Hi all - I've hit a blocker when using the git module in combination with Github's token method: https://developer.github.com/guides/managing-deploy-keys/#https-cloning-with-oauth-tokens. This email also outlines an additional problem I've noticed. I'd be really grateful for any suggestions of what I'm doing wrong or if there really are problems.
The place I'm trying to get to is this: * Call Github API to create new limited-scope token * Use Ansible to clone (*or* update, depending on the git module's idea of if it can update in place) using an HTTPS repo URI with this new token, passed in as an extra-var/envvar. * Revoke token via the API # Problem 1: The only way I can see to use a passworded HTTPS URI with the git module and github is as per https://help.github.com/articles/git-automation-with-oauth-tokens. i.e. "repo=https://<token>:x-oauth-basic@f.q.d.n/path/to/remote/repo.git". Unfortunately, Ansible (although it may just be git itself, behind the scenes) appears to freeze the username/password combination into the repo's .git/config file, as part of the URI. This means that, after the first deployment, the next git-update/-pull/-fetch operation fails due to the initial token now being revoked. # Problem 2: The git module must know that the URI contains a username and password, because it blanks out (*only*) the password in its logged output. However, using this with github method outlined above means that it blanks out the fixed string "x-oauth-basic" and not the token. Of course this is a result of Github's implementation choices, but they're a big enough target for use by the git module that I believe Ansible should deal with their choice. Hopefully someone can tell me where I'm going wrong. No, using SSH keys isn't an option! Many thanks, Jonathan -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAKsTx7B4iDDpXK%3DpJoF0S9dO%3DeMA4tWfb9fZtE1%3DrQ7_bw_qwg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
