Commit Graph

4 Commits (0bab08ee33a1aad1908f54534b48ece66cff7c50)

Author SHA1 Message Date
Matt Clay 9f899f9492
Require `from __future__ import annotations` (#81902) 1 year ago
Sloane Hertel 43e55db208
ansible-galaxy - add signature verification of the MANIFEST.json (#76681)
* ansible-galaxy collection install|verify:

  - Support verifying the origin of the MANIFEST.json when the Galaxy server has provided signatures.
  - Allow supplemental signatures to use during verification on the CLI/requirements file.

* ansible-galaxy collection install:

  - Support disabling signature verification. This silences the warning provided by ansible-galaxy if the Galaxy server provided signatures it cannot use because no keyring is configured.
  - Store Galaxy server metadata alongside installed collections for provenance. This is used by 'ansible-galaxy collection verify --offline'.

* Add unit tests for method that gets signatures from a Galaxy server

* Add integration tests for user-provided signature sources

- Test CLI option combinations
- Test installing collections with valid/invalid signature sources
- Test disabling GPG verification when installing collections
- Test verifying collections with valid/invalid signature sources

* Make signature verification advisory-by-default if signatures are provided by the Galaxy server

- Make the default keyring None
- Warn if the keyring is None but the Galaxy server provided signatures
- Error if the keyring is None but the user supplied signatures
- Error if the keyring is not None but is invalid

* changelog

* add ansible-galaxy user documentation for new options

Co-authored-by: Matt Martz <matt@sivel.net>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Martin Krizek <martin.krizek@gmail.com>
Co-authored-by: Sandra McCann <samccann@redhat.com>
Co-authored-by: Andy Mott <amott@redhat.com>
Co-authored-by: John R Barker <john@johnrbarker.com>
3 years ago
Sviatoslav Sydorenko 595413d113
Replace the inhouse collection dependency resolver with `resolvelib`
PR #72591

This change:

  * Adds an artifacts manager that abstracts away extracting the
    metadata from artifacts, downloading and caching them in a
    temporary location.

  * Adds `resolvelib` to direct ansible-core dependencies[0].

  * Implements a `resolvelib`-based dependency resolver for
    `collection` subcommands that replaces the legacy
    in-house code.

    This is a dependency resolution library that pip 20.3+ uses
    by default. It's now integrated for use for the collection
    dependency resolution in ansible-galaxy CLI.

  * Refactors of the `ansible-galaxy collection` CLI.
    In particular, it:

      - reimplements most of the `download`, `install`, `list` and
        `verify` subcommands from scratch;

      - reuses helper bits previously moved out into external modules;

      - replaces the old in-house resolver with a more clear
        implementation based on the resolvelib library[0][1][2].

  * Adds a multi Galaxy API proxy layer that abstracts accessing the
    version and dependencies via API or local artifacts manager.

  * Makes `GalaxyAPI` instances sortable.

  * Adds string representation methods to `GalaxyAPI`.

  * Adds dev representation to `GalaxyAPI`.

  * Removes unnecessary integration and unit tests.

  * Aligns the tests with the new expectations.

  * Adds more tests, integration ones in particular.

[0]: https://pypi.org/p/resolvelib
[1]: https://github.com/sarugaku/resolvelib
[2]: https://pradyunsg.me/blog/2020/03/27/pip-resolver-testing

Co-Authored-By: Jordan Borean <jborean93@gmail.com>
Co-Authored-By: Matt Clay <matt@mystile.com>
Co-Authored-By: Sam Doran <sdoran@redhat.com>
Co-Authored-By: Sloane Hertel <shertel@redhat.com>
Co-Authored-By: Sviatoslav Sydorenko <webknjaz@redhat.com>

Signed-Off-By: Sviatoslav Sydorenko <webknjaz@redhat.com>
4 years ago
Sam Doran f506fd4730
Add ansible-galaxy collection list command (#65022)
* Start adding ansible-galaxy collection list options

* Working list all collections and list a specific collection

* Nuke debugging cruft

* Use to_text to get a string of the FQCN for sorting

* Improve collection output formatting

- add header
- display collection name and version in separate columns
- width of columns is dynamic based on collection name and version length

* Make role list output match collection output list

- add header
- add columns for role name and version
- make column width dynamic based on name and version length

* remove debug statemnt and extra header

* Revert "Make role list output match collection output list"

This reverts commit a0b3db47bb3b198aafd34c1f1be5b6561af2f928.

* Add validate_collection_path function

Utility function for ensuring a collection target ends with 'ansible_collection'

* Use validate_collection_path

* Do not warn if a specific collection in found in any search path

* Fix extraneous warning and remove duplicate code

Do not warn when listing a specific collection and it does not exist
in other collection paths.

Restructure the code that loops through collection paths to remove
duplicate conditional code.

* Indicate role path was found

* Use new function name

* WIP Save Point

* Use separate functions for role and collection list

* Wrap error message

There may be a better way to do this besides hard coding a line break, but this
does make the message a lot more readable.

* Add validate_collection_path function (#66441)

* Add validate_collection_path function

Utility function for ensuring a collection target ends with 'ansible_collection'

* Fix bad syntax

* Correct docstring

* Bikeshed the names

* Properly list a single role

* Simplify _display_warnings()

Only display warnings. Move exception raise back to each caller.

* Move private methods to private functions

They don't need self, so it makes sense to have them as functions
Get rid of _display_warnings() function since it doesn't do anything worthy of
an independent function.

* Add integration tests for ansible-galaxy collection list

* Fix docs sanity test

* Fix bug where ansible_collections dir does not exist

The path may exist, but if there is no ansible_collections dir inside that path,
an exception was raised in find_existing_collections().

Add integration test for this scenario

* Put execute_list() method back

* Add some informational messages for debugging

* Add unit tests

Units tests for the various private methods in support of collection list

* Start adding unit tests for test_execute_list

* Display collection path when listing specific collection

* Add unit tests for listing all collections and specific collection

- Create fixture for creating test objects
- Add function for controlling os.path.isdir results

* Set defaults for minimum collection widths

Ensure that collections with small FQCNs display correctly.
Add unit tests

* Split up unit tests and fix fixtures

Add more fixtures for mocking objects during the specific collection tests

* Change help message for -p in list subcommand

Give accurate description of what it actually does rather than trying to use language shared between sub commands.

* Disable colorized output in unit test

* Add docs for collection list

* Fix integration test on macOS

The temp file path is really long on macOS, so the warning message gets wrapped
across multiple lines. That make seth grep fail. Switch to matching on a smaller
part of the warning.

* Recreate common path options for collections

Improve help about what the '-p' option does and how it works.

* Remove unnecessary elif after continue statements

* Account for duplicate paths in collections_searh_paths

If someone specifies the same path via '-p' that is the COLLECTIONS_PATHS,
do not list the collections twice.

* Docs updates
5 years ago