External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-09 23:12:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

more centrify fixes

Browse Source
This commit is contained in:
Ryan Petrello 2021-03-03 09:03:04 -05:00
parent 51005c0342
commit 764322b87b
3 changed files with 42 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
awx/main/credential_plugins/centrify_vault.py
View File

@ -21,6 +21,18 @@ pas_inputs = {
'type':'string', 'type':'string',
'help_text': _('Password of Centrify API User with necessary permissions'), 'help_text': _('Password of Centrify API User with necessary permissions'),
'secret':True, 'secret':True,
},{
'id':'oauth_application_id',
'label':_('OAuth2 Application ID'),
'type':'string',
'help_text': _('Application ID of the configured OAuth2 Client (defaults to \'awx\')'),
'default': 'awx',
},{
'id':'oauth_scope',
'label':_('OAuth2 Scope'),
'type':'string',
'help_text': _('Scope of the configured OAuth2 Client (defaults to \'awx\')'),
'default': 'awx',
}], }],
'metadata': [{ 'metadata': [{
'id': 'account-name', 'id': 'account-name',
@ -41,7 +53,7 @@ pas_inputs = {
def handle_auth(**kwargs): def handle_auth(**kwargs):
post_data = { post_data = {
"grant_type": "client_credentials", "grant_type": "client_credentials",
"scope":"siem" "scope": kwargs['oauth_scope']
} }
response = requests.post( response = requests.post(
kwargs['endpoint'], kwargs['endpoint'],
@ -106,8 +118,14 @@ def centrify_backend(**kwargs):
system_name = kwargs.get('system-name') system_name = kwargs.get('system-name')
client_id = kwargs.get('client_id') client_id = kwargs.get('client_id')
client_password = kwargs.get('client_password') client_password = kwargs.get('client_password')
endpoint = urljoin(url,'/oauth2/token/oauthsiem') app_id = kwargs.get('oauth_application_id', 'awx')
endpoint = {'endpoint':endpoint,'client_id':client_id,'client_password':client_password} endpoint = urljoin(url, f'/oauth2/token/{app_id}')
endpoint = {
'endpoint': endpoint,
'client_id': client_id,
'client_password': client_password
'oauth_scope': kwargs.get('oauth_scope', 'awx')
}
token = handle_auth(**endpoint) token = handle_auth(**endpoint)
get_id_args = {'system_name':system_name,'acc_name':acc_name,'url':url,'access_token':token} get_id_args = {'system_name':system_name,'acc_name':acc_name,'url':url,'access_token':token}
acc_id = get_ID(**get_id_args) acc_id = get_ID(**get_id_args)

20
awx/main/migrations/0124_centrify_vault_credtype.py Normal file
View File

@ -0,0 +1,20 @@
from django.db import migrations
from awx.main.models import CredentialType
from awx.main.utils.common import set_current_apps
def setup_tower_managed_defaults(apps, schema_editor):
set_current_apps(apps)
CredentialType.setup_tower_managed_defaults()
class Migration(migrations.Migration):
dependencies = [
('main', '0123_drop_hg_support'),
]
operations = [
migrations.RunPython(setup_tower_managed_defaults),
]

2
setup.py
View File

@ -131,7 +131,7 @@ setup(
'hashivault_ssh = awx.main.credential_plugins.hashivault:hashivault_ssh_plugin', 'hashivault_ssh = awx.main.credential_plugins.hashivault:hashivault_ssh_plugin',
'azure_kv = awx.main.credential_plugins.azure_kv:azure_keyvault_plugin', 'azure_kv = awx.main.credential_plugins.azure_kv:azure_keyvault_plugin',
'aim = awx.main.credential_plugins.aim:aim_plugin', 'aim = awx.main.credential_plugins.aim:aim_plugin',
'centrify_vault_kv=awx.main.credential_plugins.centrify_vault:centrify_plugin' 'centrify_vault_kv = awx.main.credential_plugins.centrify_vault:centrify_plugin'
] ]
}, },
data_files = proc_data_files([ data_files = proc_data_files([