[PR #10880/30894f41 backport][stable-11] github_app_access_token: add support for GitHub Enterprise Server (#10881)

github_app_access_token: add support for GitHub Enterprise Server (#10880)

* github_app_access_token: add support for GitHub Enterprise Server (#10879)
Add option to specify api endpoint for a GitHub Enterprise Server.
If option is not specified, defaults to https://api.github.com.

* refactor: apply changes as suggested by felixfontein

* docs: fix nox check error and type-o

nox check: plugins/lookup/github_app_access_token.py:57:1: DOCUMENTATION: error: too many blank lines (1 > 0)  (empty-lines)

* refactor: apply changes as suggested by russoz

* refactor: apply changes as suggested by felixfontein

(cherry picked from commit 30894f4)

Co-authored-by: Chris <[email protected]>

Author: patchback[bot]

changelogs/fragments/10880-github_app_access_token-lookup.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - "github_app_access_token lookup plugin - add support for GitHub Enterprise Server (https://github.com/ansible-collections/community.general/issues/10879, https://github.com/ansible-collections/community.general/pull/10880)."

plugins/lookup/github_app_access_token.py

@@ -47,6 +47,13 @@
       - How long the token should last for in seconds.
     default: 600
     type: int
+  github_url:
+    description:
+      - Base URL for the GitHub API (for GitHub Enterprise Server).
+      - "Example: C(https://github-enterprise-server.example.com/api/v3)"
+    default: https://api.github.com
+    type: str
+    version_added: 11.4.0
 """
 
 EXAMPLES = r"""
@@ -154,22 +161,24 @@ def encode_jwt(app_id, private_key_obj, exp=600):
         raise AnsibleError(f"Error while encoding jwt: {e}")
 
 
-def post_request(generated_jwt, installation_id):
-    github_api_url = f'https://api.github.com/app/installations/{installation_id}/access_tokens'
+def post_request(generated_jwt, installation_id, api_base):
+    base = api_base.rstrip('/')
+    github_url = f"{base}/app/installations/{installation_id}/access_tokens"
+
     headers = {
         "Authorization": f'Bearer {generated_jwt}',
         "Accept": "application/vnd.github.v3+json",
     }
     try:
-        response = open_url(github_api_url, headers=headers, method='POST')
+        response = open_url(github_url, headers=headers, method='POST')
     except HTTPError as e:
         try:
             error_body = json.loads(e.read().decode())
             display.vvv(f"Error returned: {error_body}")
         except Exception:
             error_body = {}
         if e.code == 404:
-            raise AnsibleError("Github return error. Please confirm your installationd_id value is valid")
+            raise AnsibleError("Github return error. Please confirm your installation_id value is valid")
         elif e.code == 401:
             raise AnsibleError("Github return error. Please confirm your private key is valid")
         raise AnsibleError(f"Unexpected data returned: {e} -- {error_body}")
@@ -181,10 +190,10 @@ def post_request(generated_jwt, installation_id):
     return json_data.get('token')
 
 
-def get_token(key_path, app_id, installation_id, private_key, expiry=600):
+def get_token(key_path, app_id, installation_id, private_key, github_url, expiry=600):
     jwk = read_key(key_path, private_key)
     generated_jwt = encode_jwt(app_id, jwk, exp=expiry)
-    return post_request(generated_jwt, installation_id)
+    return post_request(generated_jwt, installation_id, github_url)
 
 
 class LookupModule(LookupBase):
@@ -209,6 +218,7 @@ def run(self, terms, variables=None, **kwargs):
             self.get_option('app_id'),
             self.get_option('installation_id'),
             self.get_option('private_key'),
+            self.get_option('github_url'),
             self.get_option('token_expiry'),
         )