Aap 50951 (#7053)

* disable authenticators that require updating the redirect URL and add groups claim to AzureAD migrator * update tests
2026-02-23 14:05:59 -03:30 · 2025-08-11 18:46:08 +02:00
parent 0b17007764
commit 4f2d28db51
6 changed files with 7 additions and 6 deletions
--- a/awx/sso/tests/unit/test_google_oauth2_migrator.py
+++ b/awx/sso/tests/unit/test_google_oauth2_migrator.py
@@ -54,7 +54,7 @@ def test_create_gateway_authenticator(mocker, test_google_config):
    assert payload['name'] == 'google'
    assert payload['slug'] == 'aap-google-oauth2-google-oauth2'
    assert payload['type'] == 'ansible_base.authentication.authenticator_plugins.google_oauth2'
-    assert payload['enabled'] is True
+    assert payload['enabled'] is False
    assert payload['create_objects'] is True
    assert payload['remove_users'] is False

--- a/awx/sso/utils/azure_ad_migrator.py
+++ b/awx/sso/utils/azure_ad_migrator.py
@@ -56,12 +56,13 @@ class AzureADMigrator(BaseAuthenticatorMigrator):
                    "name": authenticator_name,
                    "slug": authenticator_slug,
                    "type": "ansible_base.authentication.authenticator_plugins.azuread",
-                    "enabled": True,
+                    "enabled": False,
                    "create_objects": True,
                    "remove_users": False,
                    "configuration": {
                        "KEY": key_value,
                        "SECRET": secret_value,
+                        "GROUPS_CLAIM": "groups",
                    },
                },
                'org_mappers': org_mappers,
--- a/awx/sso/utils/github_migrator.py
+++ b/awx/sso/utils/github_migrator.py
@@ -157,7 +157,7 @@ class GitHubMigrator(BaseAuthenticatorMigrator):
            "name": authenticator_name,
            "slug": authenticator_slug,
            "type": authenticator_type,
-            "enabled": True,
+            "enabled": False,
            "create_objects": True,  # Allow Gateway to create users/orgs/teams
            "remove_users": False,  # Don't remove users by default
            "configuration": {"KEY": key_value, "SECRET": secret_value},
--- a/awx/sso/utils/google_oauth2_migrator.py
+++ b/awx/sso/utils/google_oauth2_migrator.py
@@ -71,7 +71,7 @@ class GoogleOAuth2Migrator(BaseAuthenticatorMigrator):
            "name": "google",
            "slug": authenticator_slug,
            "type": "ansible_base.authentication.authenticator_plugins.google_oauth2",
-            "enabled": True,
+            "enabled": False,
            "create_objects": True,  # Allow Gateway to create users/orgs/teams
            "remove_users": False,  # Don't remove users by default
            "configuration": {
--- a/awx/sso/utils/oidc_migrator.py
+++ b/awx/sso/utils/oidc_migrator.py
@@ -52,7 +52,7 @@ class OIDCMigrator(BaseAuthenticatorMigrator):
        config_data = {
            "name": "default",
            "type": self.AUTH_TYPE,
-            "enabled": True,
+            "enabled": False,
            "create_objects": True,
            "remove_users": False,
            "configuration": {
--- a/awx/sso/utils/saml_migrator.py
+++ b/awx/sso/utils/saml_migrator.py
@@ -64,7 +64,7 @@ class SAMLMigrator(BaseAuthenticatorMigrator):
        """
        found_configs = []

-        enabled = True
+        enabled = False
        remove_users = True
        create_objects = getattr(settings, "SAML_AUTO_CREATE_OBJECTS", True)
        idps = getattr(settings, "SOCIAL_AUTH_SAML_ENABLED_IDPS", {})