revert change made to allow UI to accept x-access-token, just use htt… (

#15851) revert change made to allow UI to accept x-access-token, just use https:// instead
ansible · Feb 21, 2025 · 70ea0a7 · 70ea0a7
1 parent fa099fe
commit 70ea0a7
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 16 deletions.
diff --git a/awx/main/tests/unit/utils/test_common.py b/awx/main/tests/unit/utils/test_common.py
@@ -247,7 +247,7 @@ def test_extract_ansible_vars():
             True,
             True,
             False,
-            ValueError('Username must be "git" or "x-access-token" (for github app) for SSH access to github.com.'),
+            ValueError('Username must be "git" for SSH access to github.com.'),
         ),
         (
             'git',
@@ -256,7 +256,7 @@ def test_extract_ansible_vars():
             True,
             True,
             False,
-            ValueError('Username must be "git" or "x-access-token" (for github app) for SSH access to bitbucket.org.'),
+            ValueError('Username must be "git" for SSH access to bitbucket.org.'),
         ),
         (
             'git',
@@ -265,7 +265,7 @@ def test_extract_ansible_vars():
             True,
             True,
             False,
-            ValueError('Username must be "git" or "x-access-token" (for github app) for SSH access to altssh.bitbucket.org.'),
+            ValueError('Username must be "git" for SSH access to altssh.bitbucket.org.'),
         ),
         ('git', 'git:password@github.com:ansible/awx.git', True, True, True, False, 'git+ssh://git@github.com/ansible/awx.git'),
         # Disabling the special handling should not raise an error

diff --git a/awx/main/utils/common.py b/awx/main/utils/common.py
@@ -329,19 +329,12 @@ def update_scm_url(scm_type, url, username=True, password=True, check_special_ca
 
     # Special handling for github/bitbucket SSH URLs.
     if check_special_cases:
-        special_hosts = ('github.com', 'bitbucket.org', 'altssh.bitbucket.org')
-        allowed_git_usernames = {'git', 'x-access-token'}
-
-        if scm_type == 'git' and parts.scheme.endswith('ssh'):
-            is_github_host = parts.hostname in special_hosts or parts.hostname.endswith('.github.com')
-            is_bitbucket_host = parts.hostname in special_hosts or parts.hostname.endswith('.bitbucket.com') or 'bitbucket' in parts.hostname
-
-            if is_github_host and netloc_username not in allowed_git_usernames:
-                raise ValueError(_('Username must be "git" or "x-access-token" (for github app) for SSH access to %s.') % parts.hostname)
-
-            if (is_github_host or is_bitbucket_host) and netloc_password:
-                # raise ValueError('Password not allowed for SSH access to %s.' % parts.hostname)
-                netloc_password = ''
+        special_git_hosts = ('github.com', 'bitbucket.org', 'altssh.bitbucket.org')
+        if scm_type == 'git' and parts.scheme.endswith('ssh') and parts.hostname in special_git_hosts and netloc_username != 'git':
+            raise ValueError(_('Username must be "git" for SSH access to %s.') % parts.hostname)
+        if scm_type == 'git' and parts.scheme.endswith('ssh') and parts.hostname in special_git_hosts and netloc_password:
+            # raise ValueError('Password not allowed for SSH access to %s.' % parts.hostname)
+            netloc_password = ''
 
     if netloc_username and parts.scheme != 'file' and scm_type not in ("insights", "archive"):
         netloc = u':'.join([urllib.parse.quote(x, safe='') for x in (netloc_username, netloc_password) if x])