diff options
| author | Sloane Hertel <19572925+s-hertel@users.noreply.github.com> | 2024-10-08 00:42:49 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-08 00:42:49 +0200 |
| commit | d0df3a174a7fd79f91ed88dbb15e9999fa7d927b (patch) | |
| tree | 0cf6c26364e6c824c271b320eee1a7978c92f1b5 /lib | |
| parent | ansible-test - Update astroid for pylint sanity test (#84054) (diff) | |
| download | ansible-d0df3a174a7fd79f91ed88dbb15e9999fa7d927b.tar.xz ansible-d0df3a174a7fd79f91ed88dbb15e9999fa7d927b.zip | |
ansible-galaxy - fix ignoring certs when installing from git repos (#83332)
* Fix installing collections|roles from git repos with GALAXY_IGNORE_CERTS
* Fix installing collections from git repos with --ignore-certs
* Update unit test
* Add test case
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/ansible/galaxy/collection/concrete_artifact_manager.py | 11 | ||||
| -rw-r--r-- | lib/ansible/utils/galaxy.py | 2 |
2 files changed, 9 insertions, 4 deletions
diff --git a/lib/ansible/galaxy/collection/concrete_artifact_manager.py b/lib/ansible/galaxy/collection/concrete_artifact_manager.py index 7ff6b31a10..fb807766f5 100644 --- a/lib/ansible/galaxy/collection/concrete_artifact_manager.py +++ b/lib/ansible/galaxy/collection/concrete_artifact_manager.py @@ -10,6 +10,7 @@ import os import tarfile import subprocess import typing as t +import yaml from contextlib import contextmanager from hashlib import sha256 @@ -24,6 +25,7 @@ if t.TYPE_CHECKING: ) from ansible.galaxy.token import GalaxyToken +from ansible import context from ansible.errors import AnsibleError from ansible.galaxy import get_collections_galaxy_meta_info from ansible.galaxy.api import should_retry_error @@ -38,7 +40,7 @@ from ansible.module_utils.common.yaml import yaml_load from ansible.module_utils.urls import open_url from ansible.utils.display import Display -import yaml +import ansible.constants as C display = Display() @@ -425,11 +427,14 @@ def _extract_collection_from_git(repo_url, coll_ver, b_path): # Perform a shallow clone if simply cloning HEAD if version == 'HEAD': - git_clone_cmd = git_executable, 'clone', '--depth=1', git_url, to_text(b_checkout_path) + git_clone_cmd = [git_executable, 'clone', '--depth=1', git_url, to_text(b_checkout_path)] else: - git_clone_cmd = git_executable, 'clone', git_url, to_text(b_checkout_path) + git_clone_cmd = [git_executable, 'clone', git_url, to_text(b_checkout_path)] # FIXME: '--branch', version + if context.CLIARGS['ignore_certs'] or C.GALAXY_IGNORE_CERTS: + git_clone_cmd.extend(['-c', 'http.sslVerify=false']) + try: subprocess.check_call(git_clone_cmd) except subprocess.CalledProcessError as proc_err: diff --git a/lib/ansible/utils/galaxy.py b/lib/ansible/utils/galaxy.py index 977ae2cbd0..4c2f81cd0b 100644 --- a/lib/ansible/utils/galaxy.py +++ b/lib/ansible/utils/galaxy.py @@ -64,7 +64,7 @@ def scm_archive_resource(src, scm='git', name=None, version='HEAD', keep_scm_met clone_cmd = [scm_path, 'clone'] # Add specific options for ignoring certificates if requested - ignore_certs = context.CLIARGS['ignore_certs'] + ignore_certs = context.CLIARGS['ignore_certs'] or C.GALAXY_IGNORE_CERTS if ignore_certs: if scm == 'git': |