ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-04-18 16:31:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

github_app_access_token: add support for private key fact (#8989)

Browse source 
* github_app_access_token: add support for private key fact

Adds support for specifying the GitHub App private key via an ansible
fact instead of a path to a file.

This is useful when you want to generate registration tokens for a
remote host but don't want to put secrets on the host.

* Add license file

* Fix pep8 formatting

* Add changelog fragment

* Run sanity tests on changelog

* Apply suggestions from code review

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>

* Add input validation check

* Add import

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add error for mutually exclusive options

* Update plugins/lookup/github_app_access_token.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
lewismiddleton 2024-10-21 19:53:18 +01:00 committed by GitHub
parent 9fb686fe35
commit 5b3b7a1fb1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 106 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

24
plugins/lookup/github_app_access_token.py
View file

@ -19,7 +19,7 @@ DOCUMENTATION = '''
key_path:
description:
- Path to your private key.
required: true
- Either O(key_path) or O(private_key) must be specified.
type: path
app_id:
description:
@ -34,6 +34,12 @@ DOCUMENTATION = '''
- Alternatively, you can use PyGithub (U(https://github.com/PyGithub/PyGithub)) to get your installation ID.
required: true
type: str
private_key:
description:
- GitHub App private key in PEM file format as string.
- Either O(key_path) or O(private_key) must be specified.
type: str
version_added: 10.0.0
token_expiry:
description:
- How long the token should last for in seconds.
@ -71,7 +77,7 @@ import time
import json
from ansible.module_utils.urls import open_url
from ansible.module_utils.six.moves.urllib.error import HTTPError
from ansible.errors import AnsibleError
from ansible.errors import AnsibleError, AnsibleOptionsError
from ansible.plugins.lookup import LookupBase
from ansible.utils.display import Display
@ -84,8 +90,10 @@ else:
display = Display()
def read_key(path):
def read_key(path, private_key=None):
try:
if private_key:
return jwk_from_pem(private_key.encode('utf-8'))
with open(path, 'rb') as pem_file:
return jwk_from_pem(pem_file.read())
except Exception as e:
@ -132,8 +140,8 @@ def post_request(generated_jwt, installation_id):
return json_data.get('token')
def get_token(key_path, app_id, installation_id, expiry=600):
jwk = read_key(key_path)
def get_token(key_path, app_id, installation_id, private_key, expiry=600):
jwk = read_key(key_path, private_key)
generated_jwt = encode_jwt(app_id, jwk, exp=expiry)
return post_request(generated_jwt, installation_id)
@ -146,10 +154,16 @@ class LookupModule(LookupBase):
self.set_options(var_options=variables, direct=kwargs)
if not (self.get_option("key_path") or self.get_option("private_key")):
raise AnsibleOptionsError("One of key_path or private_key is required")
if self.get_option("key_path") and self.get_option("private_key"):
raise AnsibleOptionsError("key_path and private_key are mutually exclusive")
t = get_token(
self.get_option('key_path'),
self.get_option('app_id'),
self.get_option('installation_id'),
self.get_option('private_key'),
self.get_option('token_expiry'),
)