gitlab_user: add expires_at option (#2450)

* gitlab_user: add expires_at option * Add changelog * Add integration test * Add expires_at to addSshKeyToUser function * password is required if state is set to present * Check expires_at will not be added to a present ssh key * add documentation about present ssh key * add expires_at to unit tests * Improve documentation Co-authored-by: Felix Fontein <felix@fontein.de> * Only pass expires_at to api when it is not None * Emphasize on SSH public key * Apply felixfontein suggestion Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
2025-07-08 14:20:04 -07:00 · 2021-05-14 12:30:59 +04:30 · 2021-05-14 12:30:59 +04:30 · 054eb90ae5
commit 054eb90ae5
parent ee9770cff7
6 changed files with 172 additions and 14 deletions
--- a/tests/integration/targets/gitlab_user/defaults/main.yml
+++ b/tests/integration/targets/gitlab_user/defaults/main.yml
@ -1,3 +1,6 @@
 gitlab_user: ansible_test_user
 gitlab_user_pass: Secr3tPassw00rd
 gitlab_user_email: root@localhost
+gitlab_sshkey_name: ansibletest
+gitlab_sshkey_file: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDI8GIMlrirf+zsvBpxnF0daykP6YEJ5wytZXhDGD2dZXg9Tln0KUSDgreT3FDgoabjlOmG1L/nhu6ML76WCsmc/wnVMlXlDlQpVJSQ2PCxGNs9WRW7Y/Pk6t9KtV/VSYr0LaPgLEU8VkffSUBJezbKa1cssjb4CmRRqcePRNYpgCXdK05TEgFvmXl9qIM8Domf1ak1PlbyMmi/MytzHmnVFzxgUKv5c0Mr+vguCi131gPdh3QSf5AHPLEoO9LcMfu2IO1zvl61wYfsJ0Wn2Fncw+tJQfUin0ffTFgUIsGqki04/YjXyWynjSwQf5Jym4BYM0i2zlDUyRxs4/Tfp4yvJFik42ambzjLK6poq+iCpQReeYih9WZUaZwUQe7zYWhTOuoV7ydsk8+kDRMPidF9K5zWkQnglGrOzdbTqnhxNpwHCg2eSRJ49kPYLOH76g8P7IQvl+zluG0o8Nndir1WcYil4D4CCBskM8WbmrElZH1CRyP/NQMNIf4hFMItTjk= ansible@ansible
+gitlab_sshkey_expires_at: 2030-01-01T00:00:00.000Z
--- a/tests/integration/targets/gitlab_user/tasks/main.yml
+++ b/tests/integration/targets/gitlab_user/tasks/main.yml
@ -56,7 +56,7 @@
      - gitlab_user_state_again.user.is_admin == False


- name: Update User Test => Make User Admin 
+- name: Update User Test => Make User Admin
  gitlab_user:
    api_url: "{{ gitlab_host }}"
    email: "{{ gitlab_user_email }}"
@ -189,8 +189,8 @@
    api_url: "{{ gitlab_host }}"
    validate_certs: False

-    # note: the only way to check if a password really is what it is expected 
-    #   to be is to use it for login, so we use it here instead of the 
+    # note: the only way to check if a password really is what it is expected
+    #   to be is to use it for login, so we use it here instead of the
    #   default token assuming that a user can always change its own password
    api_username: "{{ gitlab_user }}"
    api_password: "{{ gitlab_user_pass }}"
@ -205,8 +205,8 @@
 - name: Check PW setting return state
  assert:
    that:
-        # note: there is no way to determine if a password has changed or 
-        #   not, so it can only be always yellow or always green, we 
+        # note: there is no way to determine if a password has changed or
+        #   not, so it can only be always yellow or always green, we
        #   decided for always green for now
      - gitlab_user_state is not changed

