From 26b7e9de4044e19410dcb60169cbfc10287eee6a Mon Sep 17 00:00:00 2001 From: Jeff Bradberry Date: Tue, 4 May 2021 11:07:48 -0400 Subject: [PATCH] Add a new setting, DISABLE_LOCAL_AUTH and expose it in the settings UI. --- awx/api/conf.py | 11 +++++++++++ awx/main/conf.py | 19 +++++++++---------- awx/settings/defaults.py | 1 + .../MiscSystemDetail/MiscSystemDetail.jsx | 1 + .../MiscSystemDetail.test.jsx | 1 + .../MiscSystemEdit/MiscSystemEdit.jsx | 5 +++++ .../MiscSystemEdit/MiscSystemEdit.test.jsx | 1 + .../shared/data.allSettingOptions.json | 17 +++++++++++++++++ .../Setting/shared/data.allSettings.json | 1 + 9 files changed, 47 insertions(+), 10 deletions(-) diff --git a/awx/api/conf.py b/awx/api/conf.py index 0a2ac6a89f..5616842fe0 100644 --- a/awx/api/conf.py +++ b/awx/api/conf.py @@ -27,6 +27,17 @@ register( category=_('Authentication'), category_slug='authentication', ) +register( + 'DISABLE_LOCAL_AUTH', + field_class=fields.BooleanField, + label=_('Disable the built-in authentication system'), + help_text=_( + "Controls whether users are prevented from using the built-in authentication system. " + "You probably want to do this if you are using an LDAP or SAML integration." + ), + category=_('Authentication'), + category_slug='authentication', +) register( 'AUTH_BASIC_ENABLED', field_class=fields.BooleanField, diff --git a/awx/main/conf.py b/awx/main/conf.py index 644045a79a..41f33711f2 100644 --- a/awx/main/conf.py +++ b/awx/main/conf.py @@ -36,7 +36,7 @@ register( 'ORG_ADMINS_CAN_SEE_ALL_USERS', field_class=fields.BooleanField, label=_('All Users Visible to Organization Admins'), - help_text=_('Controls whether any Organization Admin can view all users and teams, ' 'even those not associated with their Organization.'), + help_text=_('Controls whether any Organization Admin can view all users and teams, even those not associated with their Organization.'), category=_('System'), category_slug='system', ) @@ -59,7 +59,7 @@ register( schemes=('http', 'https'), allow_plain_hostname=True, # Allow hostname only without TLD. label=_('Base URL of the service'), - help_text=_('This setting is used by services like notifications to render ' 'a valid url to the service.'), + help_text=_('This setting is used by services like notifications to render a valid url to the service.'), category=_('System'), category_slug='system', ) @@ -94,13 +94,12 @@ register( category_slug='system', ) - register( 'LICENSE', field_class=fields.DictField, default=lambda: {}, label=_('License'), - help_text=_('The license controls which features and functionality are ' 'enabled. Use /api/v2/config/ to update or change ' 'the license.'), + help_text=_('The license controls which features and functionality are enabled. Use /api/v2/config/ to update or change the license.'), category=_('System'), category_slug='system', ) @@ -194,7 +193,7 @@ register( 'CUSTOM_VENV_PATHS', field_class=fields.StringListPathField, label=_('Custom virtual environment paths'), - help_text=_('Paths where Tower will look for custom virtual environments ' '(in addition to /var/lib/awx/venv/). Enter one path per line.'), + help_text=_('Paths where Tower will look for custom virtual environments (in addition to /var/lib/awx/venv/). Enter one path per line.'), category=_('System'), category_slug='system', default=[], @@ -318,7 +317,7 @@ register( field_class=fields.BooleanField, default=False, label=_('Ignore Ansible Galaxy SSL Certificate Verification'), - help_text=_('If set to true, certificate validation will not be done when ' 'installing content from any Galaxy server.'), + help_text=_('If set to true, certificate validation will not be done when installing content from any Galaxy server.'), category=_('Jobs'), category_slug='jobs', ) @@ -433,7 +432,7 @@ register( allow_null=False, default=200, label=_('Maximum number of forks per job'), - help_text=_('Saving a Job