Adding tacacs+ container for testing

tools/docker-compose/README.md

@@ -244,6 +244,7 @@ $ make docker-compose
 - [SAML and OIDC Integration](#saml-and-oidc-integration)
 - [OpenLDAP Integration](#openldap-integration)
 - [Splunk Integration](#splunk-integration)
+- [tacacs+ Integration](#tacacs+-integration)
 
 ### Start a Shell
 
@@ -472,6 +473,29 @@ ansible-playbook tools/docker-compose/ansible/plumb_splunk.yml
 
 Once the playbook is done running Splunk should now be setup in your development environment. You can log into the admin console (see above for username/password) and click on "Searching and Reporting" in the left hand navigation. In the search box enter `source="http:tower_logging_collections"` and click search.
 
+### - tacacs+ Integration
+
+tacacs+ is an networking protocol that provides external authentication which can be used with AWX. This section describes how to build a reference tacacs+ instance and plumb it with your AWX for testing purposes.
+
+First, be sure that you have the awx.awx collection installed by running `make install_collection`.
+
+Anytime you want to run a tacacs+ instance alongside AWX we can start docker-compose with the TACACS option to get a containerized instance with the command:
+```bash
+TACACS=true make docker-compose
+```
+
+Once the containers come up a new port (49) should be exposed and the tacacs+ server should be running on those ports.
+
+Now we are ready to configure and plumb tacacs+ with AWX. To do this we have provided a playbook which will:
+* Backup and configure the tacacsplus adapter in AWX. NOTE: this will back up your existing settings but the password fields can not be backed up through the API, you need a DB backup to recover this.
+
+```bash
+export CONTROLLER_USERNAME=<your username>
+export CONTROLLER_PASSWORD=<your password>
+ansible-playbook tools/docker-compose/ansible/plumb_tacacs.yml
+```
+
+Once the playbook is done running tacacs+ should now be setup in your development environment. This server has the accounts listed on https://hub.docker.com/r/dchidell/docker-tacacs
 
 ### Prometheus and Grafana integration
 

tools/docker-compose/ansible/plumb_tacacs.yml

@@ -0,0 +1,32 @@
+---
+- name: Plumb a tacacs+ instance
+  hosts: localhost
+  connection: local
+  gather_facts: False
+  vars:
+    awx_host: "https://localhost:8043"
+  tasks:
+    - name: Load existing and new tacacs+ settings
+      set_fact:
+        existing_tacacs: "{{ lookup('awx.awx.controller_api', 'settings/tacacsplus', host=awx_host, verify_ssl=false) }}"
+        new_tacacs: "{{ lookup('template', 'tacacsplus_settings.json.j2') }}"
+
+    - name: Display existing tacacs+ configuration
+      debug:
+        msg:
+          - "Here is your existing tacacsplus configuration for reference:"
+          - "{{ existing_tacacs }}"
+
+    - pause:
+        prompt: "Continuing to run this will replace your existing tacacs settings (displayed above). They will all be captured. Be sure that is backed up before continuing"
+
+    - name: Write out the existing content
+      copy:
+        dest: "../_sources/existing_tacacsplus_adapter_settings.json"
+        content: "{{ existing_tacacs }}"
+
+    - name: Configure AWX tacacs+ adapter
+      awx.awx.settings:
+        settings: "{{ new_tacacs }}"
+        controller_host: "{{ awx_host }}"
+        validate_certs: False

tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2

@@ -174,6 +174,14 @@ services:
       - prometheus
     depends_on:
       - prometheus
+{% endif %}
+{% if enable_tacacs|bool %}
+  tacacs:
+    image: dchidell/docker-tacacs
+    container_name: tools_tacacs_1
+    hostname: tacacs
+    ports:
+      - "49:49"
 {% endif %}
   # A useful container that simply passes through log messages to the console
   # helpful for testing awx/tower logging

tools/docker-compose/ansible/templates/tacacsplus_settings.json.j2

@@ -0,0 +1,7 @@
+{
+    "TACACSPLUS_HOST": "tacacs",
+    "TACACSPLUS_PORT": 49,
+    "TACACSPLUS_SECRET": "ciscotacacskey",
+    "TACACSPLUS_SESSION_TIMEOUT": 5,
+    "TACACSPLUS_AUTH_PROTOCOL": "ascii"
+}