trigger-readthedocs: Move secret bits into a dict
What I missed when I layed this out was that you setup a secret like - secret: name: rtd_credentials data: username: openstackci password: foo what you have in the job variables is a dictionary called "rtd_credentials". It makes it much simpler to use the role with the secret if it accepts this variable, rather than having to extract the username/password etc out of the secret dictionary into separate variables. Additionally, turn on no_log for the uri calls, to avoid potentially logging any credentials. Change-Id: I514fb1285196aae0b49a98f0efc21326730e4179
This commit is contained in:
parent
5e5ecdb75e
commit
bd4e5a54d7
@ -16,20 +16,23 @@ Trigger readthedocs build for a project
|
||||
This may come from a secret, however it can not be triggered
|
||||
without authentication.
|
||||
|
||||
.. zuul:rolevar:: rtd_integration_token
|
||||
.. zuul:rolevar:: rtd_credentials
|
||||
|
||||
Complex argument which contains the RTD authentication credentials.
|
||||
This is expected to come from a secret.
|
||||
|
||||
.. zuul:rolevar:: integration_token
|
||||
|
||||
The webhook integration token. You'll find this value on the
|
||||
project's "Integrations" dashboard page in RTD. This is expected
|
||||
to come from a secret. This can be used instead of
|
||||
username/password combo.
|
||||
project's "Integrations" dashboard page in RTD. This can be used
|
||||
instead of username/password combo.
|
||||
|
||||
.. zuul:rolevar:: rtd_username
|
||||
.. zuul:rolevar:: username
|
||||
|
||||
The readthedocs username. If set, this will be used to
|
||||
authenticate in preference to any token set via
|
||||
``rtd_integration_token``.
|
||||
|
||||
.. zuul:rolevar:: rtd_password
|
||||
.. zuul:rolevar:: password
|
||||
|
||||
Password for ``rtd_username``. Must be set if password is set.
|
||||
This is expected to come from a secret.
|
||||
Password for ``username``. Must be set if username is set.
|
||||
|
@ -5,28 +5,30 @@
|
||||
|
||||
- name: Check for an authentication type
|
||||
fail:
|
||||
msg: Must set either rtd_username or rtd_integration_token
|
||||
when: (rtd_username is not defined) and (rtd_integration_token is not defined)
|
||||
msg: Must set either rtd_credentials.username or rtd_credentials.integration_token
|
||||
when: (rtd_credentials.username is not defined) and (rtd_credentials.integration_token is not defined)
|
||||
|
||||
- when: rtd_username is defined
|
||||
- when: rtd_credentials.username is defined
|
||||
block:
|
||||
- name: Require password
|
||||
fail:
|
||||
msg: rtd_password is required when using rtd_username
|
||||
when: rtd_password is not defined
|
||||
msg: password is required when using rtd_credentials.username
|
||||
when: rtd_credentials.rtd_password is not defined
|
||||
|
||||
- name: Trigger readthedocs build webhook via authentication
|
||||
uri:
|
||||
method: POST
|
||||
url: 'https://readthedocs.org/api/v2/webhook/{{ rtd_project_name }}/{{ rtd_webhook_id }}/'
|
||||
user: '{{ rtd_username }}'
|
||||
password: '{{ rtd_password }}'
|
||||
user: '{{ rtd_credentials.username }}'
|
||||
password: '{{ rtd_credentials.password }}'
|
||||
# NOTE(ianw): testing it seems the API doesn't respond with
|
||||
# 401 so this is required
|
||||
force_basic_auth: yes
|
||||
# avoid logging any credentials
|
||||
no_log: true
|
||||
|
||||
- when: rtd_integration_token is defined and
|
||||
rtd_username is not defined
|
||||
- when: rtd_credentials.integration_token is defined and
|
||||
rtd_credentials.username is not defined
|
||||
block:
|
||||
- name: Trigger readthedocs build webhook via token
|
||||
uri:
|
||||
@ -34,5 +36,7 @@
|
||||
url: 'https://readthedocs.org/api/v2/webhook/{{ rtd_project_name }}/{{ rtd_webhook_id }}/'
|
||||
body_format: form-urlencoded
|
||||
body:
|
||||
token: '{{ rtd_integration_token }}'
|
||||
token: '{{ rtd_credentials.integration_token }}'
|
||||
follow_redirects: all
|
||||
# avoid logging any credentials
|
||||
no_log: true
|
||||
|
Loading…
Reference in New Issue
Block a user