remove usage of import * and enforce F405 in our linter

import * is a scourge upon the earth

awx/api/generics.py

@@ -33,9 +33,17 @@ from rest_framework.negotiation import DefaultContentNegotiation
 
 # AWX
 from awx.api.filters import FieldLookupBackend
-from awx.main.models import *  # noqa
+from awx.main.models import (
+    UnifiedJob, UnifiedJobTemplate, User, Role
+)
 from awx.main.access import access_registry
-from awx.main.utils import * # noqa
+from awx.main.utils import (
+    camelcase_to_underscore,
+    get_search_fields,
+    getattrd,
+    get_object_or_400,
+    decrypt_field
+)
 from awx.main.utils.db import get_all_field_names
 from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer
 from awx.api.versioning import URLPathVersioning, get_request_version

awx/api/permissions.py

@@ -9,8 +9,8 @@ from rest_framework.exceptions import MethodNotAllowed, PermissionDenied
 from rest_framework import permissions
 
 # AWX
-from awx.main.access import * # noqa
+from awx.main.access import check_user_access
-from awx.main.models import * # noqa
+from awx.main.models import Inventory, UnifiedJob
 from awx.main.utils import get_object_or_400
 
 logger = logging.getLogger('awx.api.permissions')

awx/api/serializers.py

@@ -45,8 +45,22 @@ from awx.main.constants import (
     ACTIVE_STATES,
     CENSOR_VALUE,
 )
-from awx.main.models import * # noqa
+from awx.main.models import (
-from awx.main.models.base import NEW_JOB_TYPE_CHOICES
+    ActivityStream, AdHocCommand, AdHocCommandEvent, Credential,
+    CredentialType, CustomInventoryScript, Fact, Group, Host, Instance,
+    InstanceGroup, Inventory, InventorySource, InventoryUpdate,
+    InventoryUpdateEvent, Job, JobEvent, JobHostSummary, JobLaunchConfig,
+    JobTemplate, Label, Notification, NotificationTemplate, OAuth2AccessToken,
+    OAuth2Application, Organization, Project, ProjectUpdate,
+    ProjectUpdateEvent, RefreshToken, Role, Schedule, SystemJob,
+    SystemJobEvent, SystemJobTemplate, Team, UnifiedJob, UnifiedJobTemplate,
+    UserSessionMembership, V1Credential, WorkflowJob, WorkflowJobNode,
+    WorkflowJobTemplate, WorkflowJobTemplateNode, StdoutMaxBytesExceeded
+)
+from awx.main.models.base import VERBOSITY_CHOICES, NEW_JOB_TYPE_CHOICES
+from awx.main.models.rbac import (
+    get_roles_on_resource, role_summary_fields_generator
+)
 from awx.main.fields import ImplicitRoleField, JSONBField
 from awx.main.utils import (
     get_type_for_model, get_model_for_type, timestamp_apiformat,

awx/conf/fields.py

@@ -8,7 +8,10 @@ from django.core.validators import URLValidator
 from django.utils.translation import ugettext_lazy as _
 
 # Django REST Framework
-from rest_framework.fields import *  # noqa
+from rest_framework.fields import (  # noqa
+    BooleanField, CharField, ChoiceField, DictField, EmailField, IntegerField,
+    ListField, NullBooleanField
+)
 
 logger = logging.getLogger('awx.conf.fields')
 

awx/conf/views.py

@@ -17,10 +17,15 @@ from rest_framework import serializers
 from rest_framework import status
 
 # Tower
-from awx.api.generics import *  # noqa
+from awx.api.generics import (
+    APIView,
+    GenericAPIView,
+    ListAPIView,
+    RetrieveUpdateDestroyAPIView,
+)
 from awx.api.permissions import IsSuperUser
 from awx.api.versioning import reverse, get_request_version
-from awx.main.utils import *  # noqa
+from awx.main.utils import camelcase_to_underscore
 from awx.main.utils.handlers import AWXProxyHandler, LoggingConnectivityException
 from awx.main.tasks import handle_setting_changes
 from awx.conf.license import get_licensed_features

