Remove the isolation-specific settings

- AWX_ISOLATED_PUBLIC_KEY
- AWX_ISOLATED_PRIVATE_KEY
- AWX_ISOLATED_KEY_GENERATION
- AWX_ISOLATED_HOST_KEY_CHECKING
- AWX_ISOLATED_USERNAME
- AWX_ISOLATED_CONNECTION_TIMEOUT
- AWX_ISOLATED_LAUNCH_TIMEOUT
- AWX_ISOLATED_PERIODIC_CHECK
- AWX_ISOLATED_CHECK_INTERVAL

awx/conf/registry.py

@@ -92,11 +92,7 @@ class SettingsRegistry(object):
                 continue
             if kwargs.get('category_slug', None) in slugs_to_ignore:
                 continue
-            if (
-                read_only in {True, False}
-                and kwargs.get('read_only', False) != read_only
-                and setting not in ('INSTALL_UUID', 'AWX_ISOLATED_PRIVATE_KEY', 'AWX_ISOLATED_PUBLIC_KEY')
-            ):
+            if read_only in {True, False} and kwargs.get('read_only', False) != read_only and setting != 'INSTALL_UUID':
                 # Note: Doesn't catch fields that set read_only via __init__;
                 # read-only field kwargs should always include read_only=True.
                 continue

awx/conf/serializers.py

@@ -81,10 +81,8 @@ class SettingSingletonSerializer(serializers.Serializer):
             if self.instance and not hasattr(self.instance, key):
                 continue
             extra_kwargs = {}
-            # Make LICENSE and AWX_ISOLATED_KEY_GENERATION read-only here;
-            # LICENSE is only updated via /api/v2/config/
-            # AWX_ISOLATED_KEY_GENERATION is only set/unset via the setup playbook
-            if key in ('LICENSE', 'AWX_ISOLATED_KEY_GENERATION'):
+            # Make LICENSE read-only here; LICENSE is only updated via /api/v2/config/
+            if key == 'LICENSE':
                 extra_kwargs['read_only'] = True
             field = settings_registry.get_setting_field(key, mixin_class=SettingFieldMixin, for_user=bool(category_slug == 'user'), **extra_kwargs)
             fields[key] = field

awx/conf/settings.py

@@ -350,13 +350,8 @@ class SettingsWrapper(UserSettingsHolder):
         if value is empty:
             setting = None
             setting_id = None
-            if not field.read_only or name in (
-                # these values are read-only - however - we *do* want
-                # to fetch their value from the database
-                'INSTALL_UUID',
-                'AWX_ISOLATED_PRIVATE_KEY',
-                'AWX_ISOLATED_PUBLIC_KEY',
-            ):
+            # this value is read-only, however we *do* want to fetch its value from the database
+            if not field.read_only or name == 'INSTALL_UUID':
                 setting = Setting.objects.filter(key=name, user__isnull=True).order_by('pk').first()
             if setting:
                 if getattr(field, 'encrypted', False):

awx/main/conf.py

@@ -250,95 +250,6 @@ register(
     category_slug='jobs',
 )
 
-register(
-    'AWX_ISOLATED_CHECK_INTERVAL',
-    field_class=fields.IntegerField,
-    min_value=0,
-    label=_('Isolated status check interval'),
-    help_text=_('The number of seconds to sleep between status checks for jobs running on isolated instances.'),
-    category=_('Jobs'),
-    category_slug='jobs',
-    unit=_('seconds'),
-)
-
-register(
-    'AWX_ISOLATED_LAUNCH_TIMEOUT',
-    field_class=fields.IntegerField,
-    min_value=0,
-    label=_('Isolated launch timeout'),
-    help_text=_(
-        'The timeout (in seconds) for launching jobs on isolated instances.  '
-        'This includes the time needed to copy source control files (playbooks) to the isolated instance.'
-    ),
-    category=_('Jobs'),
-    category_slug='jobs',
-    unit=_('seconds'),
-)
-
-register(
-    'AWX_ISOLATED_CONNECTION_TIMEOUT',
-    field_class=fields.IntegerField,
-    min_value=0,
-    default=10,
-    label=_('Isolated connection timeout'),
-    help_text=_(
-        'Ansible SSH connection timeout (in seconds) to use when communicating with isolated instances. '
-        'Value should be substantially greater than expected network latency.'
-    ),
-    category=_('Jobs'),
-    category_slug='jobs',
-    unit=_('seconds'),
-)
-
-register(
-    'AWX_ISOLATED_HOST_KEY_CHECKING',
-    field_class=fields.BooleanField,
-    label=_('Isolated host key checking'),
-    help_text=_('When set to True, AWX will enforce strict host key checking for communication with isolated nodes.'),
-    category=_('Jobs'),
-    category_slug='jobs',
-    default=False,
-)
-
-register(
-    'AWX_ISOLATED_KEY_GENERATION',
-    field_class=fields.BooleanField,
-    default=True,
-    label=_('Generate RSA keys for isolated instances'),
-    help_text=_(
-        'If set, a random RSA key will be generated and distributed to '
-        'isolated instances.  To disable this behavior and manage authentication '
-        'for isolated instances outside of Tower, disable this setting.'
-    ),  # noqa
-    category=_('Jobs'),
-    category_slug='jobs',
-)
-
-register(
-    'AWX_ISOLATED_PRIVATE_KEY',
-    field_class=fields.CharField,
-    default='',
-    allow_blank=True,
-    encrypted=True,
-    read_only=True,
-    label=_('The RSA private key for SSH traffic to isolated instances'),
-    help_text=_('The RSA private key for SSH traffic to isolated instances'),  # noqa
-    category=_('Jobs'),
-    category_slug='jobs',
-)
-
-register(
-    'AWX_ISOLATED_PUBLIC_KEY',
-    field_class=fields.CharField,
-    default='',
-    allow_blank=True,
-    read_only=True,
-    label=_('The RSA public key for SSH traffic to isolated instances'),
-    help_text=_('The RSA public key for SSH traffic to isolated instances'),  # noqa
-    category=_('Jobs'),
-    category_slug='jobs',
-)
-
 register(
     'AWX_TASK_ENV',
     field_class=fields.KeyValueField,

