Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: aap-38589 GitHub App Authentication #15807

Open
wants to merge 2 commits into
base: devel
Choose a base branch
from
+107 −117
Open

feat: aap-38589 GitHub App Authentication #15807

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3eaa0a2
fix: aap-38589
arrestle Feb 14, 2025
d0b6a0a
fix: aap-38589
arrestle Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 13 additions & 6 deletions awx/main/utils/common.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,12 +329,19 @@ def update_scm_url(scm_type, url, username=True, password=True, check_special_ca

# Special handling for github/bitbucket SSH URLs.
if check_special_cases:
special_git_hosts = ('github.com', 'bitbucket.org', 'altssh.bitbucket.org')
if scm_type == 'git' and parts.scheme.endswith('ssh') and parts.hostname in special_git_hosts and netloc_username != 'git':
raise ValueError(_('Username must be "git" for SSH access to %s.') % parts.hostname)
if scm_type == 'git' and parts.scheme.endswith('ssh') and parts.hostname in special_git_hosts and netloc_password:
# raise ValueError('Password not allowed for SSH access to %s.' % parts.hostname)
netloc_password = ''
special_hosts = ('github.com', 'bitbucket.org', 'altssh.bitbucket.org')
allowed_git_usernames = {'git', 'x-access-token'}

if scm_type == 'git' and parts.scheme.endswith('ssh'):
is_github_host = parts.hostname in special_hosts or parts.hostname.endswith('.github.com')
is_bitbucket_host = parts.hostname in special_hosts or parts.hostname.endswith('.bitbucket.com') or 'bitbucket' in parts.hostname

if is_github_host and netloc_username not in allowed_git_usernames:
raise ValueError(_('Username must be "git" or "x-access-token" (for github app) for SSH access to %s.') % parts.hostname)

if (is_github_host or is_bitbucket_host) and netloc_password:
# raise ValueError('Password not allowed for SSH access to %s.' % parts.hostname)
netloc_password = ''

if netloc_username and parts.scheme != 'file' and scm_type not in ("insights", "archive"):
netloc = u':'.join([urllib.parse.quote(x, safe='') for x in (netloc_username, netloc_password) if x])
Expand Down
1 change: 1 addition & 0 deletions requirements/requirements.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ pexpect==4.7.0 # see library notes
prometheus_client
psycopg
psutil
PyGithub
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that we have resolved the dep issue on the awx-plugins side of things, do we still need to introduce this new dependency here or is this just left over from testing?

Copy link
Contributor Author

@arrestle arrestle Feb 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm having trouble getting the import to work on awx-plugins using EDITABLE_DEPENDENCIES=true make docker-compose honestly I'm not sure exactly how this all plays out, but I did see that msrestazure is listed in this file, and that's a awx-plugin as well.

pygerduty
pyopenssl>=23.2.0 # resolve dep conflict from cryptography pin above
pyparsing==2.4.6 # Upgrading to v3 of pyparsing introduce errors on smart host filtering: Expected 'or' term, found 'or' (at char 15), (line:1, col:16)
Expand Down
Loading
Loading