External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-03 09:48:51 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'release_2.4.3' into stable

Browse Source 
* release_2.4.3:
  Avoid packaging crankiness
  Update changelogs
  Update version for 2.4.3 release
  The default value for the allow_callbacks checkbox needs to be a boolean (true/false) and not a string ("true"/"false").  The string will always evaluate to false in the UI and be unchecked.
  Add sample config for LDAP connection options, disable referrals by default, prefetch user groups to reduce LDAP queries when checking group memberships.
This commit is contained in:
Matthew Jones
2015-12-18 15:52:30 -05:00
parent f7e5ffee27 df68f839af
commit 8a388ca947
7 changed files with 40 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
awx/__init__.py
View File

@@ -6,7 +6,7 @@ import sys
import warnings import warnings
import site import site
__version__ = '2.4.2' __version__ = '2.4.3'
__all__ = ['__version__'] __all__ = ['__version__']

2
awx/main/tests/users.py
View File

@@ -929,7 +929,7 @@ class LdapTest(BaseTest):
if not self.ldap_password: if not self.ldap_password:
self.skipTest('no test LDAP password defined') self.skipTest('no test LDAP password defined')
# Set test LDAP settings that are always needed. # Set test LDAP settings that are always needed.
for name in ('SERVER_URI', 'BIND_DN', 'BIND_PASSWORD', 'USE_TLS'): for name in ('SERVER_URI', 'BIND_DN', 'BIND_PASSWORD', 'USE_TLS', 'CONNECTION_OPTIONS'):
self.use_test_setting(name) self.use_test_setting(name)
def check_login(self, username=None, password=None, should_fail=False): def check_login(self, username=None, password=None, should_fail=False):

7
awx/settings/defaults.py
View File

@@ -4,6 +4,7 @@
import os import os
import re # noqa import re # noqa
import sys import sys
import ldap
import djcelery import djcelery
from datetime import timedelta from datetime import timedelta
@@ -231,6 +232,12 @@ AUTHENTICATION_BACKENDS = (
# LDAP server (default to None to skip using LDAP authentication). # LDAP server (default to None to skip using LDAP authentication).
AUTH_LDAP_SERVER_URI = None AUTH_LDAP_SERVER_URI = None
# Disable LDAP referrals by default (to prevent certain LDAP queries from
# hanging with AD).
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
# Radius server settings (default to empty string to skip using Radius auth). # Radius server settings (default to empty string to skip using Radius auth).
RADIUS_SERVER = '' RADIUS_SERVER = ''
RADIUS_PORT = 1812 RADIUS_PORT = 1812

17
awx/settings/local_settings.py.docker_compose
View File

@@ -167,6 +167,11 @@ LOGGING['handlers']['syslog'] = {
# Refer to django-auth-ldap docs for more details: # Refer to django-auth-ldap docs for more details:
# http://pythonhosted.org/django-auth-ldap/authentication.html # http://pythonhosted.org/django-auth-ldap/authentication.html
# Imports needed for LDAP configuration.
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
from django_auth_ldap.config import ActiveDirectoryGroupType
# LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or # LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or
# "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this # "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this
# parameter is empty. # parameter is empty.
@@ -183,10 +188,11 @@ AUTH_LDAP_BIND_PASSWORD = ''
# Enable TLS when the connection is not using SSL. # Enable TLS when the connection is not using SSL.
AUTH_LDAP_START_TLS = False AUTH_LDAP_START_TLS = False
# Imports needed for remaining LDAP configuration. # Additional options to set for the LDAP connection. LDAP referrals are
import ldap # disabled by default (to prevent certain LDAP queries from hanging with AD).
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion AUTH_LDAP_CONNECTION_OPTIONS = {
from django_auth_ldap.config import ActiveDirectoryGroupType ldap.OPT_REFERRALS: 0,
}
# LDAP search query to find users. # LDAP search query to find users.
AUTH_LDAP_USER_SEARCH = LDAPSearch( AUTH_LDAP_USER_SEARCH = LDAPSearch(
@@ -334,6 +340,9 @@ TEST_AUTH_LDAP_SERVER_URI = ''
TEST_AUTH_LDAP_BIND_DN = '' TEST_AUTH_LDAP_BIND_DN = ''
TEST_AUTH_LDAP_BIND_PASSWORD = '' TEST_AUTH_LDAP_BIND_PASSWORD = ''
TEST_AUTH_LDAP_START_TLS = False TEST_AUTH_LDAP_START_TLS = False
TEST_AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
# LDAP username/password for testing authentication. # LDAP username/password for testing authentication.
TEST_AUTH_LDAP_USERNAME = '' TEST_AUTH_LDAP_USERNAME = ''

