I have a github organization called haufe-it which is/was mapped to the namespace haufe_it on the old galaxy. Also, there’s a new namespace called haufe-it which is empty and I don’t seem to have access to it.
I’m unable to import anything into either of these namespaces:
Makes sense as the WebIf doesn’t show haufe-it as belonging to me.
$ ansible-galaxy role import haufe_it ansible-role-multissh
Successfully submitted import request 2053706321136235841224340602491325788
running
git clone for https://github.com/haufe_it/ansible-role-multissh failed
File "/venv/lib64/python3.11/site-packages/pulpcore/tasking/tasks.py", line 66, in _execute_task
result = func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/app/galaxy_ng/app/api/v1/tasks.py", line 356, in legacy_role_import
do_git_checkout(clone_url, checkout_path, github_reference)
File "/app/galaxy_ng/app/api/v1/tasks.py", line 118, in do_git_checkout
raise Exception(f'git clone for {clone_url} failed')
It seems galaxy-ng doesn’t know that the namespace haufe_it corresponds to haufe-it on github as it tries the wrong URL. There’s no haufe_it on github.
Since the namespace.name is “haufe_it” your first import command should have been correct and the backend code should have found the existing role to update.
ansible-galaxy role import haufe-it ansible-role-multissh
The second command is definitely not the correct one to use for this role …
ansible-galaxy role import haufe_it ansible-role-multissh
The main issue appears to be authentication or authorization for the “haufe_it” namespace.
In the namespace details, it shows your login as the owner …
Okay, I think I’ve figured it out. We have rbac code in place that determines who can write to what namespaces. In that code we check the ‘github_user’ field from the post data to validate the namespace name, but we don’t yet have the lookup code to match it to the old roles with swapped namespace names.
To fix it, I made the haufe-it legacynamespace Galaxy NG and then bound the provider namespace to haufe_it Galaxy NG
I tested importing with your token afteward and it appears to work now.
(galaxydev) [jtanner@p1 beta.scripts.2023-10-18]$ ansible-galaxy role import --token=<TOKEN> -vvvvvv haufe-it ansible-role-multissh
ansible-galaxy [core 2.15.3]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/jtanner/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/jtanner/venvs/galaxydev/lib64/python3.11/site-packages/ansible
ansible collection location = /home/jtanner/.ansible/collections:/usr/share/ansible/collections
executable location = /home/jtanner/venvs/galaxydev/bin/ansible-galaxy
python version = 3.11.6 (main, Oct 3 2023, 00:00:00) [GCC 13.2.1 20230728 (Red Hat 13.2.1-1)] (/home/jtanner/venvs/galaxydev/bin/python3)
jinja version = 3.1.2
libyaml = True
Using /etc/ansible/ansible.cfg as config file
Initial connection to galaxy_server: https://galaxy.ansible.com
Opened /home/jtanner/.ansible/galaxy_token
Calling Galaxy at https://galaxy.ansible.com/api/
Found API version 'v3, pulp-v3, v1' with Galaxy server default (https://galaxy.ansible.com/api/)
Calling Galaxy at https://galaxy.ansible.com/api/v1/imports/
Successfully submitted import request 2053790683390280560371105338281559867
Calling Galaxy at https://galaxy.ansible.com/api/v1/imports?id=2053790683390280560371105338281559867
running
Calling Galaxy at https://galaxy.ansible.com/api/v1/imports?id=2053790683390280560371105338281559867
role imported successfully
Unfortunately you couldn’t have fixed this yourself. The backend code should have made the legacy namespace automatically and bound it to the v3 namespace, but I think it decided that since you already owned haufe_it, it didn’t need to make another.
This seems to have created another issue: While existing roles can now be updated in the v1 namespace (and only there), new imports end up in the v3 namespace only.
Is there a way to fix this by either getting rid of the v1 namespace altogether or somehow enabling uploads to both namespaces?
Both haufe_it and haufe-it are standalone/v1/legacy/etc namespaces. The v3 namespace is haufe_it(v3) and only collections end up there, but it does control ownership of the other 2 legacy namespaces.
If you’d like all of your roles to end up in haufe-it it’s probably best that you first delete the roles currently in haufe_it and then re-import them. That should make sure they get to the right place by skipping past the backend import code that tries to match the github_user and github_repo to existing roles.
I’ve outlined how to delete roles in a new docs PR
