External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-03 15:45:28 -02:30
Code Issues Packages Projects Releases Wiki Activity

3rd party auth removal cleanup

Browse Source 
- Sequentiallize auth config removal migrations
- Remove references to third party auth
- update license files
- lint fix
- Remove unneeded docs
- Remove unreferenced file
- Remove social auth references from docs
- Remove rest of sso dir
- Remove references to third part auth in docs
- Removed screenshots of UI listing removed settings
- Remove AuthView references
- Remove unused imports
...

Co-Authored-By: jessicamack <21223244+jessicamack@users.noreply.github.com>
This commit is contained in:
Hao Liu
2024-10-02 14:28:17 -04:00
committed by jessicamack
parent 4c7697465b
commit 31e47706b9
48 changed files with 44 additions and 1258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
awx/api/conf.py
View File

@@ -34,10 +34,7 @@ register(
'DISABLE_LOCAL_AUTH',
field_class=fields.BooleanField,
label=_('Disable the built-in authentication system'),
help_text=_(
"Controls whether users are prevented from using the built-in authentication system. "
"You probably want to do this if you are using an LDAP integration."
),
help_text=_("Controls whether users are prevented from using the built-in authentication system. "),
category=_('Authentication'),
category_slug='authentication',
)
@@ -70,20 +67,6 @@ register(
category_slug='authentication',
unit=_('seconds'),
)
register(
'ALLOW_OAUTH2_FOR_EXTERNAL_USERS',
field_class=fields.BooleanField,
default=False,
label=_('Allow External Users to Create OAuth2 Tokens'),
help_text=_(
'For security reasons, users from external auth providers (LDAP, SSO, '
' and others) are not allowed to create OAuth2 tokens. '
'To change this behavior, enable this setting. Existing tokens will '
'not be deleted when this setting is toggled off.'
),
category=_('Authentication'),
category_slug='authentication',
)
register(
'LOGIN_REDIRECT_OVERRIDE',
field_class=fields.CharField,

1
awx/api/generics.py
View File

@@ -130,7 +130,6 @@ class LoggedLoginView(auth_views.LoginView):
class LoggedLogoutView(auth_views.LogoutView):
success_url_allowed_hosts = set(settings.LOGOUT_ALLOWED_HOSTS.split(",")) if settings.LOGOUT_ALLOWED_HOSTS else set()
def dispatch(self, request, *args, **kwargs):

2
awx/api/urls/urls.py
View File

@@ -15,7 +15,6 @@ from awx.api.views.root import (
ApiV2AttachView,
)
from awx.api.views import (
AuthView,
UserMeList,
DashboardView,
DashboardJobsGraphView,
@@ -106,7 +105,6 @@ v2_urls = [
re_path(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'),
re_path(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'),
re_path(r'^config/attach/$', ApiV2AttachView.as_view(), name='api_v2_attach_view'),
re_path(r'^auth/$', AuthView.as_view()),
re_path(r'^me/$', UserMeList.as_view(), name='user_me_list'),
re_path(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'),
re_path(r'^dashboard/graphs/jobs/$', DashboardJobsGraphView.as_view(), name='dashboard_jobs_graph_view'),

28
awx/api/views/__init__.py
View File

@@ -36,7 +36,7 @@ from django.utils.translation import gettext_lazy as _
# Django REST Framework
from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound
from rest_framework.parsers import FormParser
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.permissions import IsAuthenticated
from rest_framework.renderers import JSONRenderer, StaticHTMLRenderer
from rest_framework.response import Response
from rest_framework.settings import api_settings
@@ -126,9 +126,6 @@ from awx.api.views.mixin import (
from awx.api.pagination import UnifiedJobEventPagination
from awx.main.utils import set_environ
if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
from ansible_base.authentication.models.authenticator import Authenticator as AnsibleBaseAuthenticator
logger = logging.getLogger('awx.api.views')
@@ -676,29 +673,6 @@ class ScheduleUnifiedJobsList(SubListAPIView):
name = _('Schedule Jobs List')
class AuthView(APIView):
'''List enabled single-sign-on endpoints'''
authentication_classes = []
permission_classes = (AllowAny,)
swagger_topic = 'System Configuration'
def get(self, request):
data = OrderedDict()
if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
# app is using ansible_base authentication
# add ansible_base authenticators
authenticators = AnsibleBaseAuthenticator.objects.filter(enabled=True, category="sso")
for authenticator in authenticators:
login_url = authenticator.get_login_url()
data[authenticator.name] = {
'login_url': login_url,
'name': authenticator.name,
}
return Response(data)
def immutablesharedfields(cls):
'''
Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False.