awx/main/access.py

@@ -28,7 +28,17 @@ from awx.main.utils import (
     to_python_boolean,
     get_licenser,
 )
-from awx.main.models import * # noqa
+from awx.main.models import (
+    ActivityStream, AdHocCommand, AdHocCommandEvent, Credential, CredentialType,
+    CustomInventoryScript, Group, Host, Instance, InstanceGroup, Inventory,
+    InventorySource, InventoryUpdate, InventoryUpdateEvent, Job, JobEvent,
+    JobHostSummary, JobLaunchConfig, JobTemplate, Label, Notification,
+    NotificationTemplate, Organization, Project, ProjectUpdate,
+    ProjectUpdateEvent, Role, Schedule, SystemJob, SystemJobEvent,
+    SystemJobTemplate, Team, UnifiedJob, UnifiedJobTemplate, WorkflowJob,
+    WorkflowJobNode, WorkflowJobTemplate, WorkflowJobTemplateNode,
+    ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, ROLE_SINGLETON_SYSTEM_AUDITOR
+)
 from awx.main.models.mixins import ResourceMixin
 
 from awx.conf.license import LicenseForbids, feature_enabled
@@ -434,12 +444,16 @@ class InstanceAccess(BaseAccess):
                    skip_sub_obj_read_check=False):
         if relationship == 'rampart_groups' and isinstance(sub_obj, InstanceGroup):
             return self.user.is_superuser
-        return super(InstanceAccess, self).can_attach(obj, sub_obj, relationship, *args, **kwargs)
+        return super(InstanceAccess, self).can_attach(
+            obj, sub_obj, relationship, data, skip_sub_obj_read_check=skip_sub_obj_read_check
+        )
 
     def can_unattach(self, obj, sub_obj, relationship, data=None):
         if relationship == 'rampart_groups' and isinstance(sub_obj, InstanceGroup):
             return self.user.is_superuser
-        return super(InstanceAccess, self).can_unattach(obj, sub_obj, relationship, *args, **kwargs)
+        return super(InstanceAccess, self).can_unattach(
+            obj, sub_obj, relationship, relationship, data=data
+        )
 
     def can_add(self, data):
         return False
@@ -1341,7 +1355,7 @@ class JobTemplateAccess(BaseAccess):
         '''
 
         # obj.credentials.all() is accessible ONLY when object is saved (has valid id)
-        credential_manager = getattr(obj, 'credentials', None) if getattr(obj, 'id', False) else Credentials.objects.none()
+        credential_manager = getattr(obj, 'credentials', None) if getattr(obj, 'id', False) else Credential.objects.none()
         return reduce(lambda prev, cred: prev and self.user in cred.use_role, credential_manager.all(), True)
 
     def can_start(self, obj, validate_license=True):
@@ -1850,7 +1864,6 @@ class WorkflowJobTemplateAccess(BaseAccess):
             qs = obj.workflow_job_template_nodes
             qs = qs.prefetch_related('unified_job_template', 'inventory__use_role', 'credentials__use_role')
             for node in qs.all():
-                node_errors = {}
                 if node.inventory and self.user not in node.inventory.use_role:
                     missing_inventories.append(node.inventory.name)
                 for cred in node.credentials.all():
@@ -1859,8 +1872,6 @@ class WorkflowJobTemplateAccess(BaseAccess):
                 ujt = node.unified_job_template
                 if ujt and not self.user.can_access(UnifiedJobTemplate, 'start', ujt, validate_license=False):
                     missing_ujt.append(ujt.name)
-                if node_errors:
-                    wfjt_errors[node.id] = node_errors
             if missing_ujt:
                 self.messages['templates_unable_to_copy'] = missing_ujt
             if missing_credentials:

awx/main/models/__init__.py

@@ -6,27 +6,60 @@ from django.conf import settings # noqa
 from django.db.models.signals import pre_delete  # noqa
 
