Disallow Client ID in runtime

This change temporarily removes mentions of client ID and marks it as not allowed. PyGitHub seems to not fully support it [[1]]. [1]: PyGithub/PyGithub#3213
ansible · Feb 19, 2025 · fc8da9a · fc8da9a
1 parent 245ca7b
commit fc8da9a
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 3 deletions.
diff --git a/src/awx_plugins/credentials/github_app.py b/src/awx_plugins/credentials/github_app.py
@@ -76,10 +76,10 @@ class GitHubAppInputs(TypedDict):
         },
         {
             'id': 'app_or_client_id',
-            'label': _('GitHub App ID or Client ID'),
+            'label': _('GitHub App ID'),
             'type': 'string',
             'help_text': _(
-                'The GitHub App ID or Client ID created by the GitHub Admin. '
+                'The GitHub App ID created by the GitHub Admin. '
                 'Example App ID: 1121547 '
                 'found on https://github.com/settings/apps/ '
                 'required for creating a JWT token for authentication.',
@@ -171,6 +171,13 @@ def _assert_ids_look_acceptable(
             f'but got {app_or_client_id !r}',
         )
 
+    if isinstance(app_or_client_id, str) and _is_client_id(app_or_client_id):
+        raise ValueError(
+            'Expected GitHub App ID must be an integer or a string '
+            f'with an all-digit value, but got {app_or_client_id !r}. '
+            'Client IDs are currently unsupported.',
+        )
+
     if not _is_intish(install_id):
         raise ValueError(
             'Expected GitHub App Installation ID to be an integer'

diff --git a/tests/github_app_test.py b/tests/github_app_test.py
@@ -29,6 +29,14 @@
 from awx_plugins.credentials import github_app as gh_app_plugin_mod
 
 
+github_app_jwt_client_id_unsupported = pytest.mark.xfail(
+    raises=(AssertionError, ValueError),
+    reason='Client ID in JWT is not currently supported by '
+    'PyGitHub and is disabled.\n\n'
+    'Ref: https://github.com/PyGithub/PyGithub/issues/3213',
+)
+
+
 RSA_PUBLIC_EXPONENT = 65_537  # noqa: WPS303
 MINIMUM_RSA_KEY_SIZE = 1024  # the lowest value chosen for performance in tests
 
@@ -158,6 +166,7 @@ class AppInstallIds(TypedDict):
             '^Expected GitHub App Installation ID to be an integer '
             "but got 'invalid'$",
             id='gh-app-invalid-install-id-with-client-id',
+            marks=github_app_jwt_client_id_unsupported,
         ),
     ),
 )
@@ -263,7 +272,14 @@ def token(self: '_FakeAppInstallationAuth') -> str:
 
 @pytest.mark.parametrize(
     'application_id',
-    (123, '123', 'Iv1.aaaaaaaaaaaaaaaa'),
+    (
+        123,
+        '123',
+        pytest.param(
+            'Iv1.aaaaaaaaaaaaaaaa',
+            marks=github_app_jwt_client_id_unsupported,
+        ),
+    ),
     ids=('app-id-int', 'app-id-str', 'client-id'),
 )
 @pytest.mark.parametrize(