Template with more than this number of forks will result in an error. ' 'When set to 0, no limit is applied.'), + help_text=_('Saving a Job Template with more than this number of forks will result in an error. When set to 0, no limit is applied.'), category=_('Jobs'), category_slug='jobs', ) @@ -454,7 +453,7 @@ register( allow_null=True, default=None, label=_('Logging Aggregator Port'), - help_text=_('Port on Logging Aggregator to send logs to (if required and not' ' provided in Logging Aggregator).'), + help_text=_('Port on Logging Aggregator to send logs to (if required and not provided in Logging Aggregator).'), category=_('Logging'), category_slug='logging', required=False, @@ -561,7 +560,7 @@ register( field_class=fields.IntegerField, default=5, label=_('TCP Connection Timeout'), - help_text=_('Number of seconds for a TCP connection to external log ' 'aggregator to timeout. Applies to HTTPS and TCP log ' 'aggregator protocols.'), + help_text=_('Number of seconds for a TCP connection to external log aggregator to timeout. Applies to HTTPS and TCP log aggregator protocols.'), category=_('Logging'), category_slug='logging', unit=_('seconds'), @@ -627,7 +626,7 @@ register( field_class=fields.BooleanField, default=False, label=_('Enable rsyslogd debugging'), - help_text=_('Enabled high verbosity debugging for rsyslogd. ' 'Useful for debugging connection issues for external log aggregation.'), + help_text=_('Enabled high verbosity debugging for rsyslogd. Useful for debugging connection issues for external log aggregation.'), category=_('Logging'), category_slug='logging', ) diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index 5d1a3b1dd6..31100f11b3 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -716,6 +716,7 @@ CALLBACK_QUEUE = "callback_tasks" # Note: This setting may be overridden by database settings. ORG_ADMINS_CAN_SEE_ALL_USERS = True MANAGE_ORGANIZATION_AUTH = True +DISABLE_LOCAL_AUTH = False # Note: This setting may be overridden by database settings. TOWER_URL_BASE = "https://towerhost" diff --git a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.jsx b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.jsx index 75c8c0fce8..de5080eec4 100644 --- a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.jsx +++ b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.jsx @@ -48,6 +48,7 @@ function MiscSystemDetail() { 'INSIGHTS_TRACKING_STATE', 'LOGIN_REDIRECT_OVERRIDE', 'MANAGE_ORGANIZATION_AUTH', + 'DISABLE_LOCAL_AUTH', 'OAUTH2_PROVIDER', 'ORG_ADMINS_CAN_SEE_ALL_USERS', 'REDHAT_PASSWORD', diff --git a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.test.jsx b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.test.jsx index 998fc1c61c..bc9e429f83 100644 --- a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.test.jsx +++ b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemDetail/MiscSystemDetail.test.jsx @@ -30,6 +30,7 @@ describe('', () => { INSIGHTS_TRACKING_STATE: false, LOGIN_REDIRECT_OVERRIDE: 'https://redirect.com', MANAGE_ORGANIZATION_AUTH: true, + DISABLE_LOCAL_AUTH: false, OAUTH2_PROVIDER: { ACCESS_TOKEN_EXPIRE_SECONDS: 1, AUTHORIZATION_CODE_EXPIRE_SECONDS: 2, diff --git a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemEdit/MiscSystemEdit.jsx b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemEdit/MiscSystemEdit.jsx index 8206fb0a3c..312b4dbf96 100644 --- a/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemEdit/MiscSystemEdit.jsx +++ b/awx/ui_next/src/screens/Setting/MiscSystem/MiscSystemEdit/MiscSystemEdit.jsx @@ -48,6 +48,7 @@ function MiscSystemEdit() { 'INSIGHTS_TRACKING_STATE', 'LOGIN_REDIRECT_OVERRIDE', 'MANAGE_ORGANIZATION_AUTH', + 'DISABLE_LOCAL_AUTH', 'OAUTH2_PROVIDER', 'ORG_ADMINS_CAN_SEE_ALL_USERS', 'REDHAT_PASSWORD', @@ -261,6 +262,10 @@ function MiscSystemEdit() { name="MANAGE_ORGANIZATION_AUTH" config={system.MANAGE_ORGANIZATION_AUTH} /> +