Hello guys! We've been exploring using a self hosted galaxy instance to share ansible playbooks within the company, however most of them are in private repositories.
By changing the scope in settings.py used by socialauth from public_repo to repo galaxy was able to get a token with required scopes to access private repos, so imports can finish successfully, however, when i try to ansible-galaxy install myorg.my-private-repo --server https://mygalaxyserver.com it fails the following way:
downloading role 'my-private-repo', owned by myorg
I'd propose some changes, which i'd be happy to implement as well:
Changes to the Galaxy codebase:
store the visibility of an imported role (public/private)
If the repo is private, display it somehow in the UI
Also reflect those changes in the API
Only allow authenticated users to install private repos
Also warn them, that the install might depend on their access to the given repo
Return the socialauth token of the user (we're already making sure you can only install private repos when you're authenticated, so this should not pose a threat with respect to the privacy of the user)
Changes to the ansible codebase:
If the user has rights to request an install from the galaxy instance, use the API provided Github Access token to get the artifact form Github.
Hello guys! We've been exploring using a self hosted galaxy instance to share ansible playbooks within the company, however most of them are in private repositories. By changing the scope in settings.py used by socialauth from public_repo to repo galaxy was able to get a token with required scopes to access private repos, so imports can finish successfully, however, when i try to ansible-galaxy install myorg.my-private-repo --server https://mygalaxyserver.com it fails the following way:
I'd propose some changes, which i'd be happy to implement as well: Changes to the Galaxy codebase:
Changes to the ansible codebase:
Please provide me a feedback on this.
Thanks: Balint