 # AWX
-from awx.main.models.base import * # noqa
+from awx.main.models.base import (  # noqa
-from awx.main.models.unified_jobs import * # noqa
+    BaseModel, prevent_search, CLOUD_INVENTORY_SOURCES, VERBOSITY_CHOICES
-from awx.main.models.organization import * # noqa
+)
-from awx.main.models.credential import * # noqa
+from awx.main.models.unified_jobs import (  # noqa
-from awx.main.models.projects import * # noqa
+    UnifiedJob, UnifiedJobTemplate, StdoutMaxBytesExceeded
-from awx.main.models.inventory import * # noqa
+)
-from awx.main.models.jobs import * # noqa
+from awx.main.models.organization import (  # noqa
-from awx.main.models.events import * # noqa
+    Organization, Profile, Team, UserSessionMembership
-from awx.main.models.ad_hoc_commands import * # noqa
+)
-from awx.main.models.schedules import * # noqa
+from awx.main.models.credential import (  # noqa
-from awx.main.models.activity_stream import * # noqa
+    Credential, CredentialType, V1Credential, build_safe_env
-from awx.main.models.ha import * # noqa
+)
-from awx.main.models.rbac import * # noqa
+from awx.main.models.projects import Project, ProjectUpdate  # noqa
-from awx.main.models.mixins import * # noqa
+from awx.main.models.inventory import (  # noqa
-from awx.main.models.notifications import * # noqa
+    CustomInventoryScript, Group, Host, Inventory, InventorySource,
-from awx.main.models.fact import * # noqa
+    InventoryUpdate, SmartInventoryMembership
-from awx.main.models.label import * # noqa
+)
-from awx.main.models.workflow import * # noqa
+from awx.main.models.jobs import (  # noqa
-from awx.main.models.channels import * # noqa
+    Job, JobHostSummary, JobLaunchConfig, JobTemplate, SystemJob,
+    SystemJobTemplate,
+)
+from awx.main.models.events import (  # noqa
+    AdHocCommandEvent, InventoryUpdateEvent, JobEvent, ProjectUpdateEvent,
+    SystemJobEvent,
+)
+from awx.main.models.ad_hoc_commands import AdHocCommand # noqa
+from awx.main.models.schedules import Schedule # noqa
+from awx.main.models.activity_stream import ActivityStream # noqa
+from awx.main.models.ha import (  # noqa
+    Instance, InstanceGroup, JobOrigin, TowerScheduleState,
+)
+from awx.main.models.rbac import (  # noqa
+    Role, batch_role_ancestor_rebuilding, get_roles_on_resource,
+    role_summary_fields_generator, ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
+    ROLE_SINGLETON_SYSTEM_AUDITOR,
+)
+from awx.main.models.mixins import (  # noqa
+    CustomVirtualEnvMixin, ResourceMixin, SurveyJobMixin,
+    SurveyJobTemplateMixin, TaskManagerInventoryUpdateMixin,
+    TaskManagerJobMixin, TaskManagerProjectUpdateMixin,
+    TaskManagerUnifiedJobMixin,
+)
+from awx.main.models.notifications import Notification, NotificationTemplate # noqa
+from awx.main.models.fact import Fact # noqa
+from awx.main.models.label import Label # noqa
+from awx.main.models.workflow import (  # noqa
+    WorkflowJob, WorkflowJobNode, WorkflowJobOptions, WorkflowJobTemplate,
+    WorkflowJobTemplateNode,
+)
+from awx.main.models.channels import ChannelGroup # noqa
 from awx.api.versioning import reverse
-from awx.main.models.oauth import * # noqa
+from awx.main.models.oauth import ( # noqa
+    OAuth2AccessToken, OAuth2Application
+)
 from oauth2_provider.models import Grant, RefreshToken # noqa -- needed django-oauth-toolkit model migrations
 
 
@@ -50,7 +83,10 @@ _PythonSerializer.handle_m2m_field = _new_handle_m2m_field
 
 # Add custom methods to User model for permissions checks.
 from django.contrib.auth.models import User  # noqa
-from awx.main.access import * # noqa
+from awx.main.access import (  # noqa
+    get_user_queryset, check_user_access, check_user_access_with_errors,
+    user_accessible_objects
+)
 
 
 User.add_to_class('get_queryset', get_user_queryset)

awx/main/signals.py

@@ -30,7 +30,14 @@ from crum.signals import current_user_getter
 
 
 # AWX
-from awx.main.models import * # noqa
+from awx.main.models import (
+    ActivityStream, AdHocCommandEvent, Group, Host, InstanceGroup, Inventory,
+    InventorySource, InventoryUpdateEvent, Job, JobEvent, JobHostSummary,
+    JobTemplate, OAuth2AccessToken, Organization, Project, ProjectUpdateEvent,
+    Role, SystemJob, SystemJobEvent, SystemJobTemplate, UnifiedJob,
+    UnifiedJobTemplate, User, UserSessionMembership,
+    ROLE_SINGLETON_SYSTEM_ADMINISTRATOR
+)
 from awx.main.constants import CENSOR_VALUE
 from awx.main.utils import model_instance_diff, model_to_dict, camelcase_to_underscore, get_current_apps
 from awx.main.utils import ignore_inventory_computed_fields, ignore_inventory_group_removal, _inventory_updates

awx/main/tests/functional/api/test_organizations.py

@@ -10,7 +10,7 @@ import pytest
 from unittest import mock
 
 # AWX
-from awx.main.models import * # noqa
+from awx.main.models import ProjectUpdate
 from awx.api.versioning import reverse
 
