External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-05-19 14:57:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

Update LDAP/SAML config dump command (#15106)

Browse Source 
* update LDAP config dump

* return missing fields if any

* update test, remove unused import

* return bool and fields. check for missing_fields
This commit is contained in:
jessicamack
2024-04-15 12:26:57 -04:00
committed by GitHub
parent e3af658f82
commit a176c04c14
2 changed files with 45 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
awx/main/management/commands/dump_auth_config.py
View File

@@ -2,10 +2,11 @@ import json
import os import os
import sys import sys
import re import re
from typing import Any from typing import Any
from django.core.management.base import BaseCommand from django.core.management.base import BaseCommand
from django.conf import settings from django.conf import settings
from awx.conf import settings_registry from awx.conf import settings_registry
@@ -40,6 +41,15 @@ class Command(BaseCommand):
"USER_SEARCH": False, "USER_SEARCH": False,
} }
def is_enabled(self, settings, keys):
missing_fields = []
for key, required in keys.items():
if required and not settings.get(key):
missing_fields.append(key)
if missing_fields:
return False, missing_fields
return True, None
def get_awx_ldap_settings(self) -> dict[str, dict[str, Any]]: def get_awx_ldap_settings(self) -> dict[str, dict[str, Any]]:
awx_ldap_settings = {} awx_ldap_settings = {}
@@ -64,15 +74,17 @@ class Command(BaseCommand):
if new_key == "SERVER_URI" and value: if new_key == "SERVER_URI" and value:
value = value.split(", ") value = value.split(", ")
grouped_settings[index][new_key] = value
if type(value).__name__ == "LDAPSearch":
data = []
data.append(value.base_dn)
data.append("SCOPE_SUBTREE")
data.append(value.filterstr)
grouped_settings[index][new_key] = data
return grouped_settings return grouped_settings
def is_enabled(self, settings, keys):
for key, required in keys.items():
if required and not settings.get(key):
return False
return True
def get_awx_saml_settings(self) -> dict[str, Any]: def get_awx_saml_settings(self) -> dict[str, Any]:
awx_saml_settings = {} awx_saml_settings = {}
for awx_saml_setting in settings_registry.get_registered_settings(category_slug='saml'): for awx_saml_setting in settings_registry.get_registered_settings(category_slug='saml'):
@@ -82,7 +94,7 @@ class Command(BaseCommand):
def format_config_data(self, enabled, awx_settings, type, keys, name): def format_config_data(self, enabled, awx_settings, type, keys, name):
config = { config = {
"type": f"awx.authentication.authenticator_plugins.{type}", "type": f"ansible_base.authentication.authenticator_plugins.{type}",
"name": name, "name": name,
"enabled": enabled, "enabled": enabled,
"create_objects": True, "create_objects": True,
@@ -130,7 +142,7 @@ class Command(BaseCommand):
# dump SAML settings # dump SAML settings
awx_saml_settings = self.get_awx_saml_settings() awx_saml_settings = self.get_awx_saml_settings()
awx_saml_enabled = self.is_enabled(awx_saml_settings, self.DAB_SAML_AUTHENTICATOR_KEYS) awx_saml_enabled, saml_missing_fields = self.is_enabled(awx_saml_settings, self.DAB_SAML_AUTHENTICATOR_KEYS)
if awx_saml_enabled: if awx_saml_enabled:
awx_saml_name = awx_saml_settings["ENABLED_IDPS"] awx_saml_name = awx_saml_settings["ENABLED_IDPS"]
data.append( data.append(
@@ -142,21 +154,25 @@ class Command(BaseCommand):
awx_saml_name, awx_saml_name,
) )
) )
else:
data.append({"SAML_missing_fields": saml_missing_fields})
# dump LDAP settings # dump LDAP settings
awx_ldap_group_settings = self.get_awx_ldap_settings() awx_ldap_group_settings = self.get_awx_ldap_settings()
for awx_ldap_name, awx_ldap_settings in enumerate(awx_ldap_group_settings.values()): for awx_ldap_name, awx_ldap_settings in awx_ldap_group_settings.items():
enabled = self.is_enabled(awx_ldap_settings, self.DAB_LDAP_AUTHENTICATOR_KEYS) awx_ldap_enabled, ldap_missing_fields = self.is_enabled(awx_ldap_settings, self.DAB_LDAP_AUTHENTICATOR_KEYS)
if enabled: if awx_ldap_enabled:
data.append( data.append(
self.format_config_data( self.format_config_data(
enabled, awx_ldap_enabled,
awx_ldap_settings, awx_ldap_settings,
"ldap", "ldap",
self.DAB_LDAP_AUTHENTICATOR_KEYS, self.DAB_LDAP_AUTHENTICATOR_KEYS,
str(awx_ldap_name), f"LDAP_{awx_ldap_name}",
) )
) )
else:
data.append({f"LDAP_{awx_ldap_name}_missing_fields": ldap_missing_fields})
# write to file if requested # write to file if requested
if options["output_file"]: if options["output_file"]:

20
awx/main/tests/unit/commands/test_dump_auth_config.py
View File

@@ -52,7 +52,7 @@ class TestDumpAuthConfigCommand(TestCase):
super().setUp() super().setUp()
self.expected_config = [ self.expected_config = [
{ {
"type": "awx.authentication.authenticator_plugins.saml", "type": "ansible_base.authentication.authenticator_plugins.saml",
"name": "Keycloak", "name": "Keycloak",
"enabled": True, "enabled": True,
"create_objects": True, "create_objects": True,
@@ -94,14 +94,14 @@ class TestDumpAuthConfigCommand(TestCase):
}, },
}, },
{ {
"type": "awx.authentication.authenticator_plugins.ldap", "type": "ansible_base.authentication.authenticator_plugins.ldap",
"name": "1", "name": "LDAP_1",
"enabled": True, "enabled": True,
"create_objects": True, "create_objects": True,
"users_unique": False, "users_unique": False,
"remove_users": True, "remove_users": True,
"configuration": { "configuration": {
"SERVER_URI": "SERVER_URI", "SERVER_URI": ["SERVER_URI"],
"BIND_DN": "BIND_DN", "BIND_DN": "BIND_DN",
"BIND_PASSWORD": "BIND_PASSWORD", "BIND_PASSWORD": "BIND_PASSWORD",
"CONNECTION_OPTIONS": {}, "CONNECTION_OPTIONS": {},
@@ -119,4 +119,14 @@ class TestDumpAuthConfigCommand(TestCase):
def test_json_returned_from_cmd(self): def test_json_returned_from_cmd(self):
output = StringIO() output = StringIO()
call_command("dump_auth_config", stdout=output) call_command("dump_auth_config", stdout=output)
assert json.loads(output.getvalue()) == self.expected_config cmmd_output = json.loads(output.getvalue())
# check configured SAML return
assert cmmd_output[0] == self.expected_config[0]
# check configured LDAP return
assert cmmd_output[2] == self.expected_config[1]
# check unconfigured LDAP return
assert "LDAP_0_missing_fields" in cmmd_output[1]
assert cmmd_output[1]["LDAP_0_missing_fields"] == ['SERVER_URI', 'GROUP_TYPE', 'GROUP_TYPE_PARAMS', 'USER_DN_TEMPLATE', 'USER_ATTR_MAP']