'git' and parts.scheme.endswith('ssh') and parts.hostname in special_git_hosts and netloc_username != 'git': allowed_git_usernames = {'git', 'x-access-token'}
raise ValueError(_('Username must be "git" for SSH access to %s.') % parts.hostname)
if scm_type == 'git' and parts.scheme.endswith('ssh') and parts.hostname in special_git_hosts and netloc_password: if scm_type == 'git' and parts.scheme.endswith('ssh'):
# raise ValueError('Password not allowed for SSH access to %s.' % parts.hostname) is_github_host = parts.hostname in special_hosts or parts.hostname.endswith('.github.com')
netloc_password = '' is_bitbucket_host = parts.hostname in special_hosts or parts.hostname.endswith('.bitbucket.com') or 'bitbucket' in parts.hostname
if is_github_host and netloc_username not in allowed_git_usernames:
raise ValueError(_('Username must be "git" or "x-access-token" (for github app) for SSH access to %s.') % parts.hostname)
if (is_github_host or is_bitbucket_host) and netloc_password:
# raise ValueError('Password not allowed for SSH access to %s.' % parts.hostname)
netloc_password = ''
if netloc_username and parts.scheme != 'file' and scm_type not in ("insights", "archive"): if netloc_username and parts.scheme != 'file' and scm_type not in ("insights", "archive"):
netloc = u':'.join([urllib.parse.quote(x, safe='') for x in (netloc_username, netloc_password) if x]) netloc = u':'.join([urllib.parse.quote(x, safe='') for x in (netloc_username, netloc_password) if x])

1
requirements/requirements.in
View File

@@ -1,3 +1,4 @@
aiohttp>=3.9.4 # CVE-2024-30251 aiohttp>=3.9.4 # CVE-2024-30251
ansi2html # Used to format the stdout from jobs into html for display ansi2html # Used to format the stdout from jobs into html for display
asciichartpy asciichartpy

1
requirements/requirements.txt
View File

@@ -528,4 +528,3 @@ setuptools==70.3.0
# setuptools-rust # setuptools-rust
# setuptools-scm # setuptools-scm
# zope-interface # zope-interface