 

awx/main/tests/functional/test_named_url.py

@@ -1,10 +1,15 @@
 import pytest
 
 from django.core.exceptions import ImproperlyConfigured
+from django.conf import settings
 
 from awx.api.versioning import reverse
 from awx.main.middleware import URLModificationMiddleware
-from awx.main.models import * # noqa
+from awx.main.models import (  # noqa
+    Credential, CustomInventoryScript, Group, Host, Instance, InstanceGroup,
+    Inventory, InventorySource, JobTemplate, NotificationTemplate,
+    Organization, Project, User, WorkflowJobTemplate,
+)
 from awx.conf import settings_registry
 
 

awx/main/tests/unit/api/test_views.py

@@ -113,7 +113,7 @@ class TestInventoryInventorySourcesUpdate:
 
         with mocker.patch.object(InventoryInventorySourcesUpdate, 'get_object', return_value=obj):
             with mocker.patch.object(InventoryInventorySourcesUpdate, 'get_serializer_context', return_value=None):
-                with mocker.patch('awx.api.views.InventoryUpdateDetailSerializer') as serializer_class:
+                with mocker.patch('awx.api.serializers.InventoryUpdateDetailSerializer') as serializer_class:
                     serializer = serializer_class.return_value
                     serializer.to_representation.return_value = {}
 

awx/main/utils/__init__.py

@@ -2,5 +2,8 @@
 # All Rights Reserved.
 
 # AWX
-from awx.main.utils.common import * # noqa
+from awx.main.utils.common import *  # noqa
-from awx.main.utils.encryption import * # noqa
+from awx.main.utils.encryption import (  # noqa
+    get_encryption_key, encrypt_field, decrypt_field, encrypt_value,
+    decrypt_value, encrypt_dict,
+)

awx/plugins/library/scan_files.py

@@ -101,7 +101,7 @@ EXAMPLES = '''
 
 
 def main():
-    module = AnsibleModule(
+    module = AnsibleModule(  # noqa
         argument_spec = dict(paths=dict(required=True, type='list'),
                              recursive=dict(required=False, default='no', type='bool'),
                              get_checksum=dict(required=False, default='no', type='bool')))

awx/plugins/library/scan_insights.py

@@ -47,7 +47,7 @@ def get_system_id(filname):
 
 
 def main():
-    module = AnsibleModule(
+    module = AnsibleModule(  # noqa
         argument_spec = dict()
     )
 

awx/plugins/library/scan_packages.py

@@ -90,7 +90,7 @@ def deb_package_list():
 
 
 def main():
-    module = AnsibleModule(
+    module = AnsibleModule(  # noqa
         argument_spec = dict(os_family=dict(required=True))
     )
     ans_os = module.params['os_family']

awx/plugins/library/scan_services.py

@@ -167,7 +167,7 @@ class SystemctlScanService(BaseService):
 
 
 def main():
-    module = AnsibleModule(argument_spec = dict())
+    module = AnsibleModule(argument_spec = dict())  # noqa
     service_modules = (ServiceScanService, SystemctlScanService)
     all_services = {}
     incomplete_warning = False

awx/settings/development.py

@@ -44,13 +44,13 @@ SHELL_PLUS_PRINT_SQL = False
 
 # show colored logs in the dev environment
 # to disable this, set `COLOR_LOGS = False` in awx/settings/local_settings.py
-LOGGING['handlers']['console']['()'] = 'awx.main.utils.handlers.ColorHandler'
+LOGGING['handlers']['console']['()'] = 'awx.main.utils.handlers.ColorHandler'  # noqa
 # task system does not propagate to AWX, so color log these too
-LOGGING['handlers']['task_system'] = LOGGING['handlers']['console'].copy()
+LOGGING['handlers']['task_system'] = LOGGING['handlers']['console'].copy()  # noqa
 COLOR_LOGS = True
 