2
awx/conf/migrations/0011_remove_oidc_auth_conf.py → awx/conf/migrations/0012_remove_oidc_auth_conf.py
View File

@@ -12,7 +12,7 @@ def remove_oidc_auth_conf(apps, scheme_editor):
class Migration(migrations.Migration):
dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0011_remove_ldap_auth_conf'),
]
operations = [

3
awx/conf/migrations/0011_remove_radius_auth_conf.py → awx/conf/migrations/0013_remove_radius_auth_conf.py
View File

@@ -13,9 +13,8 @@ def remove_radius_auth_conf(apps, scheme_editor):
class Migration(migrations.Migration):
dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0012_remove_oidc_auth_conf'),
]
operations = [

3
awx/conf/migrations/0011_remove_saml_auth_conf.py → awx/conf/migrations/0014_remove_saml_auth_conf.py
View File

@@ -30,9 +30,8 @@ def remove_saml_auth_conf(apps, scheme_editor):
class Migration(migrations.Migration):
dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0013_remove_radius_auth_conf'),
]
operations = [

3
awx/conf/migrations/0011_remove_social_oauth_conf.py → awx/conf/migrations/0015_remove_social_oauth_conf.py
View File

@@ -72,9 +72,8 @@ def remove_social_oauth_conf(apps, scheme_editor):
class Migration(migrations.Migration):
dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0014_remove_saml_auth_conf'),
]
operations = [

3
awx/conf/migrations/0011_remove_tacacs_plus_auth_conf.py → awx/conf/migrations/0016_remove_tacacs_plus_auth_conf.py
View File

@@ -16,9 +16,8 @@ def remove_tacacs_plus_auth_conf(apps, scheme_editor):
class Migration(migrations.Migration):
dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0015_remove_social_oauth_conf'),
]
operations = [

1
awx/conf/tests/unit/test_fields.py
View File

@@ -111,7 +111,6 @@ class TestURLField:
@pytest.mark.parametrize(
"url,schemes,regex, allow_numbers_in_top_level_domain, expect_no_error",
[
("ldap://www.example.org42", "ldap", None, True, True),
("https://www.example.org42", "https", None, False, False),
("https://www.example.org", None, regex, None, True),
("https://www.example3.org", None, regex, None, False),

5
awx/main/conf.py
View File

@@ -46,10 +46,7 @@ register(
'MANAGE_ORGANIZATION_AUTH',
field_class=fields.BooleanField,
label=_('Organization Admins Can Manage Users and Teams'),
help_text=_(
'Controls whether any Organization Admin has the privileges to create and manage users and teams. '
'You may want to disable this ability if you are using an LDAP integration.'
),
help_text=_('Controls whether any Organization Admin has the privileges to create and manage users and teams.'),
category=_('System'),
category_slug='system',
)

1
awx/main/migrations/0193_alter_notification_notification_type_and_more.py
View File

@@ -4,7 +4,6 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('main', '0192_custom_roles'),
]

1
awx/main/migrations/0194_alter_inventorysource_source_and_more.py
View File

@@ -4,7 +4,6 @@ from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('main', '0193_alter_notification_notification_type_and_more'),
]

1
awx/main/migrations/0195_EE_permissions.py
View File

@@ -12,7 +12,6 @@ def delete_execution_environment_read_role(apps, schema_editor):
class Migration(migrations.Migration):
dependencies = [
('main', '0194_alter_inventorysource_source_and_more'),
]

1
awx/main/migrations/0196_delete_profile.py
View File

@@ -4,7 +4,6 @@ from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('main', '0195_EE_permissions'),
]

1
awx/main/migrations/0197_remove_sso_app_content.py
View File

@@ -4,7 +4,6 @@ from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('main', '0196_delete_profile'),
]

1
awx/settings/defaults.py
View File

@@ -397,7 +397,6 @@ OAUTH2_PROVIDER_REFRESH_TOKEN_MODEL = 'oauth2_provider.RefreshToken'
OAUTH2_PROVIDER_ID_TOKEN_MODEL = "oauth2_provider.IDToken"
OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000}
ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False
# Enable / Disable HTTP Basic Authentication used in the API browser

18
awx/sso/migrations/0004_alter_userenterpriseauth_provider.py
View File

@@ -1,18 +0,0 @@
# Generated by Django 4.2.10 on 2024-10-02 12:44
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('sso', '0003_convert_saml_string_to_list'),
]
operations = [
migrations.AlterField(
model_name='userenterpriseauth',
name='provider',
field=models.CharField(choices=[('radius', 'RADIUS'), ('tacacs+', 'TACACS+')], max_length=32),
),
]