Support for private repos
Closed this issue · 1 comments
deathowl commented
Hello guys! We've been exploring using a self hosted galaxy instance to share ansible playbooks within the company, however most of them are in private repositories.
By changing the scope in settings.py used by socialauth from public_repo to repo galaxy was able to get a token with required scopes to access private repos, so imports can finish successfully, however, when i try to ansible-galaxy install myorg.my-private-repo --server https://mygalaxyserver.com it fails the following way:
- downloading role 'my-private-repo', owned by myorg
- downloading role from https://github.com/myorg/my-private-repo/archive/master.tar.gz
[ERROR]: failed to download the file: HTTP Error 404: Not Found <= This happens because the ansible-galaxy cli app just downloads the resource via a plain HTTPS request without authentication, since the github token is not stored on the users machine (this is a good thing however) [https://github.com/ansible/ansible/blob/devel/lib/ansible/galaxy/role.py#L173]
I'd propose some changes, which i'd be happy to implement as well:
Changes to the Galaxy codebase:
- store the visibility of an imported role (public/private)
- If the repo is private, display it somehow in the UI
- Also reflect those changes in the API
- Only allow authenticated users to install private repos
- Also warn them, that the install might depend on their access to the given repo
- Return the socialauth token of the user (we're already making sure you can only install private repos when you're authenticated, so this should not pose a threat with respect to the privacy of the user)
Changes to the ansible codebase:
- If the user has rights to request an install from the galaxy instance, use the API provided Github Access token to get the artifact form Github.
Please provide me a feedback on this.
Thanks: Balint
chouseknecht commented
This issue was moved to ansible/galaxy#45