Ansible-galaxy command ignores token set in environment

Hey,
at work we are migrating to using an internal galaxy server ( yes it’s the paid RH version, but this question is not relevant to the product itself ).

While testing the config, I ended up in a big rabbit hole because I was trying to only set the url in the config file and set the token as a separate file, then use ANSIBLE_GALAXY_TOKEN_PATH in the environment to set the API token.
After a bit of looking around in the code, I noticed that if token is not set in the ansible.cfg file, along with the URL, it is ignored entirely.

I’m sure there is a reason behind this but I cannot understand why that’s the case. Can I please have some context for this decision?

I have a couple of ideas on how to get this to work and I’m happy to raise a PR as usual.

Hopefully the above makes sense. Below is a sample of the setup:

[galaxy]
server_list = rh-certified_repo

[galaxy_server.rh-certified_repo]
url=<internal_galaxy_url>/api/galaxy/content/rh-certified/

The token file would look something like the below and the respective env var points to it:

token: <token>

Did you try to save the galaxy_token file under the default path?

This worked for me with ansible-galaxy [core 2.15.5].

Default path: ANSIBLE_HOME/galaxy_token
without special configuration this should be: ~/.ansible/galaxy_token

I have also been able to successfully load the token via environment variable ANSIBLE_GALAXY_TOKEN_PATH as well as by definition as token_path in ansible.cfg.

Have you already looked at the verbose output with -vvvvv?

Hey @xolyu,
Thanks for your reply.

Yes I already tried all that, the galaxy/core version is the same.
I have no issue if I only define the ANSIBLE_GALAXY_TOKEN_PATH variable, the issue comes up when I define the galaxy URL in the config file and the token path as a env variable.

I’m confident if you try using the config in the original post it won’t work.
Just FYI, this is the output ( a shorter version as there’s plenty of non relevant info ) of the -vvvvv output

❯ ansible-galaxy collection install -vvvv ansible.controller:4.2.0 --force
ansible-galaxy [core 2.15.5]
  config file = /Users/andrea_tartaglia/Documents/code/roles/aap_organization/ansible.cfg
  configured module search path = ['/Users/andrea_tartaglia/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/andrea_tartaglia/.pyenv/versions/3.10.3/lib/python3.10/site-packages/ansible
  ansible collection location = /Users/andrea_tartaglia/.ansible/collections:/usr/share/ansible/collections
  executable location = /Users/andrea_tartaglia/.pyenv/versions/3.10.3/bin/ansible-galaxy
  python version = 3.10.3 (main, May  4 2022, 17:28:50) [Clang 13.1.6 (clang-1316.0.21.2.3)] (/Users/andrea_tartaglia/.pyenv/versions/3.10.3/bin/python3.10)
  jinja version = 3.1.2
  libyaml = True
Using /Users/andrea_tartaglia/Documents/code/roles/aap_organization/ansible.cfg as config file
Starting galaxy collection install process

[...]


Process install dependency map
Initial connection to galaxy_server: https://<galaxy_url>/api/galaxy/content/rh-certified/
Found API version 'v3' with Galaxy server rh-certified_repo (https://<galaxy_url>/api/galaxy/content/rh-certified/)
Opened /Users/andrea_tartaglia/.ansible/galaxy_token
Calling Galaxy at https://<galaxy_url>/api/galaxy/content/rh-certified/v3/collections/ansible/controller/
ERROR! Error when getting the collection info for ansible.controller from rh-certified_repo (https://<galaxy_url>/api/galaxy/content/rh-certified/) (HTTP Code: 403, Message: Authentication credentials were not provided. Code: not_authenticated)
❯ echo $ANSIBLE_GALAXY_TOKEN_PATH
~/.ansible/galaxy_token