 # Pipe management playbook output to console
-LOGGING['loggers']['awx.isolated.manager.playbooks']['propagate'] = True
+LOGGING['loggers']['awx.isolated.manager.playbooks']['propagate'] = True  # noqa
 
 ALLOWED_HOSTS = ['*']
 
@@ -92,7 +92,7 @@ PENDO_TRACKING_STATE = "off"
 # Use Django-Jenkins if installed. Only run tests for awx.main app.
 try:
     import django_jenkins
-    INSTALLED_APPS += (django_jenkins.__name__,)
+    INSTALLED_APPS += (django_jenkins.__name__,)  # noqa
     PROJECT_APPS = ('awx.main.tests', 'awx.api.tests',)
 except ImportError:
     pass

awx/settings/production.py

@@ -52,14 +52,14 @@ AWX_VENV_PATH = os.path.join(BASE_VENV_PATH, "awx")
 
 AWX_ISOLATED_USERNAME = 'awx'
 
-LOGGING['handlers']['tower_warnings']['filename'] = '/var/log/tower/tower.log'
+LOGGING['handlers']['tower_warnings']['filename'] = '/var/log/tower/tower.log'  # noqa
-LOGGING['handlers']['callback_receiver']['filename'] = '/var/log/tower/callback_receiver.log'
+LOGGING['handlers']['callback_receiver']['filename'] = '/var/log/tower/callback_receiver.log'  # noqa
-LOGGING['handlers']['dispatcher']['filename'] = '/var/log/tower/dispatcher.log'
+LOGGING['handlers']['dispatcher']['filename'] = '/var/log/tower/dispatcher.log'  # noqa
-LOGGING['handlers']['task_system']['filename'] = '/var/log/tower/task_system.log'
+LOGGING['handlers']['task_system']['filename'] = '/var/log/tower/task_system.log'  # noqa
-LOGGING['handlers']['fact_receiver']['filename'] = '/var/log/tower/fact_receiver.log'
+LOGGING['handlers']['fact_receiver']['filename'] = '/var/log/tower/fact_receiver.log'  # noqa
-LOGGING['handlers']['management_playbooks']['filename'] = '/var/log/tower/management_playbooks.log'
+LOGGING['handlers']['management_playbooks']['filename'] = '/var/log/tower/management_playbooks.log'  # noqa
-LOGGING['handlers']['system_tracking_migrations']['filename'] = '/var/log/tower/tower_system_tracking_migrations.log'
+LOGGING['handlers']['system_tracking_migrations']['filename'] = '/var/log/tower/tower_system_tracking_migrations.log'  # noqa
-LOGGING['handlers']['rbac_migrations']['filename'] = '/var/log/tower/tower_rbac_migrations.log'
+LOGGING['handlers']['rbac_migrations']['filename'] = '/var/log/tower/tower_rbac_migrations.log'  # noqa
 
 # Store a snapshot of default settings at this point before loading any
 # customizable config files.

awx/sso/conf.py

@@ -11,10 +11,21 @@ from django.utils.translation import ugettext_lazy as _
 from rest_framework import serializers
 
 # Tower
-from awx.conf import register, register_validate
+from awx.conf import register, register_validate, fields
-from awx.sso import fields
+from awx.sso.fields import (
+    AuthenticationBackendsField, LDAPConnectionOptionsField, LDAPDNField,
+    LDAPDNWithUserField, LDAPGroupTypeField, LDAPGroupTypeParamsField,
+    LDAPOrganizationMapField, LDAPSearchField, LDAPSearchUnionField,
+    LDAPServerURIField, LDAPTeamMapField, LDAPUserAttrMapField,
+    LDAPUserFlagsField, SAMLContactField, SAMLEnabledIdPsField,
+    SAMLOrgAttrField, SAMLOrgInfoField, SAMLSecurityField, SAMLTeamAttrField,
+    SocialOrganizationMapField, SocialTeamMapField,
+)
 from awx.main.validators import validate_private_key, validate_certificate
-from awx.sso.validators import *  # noqa
+from awx.sso.validators import (  # noqa
+    validate_ldap_bind_dn,
+    validate_tacacsplus_disallow_nonascii,
+)
 
 
 class SocialAuthCallbackURL(object):
@@ -76,19 +87,19 @@ SOCIAL_AUTH_TEAM_MAP_PLACEHOLDER = collections.OrderedDict([
 
