Support for private repos

[deathowl]

Hello guys! We've been exploring using a self hosted galaxy instance to share ansible playbooks within the company, however most of them are in private repositories. By changing the scope in settings.py used by socialauth from public_repo to repo galaxy was able to get a token with required scopes to access private repos, so imports can finish successfully, however, when i try to ansible-galaxy install myorg.my-private-repo --server https://mygalaxyserver.com it fails the following way:

• downloading role 'my-private-repo', owned by myorg
• downloading role from https://github.com/myorg/my-private-repo/archive/master.tar.gz [ERROR]: failed to download the file: HTTP Error 404: Not Found <= This happens because the ansible-galaxy cli app just downloads the resource via a plain HTTPS request without authentication, since the github token is not stored on the users machine (this is a good thing however) [https://github.com/ansible/ansible/blob/devel/lib/ansible/galaxy/role.py#L173]

I'd propose some changes, which i'd be happy to implement as well: Changes to the Galaxy codebase:

• store the visibility of an imported role (public/private)
• If the repo is private, display it somehow in the UI
• Also reflect those changes in the API
• Only allow authenticated users to install private repos
• Also warn them, that the install might depend on their access to the given repo
• Return the socialauth token of the user (we're already making sure you can only install private repos when you're authenticated, so this should not pose a threat with respect to the privacy of the user)

Changes to the ansible codebase:

• If the user has rights to request an install from the galaxy instance, use the API provided Github Access token to get the artifact form Github.

Please provide me a feedback on this.

Thanks: Balint

[chouseknecht]

This issue was moved to ansible/galaxy#45