ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-10-03 15:04:02 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

[PR #10787/3574b3fa backport][stable-11] gitlab_*_variable: support masked-and-hidden variables (#10801)

Browse source 
gitlab_*_variable: support masked-and-hidden variables (#10787)

* gitlab_*_variable: support masked-and-hidden variables

Support masking and hiding GitLab project and group variables. In the
GitLab API, variables that are hidden are also masked by implication.
Note gitlab_instance_variable is unmodified since instance variables
cannot be hidden.

* gitlab_*_variable: add `hidden` to legacy `vars` syntax

* gitlab_*_variable: address review comments in doc

(cherry picked from commit 3574b3fa93)

Co-authored-by: David Phillips <phillid@users.noreply.github.com>
This commit is contained in:
patchback[bot] 2025-09-08 18:54:38 +02:00 committed by GitHub
commit 88f0a4c770
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 42 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
changelogs/fragments/10787-gitlab-variable-support-masked-and-hidden-variables.yml Normal file
View file

@ -0,0 +1,3 @@
minor_changes:
- gitlab_group_variable - support masked-and-hidden variables (https://github.com/ansible-collections/community.general/pull/10787).
- gitlab_project_variable - support masked-and-hidden variables (https://github.com/ansible-collections/community.general/pull/10787).

4
plugins/module_utils/gitlab.py
View file

@ -134,7 +134,7 @@ def gitlab_authentication(module, min_version=None):
def filter_returned_variables(gitlab_variables): def filter_returned_variables(gitlab_variables):
# pop properties we don't know # pop properties we don't know
existing_variables = [dict(x.attributes) for x in gitlab_variables] existing_variables = [dict(x.attributes) for x in gitlab_variables]
KNOWN = ['key', 'value', 'masked', 'protected', 'variable_type', 'environment_scope', 'raw'] KNOWN = ['key', 'value', 'masked', 'hidden', 'protected', 'variable_type', 'environment_scope', 'raw']
for item in existing_variables: for item in existing_variables:
for key in list(item.keys()): for key in list(item.keys()):
if key not in KNOWN: if key not in KNOWN:
@ -153,6 +153,7 @@ def vars_to_variables(vars, module):
"value": str(value), "value": str(value),
"masked": False, "masked": False,
"protected": False, "protected": False,
"hidden": False,
"raw": False, "raw": False,
"variable_type": "env_var", "variable_type": "env_var",
} }
@ -163,6 +164,7 @@ def vars_to_variables(vars, module):
"name": item, "name": item,
"value": value.get('value'), "value": value.get('value'),
"masked": value.get('masked'), "masked": value.get('masked'),
"hidden": value.get('hidden'),
"protected": value.get('protected'), "protected": value.get('protected'),
"raw": value.get('raw'), "raw": value.get('raw'),
"variable_type": value.get('variable_type'), "variable_type": value.get('variable_type'),

22
plugins/modules/gitlab_group_variable.py
View file

@ -15,7 +15,8 @@ short_description: Creates, updates, or deletes GitLab groups variables
version_added: 1.2.0 version_added: 1.2.0
description: description:
- Creates a group variable if it does not exist. - Creates a group variable if it does not exist.
- When a group variable does exist, its value is updated when the values are different. - When a group variable does exist and is not hidden, its value is updated when the values are different.
When a group variable does exist and is hidden, its value is updated. In this case, the module is B(not idempotent).
- Variables which are untouched in the playbook, but are not untouched in the GitLab group, they stay untouched (O(purge=false)) - Variables which are untouched in the playbook, but are not untouched in the GitLab group, they stay untouched (O(purge=false))
or are deleted (O(purge=true)). or are deleted (O(purge=true)).
author: author:
@ -52,13 +53,14 @@ options:
type: bool type: bool
vars: vars:
description: description:
- When the list element is a simple key-value pair, masked, raw and protected are set to V(false). - When the list element is a simple key-value pair, C(masked), C(hidden), C(raw), and C(protected) are set to V(false).
- When the list element is a dict with the keys C(value), C(masked), C(raw) and C(protected), the user can have full - When the list element is a dict with the keys C(value), C(masked), C(hidden), C(raw), and C(protected), the user can have full
control about whether a value should be masked, raw, protected or both. control about whether a value should be masked, hidden, raw, protected, or a combination.
- Support for group variables requires GitLab >= 9.5. - Support for group variables requires GitLab >= 9.5.
- Support for environment_scope requires GitLab Premium >= 13.11. - Support for environment_scope requires GitLab Premium >= 13.11.
- Support for protected values requires GitLab >= 9.3. - Support for protected values requires GitLab >= 9.3.
- Support for masked values requires GitLab >= 11.10. - Support for masked values requires GitLab >= 11.10.
- Support for hidden values requires GitLab >= 17.4, and was added in community.general 11.3.0.
- Support for raw values requires GitLab >= 15.7. - Support for raw values requires GitLab >= 15.7.
- A C(value) must be a string or a number. - A C(value) must be a string or a number.
- Field C(variable_type) must be a string with either V(env_var), which is the default, or V(file). - Field C(variable_type) must be a string with either V(env_var), which is the default, or V(file).
@ -90,6 +92,14 @@ options:
- Whether variable value is masked or not. - Whether variable value is masked or not.
type: bool type: bool
default: false default: false
hidden:
description:
- Whether variable value is hidden or not.
- Implies C(masked).
- Support for hidden values requires GitLab >= 17.4.
type: bool
default: false
version_added: '11.3.0'
protected: protected:
description: description:
- Whether variable value is protected or not. - Whether variable value is protected or not.
@ -231,6 +241,7 @@ class GitlabGroupVariables(object):
"key": var_obj.get('key'), "key": var_obj.get('key'),
"value": var_obj.get('value'), "value": var_obj.get('value'),
"masked": var_obj.get('masked'), "masked": var_obj.get('masked'),
"masked_and_hidden": var_obj.get('hidden'),
"protected": var_obj.get('protected'), "protected": var_obj.get('protected'),
"raw": var_obj.get('raw'), "raw": var_obj.get('raw'),
"variable_type": var_obj.get('variable_type'), "variable_type": var_obj.get('variable_type'),
@ -305,6 +316,8 @@ def native_python_main(this_gitlab, purge, requested_variables, state, module):
item['raw'] = False item['raw'] = False
if item.get('masked') is None: if item.get('masked') is None:
item['masked'] = False item['masked'] = False
if item.get('hidden') is None:
item['hidden'] = False
if item.get('environment_scope') is None: if item.get('environment_scope') is None:
item['environment_scope'] = '*' item['environment_scope'] = '*'
if item.get('variable_type') is None: if item.get('variable_type') is None:
@ -380,6 +393,7 @@ def main():
name=dict(type='str', required=True), name=dict(type='str', required=True),
value=dict(type='str', no_log=True), value=dict(type='str', no_log=True),
masked=dict(type='bool', default=False), masked=dict(type='bool', default=False),
hidden=dict(type='bool', default=False),
protected=dict(type='bool', default=False), protected=dict(type='bool', default=False),
raw=dict(type='bool', default=False), raw=dict(type='bool', default=False),
environment_scope=dict(type='str', default='*'), environment_scope=dict(type='str', default='*'),