 register(
     'AUTHENTICATION_BACKENDS',
-    field_class=fields.AuthenticationBackendsField,
+    field_class=AuthenticationBackendsField,
     label=_('Authentication Backends'),
     help_text=_('List of authentication backends that are enabled based on '
                 'license features and other authentication settings.'),
     read_only=True,
-    depends_on=fields.AuthenticationBackendsField.get_all_required_settings(),
+    depends_on=AuthenticationBackendsField.get_all_required_settings(),
     category=_('Authentication'),
     category_slug='authentication',
 )
 
 register(
     'SOCIAL_AUTH_ORGANIZATION_MAP',
-    field_class=fields.SocialOrganizationMapField,
+    field_class=SocialOrganizationMapField,
     allow_null=True,
     default=None,
     label=_('Social Auth Organization Map'),
@@ -100,7 +111,7 @@ register(
 
 register(
     'SOCIAL_AUTH_TEAM_MAP',
-    field_class=fields.SocialTeamMapField,
+    field_class=SocialTeamMapField,
     allow_null=True,
     default=None,
     label=_('Social Auth Team Map'),
@@ -135,7 +146,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_SERVER_URI'.format(append_str),
-        field_class=fields.LDAPServerURIField,
+        field_class=LDAPServerURIField,
         allow_blank=True,
         default='',
         label=_('LDAP Server URI'),
@@ -190,7 +201,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_CONNECTION_OPTIONS'.format(append_str),
-        field_class=fields.LDAPConnectionOptionsField,
+        field_class=LDAPConnectionOptionsField,
         default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30},
         label=_('LDAP Connection Options'),
         help_text=_('Additional options to set for the LDAP connection.  LDAP '
@@ -210,7 +221,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_USER_SEARCH'.format(append_str),
-        field_class=fields.LDAPSearchUnionField,
+        field_class=LDAPSearchUnionField,
         default=[],
         label=_('LDAP User Search'),
         help_text=_('LDAP search query to find users.  Any user that matches the given '
@@ -231,7 +242,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_USER_DN_TEMPLATE'.format(append_str),
-        field_class=fields.LDAPDNWithUserField,
+        field_class=LDAPDNWithUserField,
         allow_blank=True,
         allow_null=True,
         default=None,
@@ -249,7 +260,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_USER_ATTR_MAP'.format(append_str),
-        field_class=fields.LDAPUserAttrMapField,
+        field_class=LDAPUserAttrMapField,
         default={},
         label=_('LDAP User Attribute Map'),
         help_text=_('Mapping of LDAP user schema to Tower API user attributes. The default'
@@ -268,7 +279,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_GROUP_SEARCH'.format(append_str),
-        field_class=fields.LDAPSearchField,
+        field_class=LDAPSearchField,
         default=[],
         label=_('LDAP Group Search'),
         help_text=_('Users are mapped to organizations based on their membership in LDAP'
@@ -286,7 +297,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_GROUP_TYPE'.format(append_str),
-        field_class=fields.LDAPGroupTypeField,
+        field_class=LDAPGroupTypeField,
         label=_('LDAP Group Type'),
         help_text=_('The group type may need to be changed based on the type of the '
                     'LDAP server.  Values are listed at: '
@@ -300,7 +311,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_GROUP_TYPE_PARAMS'.format(append_str),
-        field_class=fields.LDAPGroupTypeParamsField,
+        field_class=LDAPGroupTypeParamsField,
         label=_('LDAP Group Type Parameters'),
         help_text=_('Key value parameters to send the chosen group type init method.'),
         category=_('LDAP'),
@@ -320,7 +331,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_REQUIRE_GROUP'.format(append_str),
-        field_class=fields.LDAPDNField,
+        field_class=LDAPDNField,
         allow_blank=True,
         allow_null=True,
         default=None,
@@ -337,7 +348,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_DENY_GROUP'.format(append_str),
-        field_class=fields.LDAPDNField,
+        field_class=LDAPDNField,
         allow_blank=True,
         allow_null=True,
         default=None,
@@ -353,7 +364,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_USER_FLAGS_BY_GROUP'.format(append_str),
-        field_class=fields.LDAPUserFlagsField,
+        field_class=LDAPUserFlagsField,
         default={},
         label=_('LDAP User Flags By Group'),
         help_text=_('Retrieve users from a given group. At this time, superuser and system'
@@ -370,7 +381,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_ORGANIZATION_MAP'.format(append_str),
-        field_class=fields.LDAPOrganizationMapField,
+        field_class=LDAPOrganizationMapField,
         default={},
         label=_('LDAP Organization Map'),
         help_text=_('Mapping between organization admins/users and LDAP groups. This '
@@ -398,7 +409,7 @@ def _register_ldap(append=None):
 