17
awx/settings/local_settings.py.example
View File

@@ -165,6 +165,11 @@ LOGGING['handlers']['syslog'] = {
# Refer to django-auth-ldap docs for more details: # Refer to django-auth-ldap docs for more details:
# http://pythonhosted.org/django-auth-ldap/authentication.html # http://pythonhosted.org/django-auth-ldap/authentication.html
# Imports needed for LDAP configuration.
import ldap
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
from django_auth_ldap.config import ActiveDirectoryGroupType
# LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or # LDAP server URI, such as "ldap://ldap.example.com:389" (non-SSL) or
# "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this # "ldaps://ldap.example.com:636" (SSL). LDAP authentication is disable if this
# parameter is empty. # parameter is empty.
@@ -181,10 +186,11 @@ AUTH_LDAP_BIND_PASSWORD = ''
# Enable TLS when the connection is not using SSL. # Enable TLS when the connection is not using SSL.
AUTH_LDAP_START_TLS = False AUTH_LDAP_START_TLS = False
# Imports needed for remaining LDAP configuration. # Additional options to set for the LDAP connection. LDAP referrals are
import ldap # disabled by default (to prevent certain LDAP queries from hanging with AD).
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion AUTH_LDAP_CONNECTION_OPTIONS = {
from django_auth_ldap.config import ActiveDirectoryGroupType ldap.OPT_REFERRALS: 0,
}
# LDAP search query to find users. # LDAP search query to find users.
AUTH_LDAP_USER_SEARCH = LDAPSearch( AUTH_LDAP_USER_SEARCH = LDAPSearch(
@@ -332,6 +338,9 @@ TEST_AUTH_LDAP_SERVER_URI = ''
TEST_AUTH_LDAP_BIND_DN = '' TEST_AUTH_LDAP_BIND_DN = ''
TEST_AUTH_LDAP_BIND_PASSWORD = '' TEST_AUTH_LDAP_BIND_PASSWORD = ''
TEST_AUTH_LDAP_START_TLS = False TEST_AUTH_LDAP_START_TLS = False
TEST_AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0,
}
# LDAP username/password for testing authentication. # LDAP username/password for testing authentication.
TEST_AUTH_LDAP_USERNAME = '' TEST_AUTH_LDAP_USERNAME = ''

4
awx/sso/backends.py
View File

@@ -199,6 +199,10 @@ def on_populate_user(sender, **kwargs):
ldap_user = kwargs['ldap_user'] ldap_user = kwargs['ldap_user']
backend = ldap_user.backend backend = ldap_user.backend
# Prefetch user's groups to prevent LDAP queries for each org/team when
# checking membership.
ldap_user._get_groups().get_group_dns()
# Update organization membership based on group memberships. # Update organization membership based on group memberships.
org_map = getattr(backend.settings, 'ORGANIZATION_MAP', {}) org_map = getattr(backend.settings, 'ORGANIZATION_MAP', {})
for org_name, org_opts in org_map.items(): for org_name, org_opts in org_map.items():

2
awx/ui/client/src/controllers/JobTemplates.js
View File

@@ -903,7 +903,7 @@ export function JobTemplatesEdit($filter, $scope, $rootScope, $compile, $locatio
$scope.search(relatedSets[set].iterator); $scope.search(relatedSets[set].iterator);
} }
dft = ($scope.host_config_key === "" || $scope.host_config_key === null) ? 'false' : 'true'; dft = ($scope.host_config_key === "" || $scope.host_config_key === null) ? false : true;
md5Setup({ md5Setup({
scope: $scope, scope: $scope,
master: master, master: master,