@ -248,3 +248,5 @@
  assert:
    that:
      - gitlab_user_state is not changed
+
+- include_tasks: sshkey.yml
--- a/tests/integration/targets/gitlab_user/tasks/sshkey.yml
+++ b/tests/integration/targets/gitlab_user/tasks/sshkey.yml
@ -0,0 +1,134 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests       #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- name: Create gitlab user with sshkey credentials
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    api_token: "{{ gitlab_login_token }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: "{{ gitlab_user_pass }}"
+    validate_certs: false
+    sshkey_name: "{{ gitlab_sshkey_name }}"
+    sshkey_file: "{{ gitlab_sshkey_file }}"
+    state: present
+  register: gitlab_user_sshkey
+
+- name: Check user has been created correctly
+  assert:
+    that:
+      - gitlab_user_sshkey is changed
+
+- name: Create gitlab user again
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    api_token: "{{ gitlab_login_token }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: "{{ gitlab_user_pass }}"
+    validate_certs: false
+    sshkey_name: "{{ gitlab_sshkey_name }}"
+    sshkey_file: "{{ gitlab_sshkey_file }}"
+    state: present
+  register: gitlab_user_sshkey_again
+
+- name: Check state is not changed
+  assert:
+    that:
+      - gitlab_user_sshkey_again is not changed
+
+- name: Add expires_at to an already created gitlab user with ssh key
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    api_token: "{{ gitlab_login_token }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: "{{ gitlab_user_pass }}"
+    validate_certs: false
+    sshkey_name: "{{ gitlab_sshkey_name }}"
+    sshkey_file: "{{ gitlab_sshkey_file }}"
+    sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
+    state: present
+  register: gitlab_user_created_user_sshkey_expires_at
+
+- name: Check expires_at will not be added to a present ssh key
+  assert:
+    that:
+      - gitlab_user_created_user_sshkey_expires_at is not changed
+
+- name: Remove created gitlab user
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    api_token: "{{ gitlab_login_token }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    validate_certs: false
+    state: absent
+  register: gitlab_user_sshkey_remove
+
+- name: Check user has been removed correctly
+  assert:
+    that:
+      - gitlab_user_sshkey_remove is changed
+
+- name: Create gitlab user with sshkey and expires_at
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    api_token: "{{ gitlab_login_token }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: "{{ gitlab_user_pass }}"
+    validate_certs: false
+    sshkey_name: "{{ gitlab_sshkey_name }}"
+    sshkey_file: "{{ gitlab_sshkey_file }}"
+    sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
+    state: present
+  register: gitlab_user_sshkey_expires_at
+
+- name: Check user has been created correctly
+  assert:
+    that:
+      - gitlab_user_sshkey_expires_at is changed
+
+- name: Create gitlab user with sshkey and expires_at again
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    api_token: "{{ gitlab_login_token }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    password: "{{ gitlab_user_pass }}"
+    validate_certs: false
+    sshkey_name: "{{ gitlab_sshkey_name }}"
+    sshkey_file: "{{ gitlab_sshkey_file }}"
+    sshkey_expires_at: "{{ gitlab_sshkey_expires_at }}"
+    state: present
+  register: gitlab_user_sshkey_expires_at_again
+
+- name: Check state is not changed
+  assert:
+    that:
+      - gitlab_user_sshkey_expires_at_again is not changed
+
+- name: Remove created gitlab user
+  gitlab_user:
+    api_url: "{{ gitlab_host }}"
+    api_token: "{{ gitlab_login_token }}"
+    email: "{{ gitlab_user_email }}"
+    name: "{{ gitlab_user }}"
+    username: "{{ gitlab_user }}"
+    validate_certs: false
+    state: absent
+  register: gitlab_user_sshkey_expires_at_remove
+
+- name: Check user has been removed correctly
+  assert:
+    that:
+      - gitlab_user_sshkey_expires_at_remove is changed
--- a/tests/unit/plugins/modules/source_control/gitlab/test_gitlab_user.py
+++ b/tests/unit/plugins/modules/source_control/gitlab/test_gitlab_user.py
@ -144,7 +144,8 @@ class TestGitlabUser(GitlabModuleTestCase):
            'name': "Public key",
            'file': "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJe"
                    "jgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4"
-                    "soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="})
+                    "soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=",
+            'expires_at': ""})
        self.assertEqual(rvalue, False)

        rvalue = self.moduleUtil.addSshKeyToUser(user, {
@ -153,7 +154,8 @@ class TestGitlabUser(GitlabModuleTestCase):
                    "dRuSuA5zszUJzYPPUSRAX3BCgTqLqYx//UuVncK7YqLVSbbwjKR2Ez5lISgCnVfLVEXzwhv+"
                    "xawxKWmI7hJ5S0tOv6MJ+IxyTa4xcKwJTwB86z22n9fVOQeJTR2dSOH1WJrf0PvRk+KVNY2j"
                    "TiGHTi9AIjLnyD/jWRpOgtdfkLRc8EzAWrWlgNmH2WOKBw6za0az6XoG75obUdFVdW3qcD0x"
-                    "c809OHLi7FDf+E7U4wiZJCFuUizMeXyuK/SkaE1aee4Qp5R4dxTR4TP9M1XAYkf+kF0W9srZ+mhF069XD/zhUPJsvwEF"})
+                    "c809OHLi7FDf+E7U4wiZJCFuUizMeXyuK/SkaE1aee4Qp5R4dxTR4TP9M1XAYkf+kF0W9srZ+mhF069XD/zhUPJsvwEF",
+            'expires_at': "2027-01-01"})
        self.assertEqual(rvalue, True)

    @with_httmock(resp_get_group)