     register(
         'AUTH_LDAP{}_TEAM_MAP'.format(append_str),
-        field_class=fields.LDAPTeamMapField,
+        field_class=LDAPTeamMapField,
         default={},
         label=_('LDAP Team Map'),
         help_text=_('Mapping between team members (users) and LDAP groups. Configuration'
@@ -610,7 +621,7 @@ register(
 
 register(
     'SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP',
-    field_class=fields.SocialOrganizationMapField,
+    field_class=SocialOrganizationMapField,
     allow_null=True,
     default=None,
     label=_('Google OAuth2 Organization Map'),
@@ -622,7 +633,7 @@ register(
 
 register(
     'SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP',
-    field_class=fields.SocialTeamMapField,
+    field_class=SocialTeamMapField,
     allow_null=True,
     default=None,
     label=_('Google OAuth2 Team Map'),
@@ -675,7 +686,7 @@ register(
 
 register(
     'SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP',
-    field_class=fields.SocialOrganizationMapField,
+    field_class=SocialOrganizationMapField,
     allow_null=True,
     default=None,
     label=_('GitHub OAuth2 Organization Map'),
@@ -687,7 +698,7 @@ register(
 
 register(
     'SOCIAL_AUTH_GITHUB_TEAM_MAP',
-    field_class=fields.SocialTeamMapField,
+    field_class=SocialTeamMapField,
     allow_null=True,
     default=None,
     label=_('GitHub OAuth2 Team Map'),
@@ -752,7 +763,7 @@ register(
 
 register(
     'SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP',
-    field_class=fields.SocialOrganizationMapField,
+    field_class=SocialOrganizationMapField,
     allow_null=True,
     default=None,
     label=_('GitHub Organization OAuth2 Organization Map'),
@@ -764,7 +775,7 @@ register(
 
 register(
     'SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP',
-    field_class=fields.SocialTeamMapField,
+    field_class=SocialTeamMapField,
     allow_null=True,
     default=None,
     label=_('GitHub Organization OAuth2 Team Map'),
@@ -830,7 +841,7 @@ register(
 
 register(
     'SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP',
-    field_class=fields.SocialOrganizationMapField,
+    field_class=SocialOrganizationMapField,
     allow_null=True,
     default=None,
     label=_('GitHub Team OAuth2 Organization Map'),
@@ -842,7 +853,7 @@ register(
 
 register(
     'SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP',
-    field_class=fields.SocialTeamMapField,
+    field_class=SocialTeamMapField,
     allow_null=True,
     default=None,
     label=_('GitHub Team OAuth2 Team Map'),
@@ -895,7 +906,7 @@ register(
 
 register(
     'SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP',
-    field_class=fields.SocialOrganizationMapField,
+    field_class=SocialOrganizationMapField,
     allow_null=True,
     default=None,
     label=_('Azure AD OAuth2 Organization Map'),
@@ -907,7 +918,7 @@ register(
 