22
plugins/modules/gitlab_project_variable.py
View file

@ -12,7 +12,8 @@ module: gitlab_project_variable
short_description: Creates/updates/deletes GitLab Projects Variables short_description: Creates/updates/deletes GitLab Projects Variables
description: description:
- When a project variable does not exist, it is created. - When a project variable does not exist, it is created.
- When a project variable does exist, its value is updated when the values are different. - When a project variable does exist and is not hidden, its value is updated when the values are different.
When a project variable does exist and is hidden, its value is updated. In this case, the module is B(not idempotent).
- Variables which are untouched in the playbook, but are not untouched in the GitLab project, they stay untouched (O(purge=false)) - Variables which are untouched in the playbook, but are not untouched in the GitLab project, they stay untouched (O(purge=false))
or are deleted (O(purge=true)). or are deleted (O(purge=true)).
author: author:
@ -50,11 +51,12 @@ options:
type: bool type: bool
vars: vars:
description: description:
- When the list element is a simple key-value pair, masked, raw and protected are set to V(false). - When the list element is a simple key-value pair, C(masked), C(hidden), C(raw), and C(protected) are set to V(false).
- When the list element is a dict with the keys C(value), C(masked), C(raw) and C(protected), the user can have full - When the list element is a dict with the keys C(value), C(masked), C(hidden), C(raw), and C(protected), the user can have full
control about whether a value should be masked, raw, protected or both. control about whether a value should be masked, hidden, raw, protected, or a combination.
- Support for protected values requires GitLab >= 9.3. - Support for protected values requires GitLab >= 9.3.
- Support for masked values requires GitLab >= 11.10. - Support for masked values requires GitLab >= 11.10.
- Support for hidden values requires GitLab >= 17.4, and was added in community.general 11.3.0.
- Support for raw values requires GitLab >= 15.7. - Support for raw values requires GitLab >= 15.7.
- Support for environment_scope requires GitLab Premium >= 13.11. - Support for environment_scope requires GitLab Premium >= 13.11.
- Support for variable_type requires GitLab >= 11.11. - Support for variable_type requires GitLab >= 11.11.
@ -90,6 +92,14 @@ options:
- Support for masked values requires GitLab >= 11.10. - Support for masked values requires GitLab >= 11.10.
type: bool type: bool
default: false default: false
hidden:
description:
- Whether variable value is hidden or not.
- Implies C(masked).
- Support for hidden values requires GitLab >= 17.4.
type: bool
default: false
version_added: '11.3.0'
protected: protected:
description: description:
- Whether variable value is protected or not. - Whether variable value is protected or not.
@ -251,6 +261,7 @@ class GitlabProjectVariables(object):
"key": var_obj.get('key'), "key": var_obj.get('key'),
"value": var_obj.get('value'), "value": var_obj.get('value'),
"masked": var_obj.get('masked'), "masked": var_obj.get('masked'),
"masked_and_hidden": var_obj.get('hidden'),
"protected": var_obj.get('protected'), "protected": var_obj.get('protected'),
"raw": var_obj.get('raw'), "raw": var_obj.get('raw'),
"variable_type": var_obj.get('variable_type'), "variable_type": var_obj.get('variable_type'),
@ -327,6 +338,8 @@ def native_python_main(this_gitlab, purge, requested_variables, state, module):
item['raw'] = False item['raw'] = False
if item.get('masked') is None: if item.get('masked') is None:
item['masked'] = False item['masked'] = False
if item.get('hidden') is None:
item['hidden'] = False
if item.get('environment_scope') is None: if item.get('environment_scope') is None:
item['environment_scope'] = '*' item['environment_scope'] = '*'
if item.get('variable_type') is None: if item.get('variable_type') is None:
@ -402,6 +415,7 @@ def main():
name=dict(type='str', required=True), name=dict(type='str', required=True),
value=dict(type='str', no_log=True), value=dict(type='str', no_log=True),
masked=dict(type='bool', default=False), masked=dict(type='bool', default=False),
hidden=dict(type='bool', default=False),
protected=dict(type='bool', default=False), protected=dict(type='bool', default=False),
raw=dict(type='bool', default=False), raw=dict(type='bool', default=False),
environment_scope=dict(type='str', default='*'), environment_scope=dict(type='str', default='*'),