 register(
     'SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP',
-    field_class=fields.SocialTeamMapField,
+    field_class=SocialTeamMapField,
     allow_null=True,
     default=None,
     label=_('Azure AD OAuth2 Team Map'),
@@ -1004,7 +1015,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_ORG_INFO',
-    field_class=fields.SAMLOrgInfoField,
+    field_class=SAMLOrgInfoField,
     required=True,
     label=_('SAML Service Provider Organization Info'),
     help_text=_('Provide the URL, display name, and the name of your app. Refer to'
@@ -1023,7 +1034,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_TECHNICAL_CONTACT',
-    field_class=fields.SAMLContactField,
+    field_class=SAMLContactField,
     allow_blank=True,
     required=True,
     label=_('SAML Service Provider Technical Contact'),
@@ -1041,7 +1052,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_SUPPORT_CONTACT',
-    field_class=fields.SAMLContactField,
+    field_class=SAMLContactField,
     allow_blank=True,
     required=True,
     label=_('SAML Service Provider Support Contact'),
@@ -1059,7 +1070,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_ENABLED_IDPS',
-    field_class=fields.SAMLEnabledIdPsField,
+    field_class=SAMLEnabledIdPsField,
     default={},
     label=_('SAML Enabled Identity Providers'),
     help_text=_('Configure the Entity ID, SSO URL and certificate for each identity'
@@ -1096,7 +1107,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_SECURITY_CONFIG',
-    field_class=fields.SAMLSecurityField,
+    field_class=SAMLSecurityField,
     allow_null=True,
     default={'requestedAuthnContext': False},
     label=_('SAML Security Config'),
@@ -1161,7 +1172,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_ORGANIZATION_MAP',
-    field_class=fields.SocialOrganizationMapField,
+    field_class=SocialOrganizationMapField,
     allow_null=True,
     default=None,
     label=_('SAML Organization Map'),
@@ -1174,7 +1185,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_TEAM_MAP',
-    field_class=fields.SocialTeamMapField,
+    field_class=SocialTeamMapField,
     allow_null=True,
     default=None,
     label=_('SAML Team Map'),
@@ -1187,7 +1198,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_ORGANIZATION_ATTR',
-    field_class=fields.SAMLOrgAttrField,
+    field_class=SAMLOrgAttrField,
     allow_null=True,
     default=None,
     label=_('SAML Organization Attribute Mapping'),
@@ -1205,7 +1216,7 @@ register(
 
 register(
     'SOCIAL_AUTH_SAML_TEAM_ATTR',
-    field_class=fields.SAMLTeamAttrField,
+    field_class=SAMLTeamAttrField,
     allow_null=True,
     default=None,
     label=_('SAML Team Attribute Mapping'),

awx/sso/fields.py

@@ -1,3 +1,8 @@
+import collections
+import inspect
+import json
+import re
+
 # Python LDAP
 import ldap
 import awx
@@ -13,15 +18,23 @@ from django_auth_ldap.config import (
     LDAPSearchUnion,
 )
 
+from rest_framework.fields import empty
+
 # This must be imported so get_subclasses picks it up
 from awx.sso.ldap_group_types import PosixUIDGroupType  # noqa
 
 # Tower
 from awx.conf import fields
-from awx.conf.fields import *  # noqa
 from awx.conf.license import feature_enabled
 from awx.main.validators import validate_certificate
-from awx.sso.validators import *  # noqa
+from awx.sso.validators import (  # noqa
+    validate_ldap_dn,
+    validate_ldap_bind_dn,
+    validate_ldap_dn_with_user,
+    validate_ldap_filter,
+    validate_ldap_filter_with_user,
+    validate_tacacsplus_disallow_nonascii,
+)
 
 
 def get_subclasses(cls):

awx/ui/conf.py

@@ -6,7 +6,7 @@ from django.utils.translation import ugettext_lazy as _
 
 # Tower
 from awx.conf import register, fields
-from awx.ui.fields import *  # noqa
+from awx.ui.fields import PendoTrackingStateField, CustomLogoField  # noqa
 
 
 register(

setup.cfg

@@ -17,5 +17,5 @@ exclude=.tox,venv,awx/lib/site-packages,awx/plugins/inventory/ec2.py,awx/plugins
 
 [flake8]
 max-line-length=160
-ignore=E201,E203,E221,E225,E231,E241,E251,E261,E265,E303,W291,W391,W293,E731,F405,W504
+ignore=E201,E203,E221,E225,E231,E241,E251,E261,E265,E303,W291,W391,W293,E731,W504
 exclude=.tox,venv,awx/lib/site-packages,awx/plugins/inventory,awx/ui,awx/api/urls.py,awx/main/migrations,awx/main/tests/data,node_modules/,awx/projects/,tools/docker,awx/settings/local_*.py,installer/openshift/settings.py,build/,installer/

tools/data_generators/rbac_dummy_data_generator.py

@@ -38,7 +38,12 @@ django.setup() # noqa
 from django.db import transaction # noqa
 
 # awx
-from awx.main.models import * # noqa
+from awx.main.models import (  # noqa
+    Credential, CredentialType, Group, Host, Inventory, Job, JobEvent,
+    JobHostSummary, JobTemplate, Label, Organization, PrimordialModel, Project,
+    Team, User, WorkflowJobTemplate, WorkflowJobTemplateNode,
+    batch_role_ancestor_rebuilding,
+)
 from awx.main.signals import ( # noqa
     disable_activity_stream,
     disable_computed_fields