awx/main/tests/functional/api/test_settings.py

@@ -5,8 +5,6 @@
 # Python
 import pytest
 
-from django.conf import settings
-
 # AWX
 from awx.api.versioning import reverse
 from awx.conf.models import Setting
@@ -322,60 +320,6 @@ def test_logging_aggregator_connection_test_valid(put, post, admin):
     post(url, {}, user=admin, expect=202)
 
 
-@pytest.mark.django_db
-@pytest.mark.parametrize(
-    'setting_name',
-    [
-        'AWX_ISOLATED_CHECK_INTERVAL',
-        'AWX_ISOLATED_LAUNCH_TIMEOUT',
-        'AWX_ISOLATED_CONNECTION_TIMEOUT',
-    ],
-)
-def test_isolated_job_setting_validation(get, patch, admin, setting_name):
-    url = reverse('api:setting_singleton_detail', kwargs={'category_slug': 'jobs'})
-    patch(url, user=admin, data={setting_name: -1}, expect=400)
-
-    data = get(url, user=admin).data
-    assert data[setting_name] != -1
-
-
-@pytest.mark.django_db
-@pytest.mark.parametrize(
-    'key, expected',
-    [
-        ['AWX_ISOLATED_PRIVATE_KEY', '$encrypted$'],
-        ['AWX_ISOLATED_PUBLIC_KEY', 'secret'],
-    ],
-)
-def test_isolated_keys_readonly(get, patch, delete, admin, key, expected):
-    Setting.objects.create(key=key, value='secret').save()
-    assert getattr(settings, key) == 'secret'
-
-    url = reverse('api:setting_singleton_detail', kwargs={'category_slug': 'jobs'})
-    resp = get(url, user=admin)
-    assert resp.data[key] == expected
-
-    patch(url, user=admin, data={key: 'new-secret'})
-    assert getattr(settings, key) == 'secret'
-
-    delete(url, user=admin)
-    assert getattr(settings, key) == 'secret'
-
-
-@pytest.mark.django_db
-def test_isolated_key_flag_readonly(get, patch, delete, admin):
-    settings.AWX_ISOLATED_KEY_GENERATION = True
-    url = reverse('api:setting_singleton_detail', kwargs={'category_slug': 'jobs'})
-    resp = get(url, user=admin)
-    assert resp.data['AWX_ISOLATED_KEY_GENERATION'] is True
-
-    patch(url, user=admin, data={'AWX_ISOLATED_KEY_GENERATION': False})
-    assert settings.AWX_ISOLATED_KEY_GENERATION is True
-
-    delete(url, user=admin)
-    assert settings.AWX_ISOLATED_KEY_GENERATION is True
-
-
 @pytest.mark.django_db
 @pytest.mark.parametrize('headers', [True, False])
 def test_saml_x509cert_validation(patch, get, admin, headers):

awx/settings/defaults.py

@@ -408,23 +408,6 @@ AUTH_BASIC_ENABLED = True
 # when trying to access a UI page that requries authentication.
 LOGIN_REDIRECT_OVERRIDE = ''
 
-# Default to skipping isolated host key checking (the initial connection will
-# hang on an interactive "The authenticity of host example.org can't be
-# established" message)
-AWX_ISOLATED_HOST_KEY_CHECKING = False
-
-# The number of seconds to sleep between status checks for jobs running on isolated nodes
-AWX_ISOLATED_CHECK_INTERVAL = 30
-
-# The timeout (in seconds) for launching jobs on isolated nodes
-AWX_ISOLATED_LAUNCH_TIMEOUT = 600
-
-# Ansible connection timeout (in seconds) for communicating with isolated instances
-AWX_ISOLATED_CONNECTION_TIMEOUT = 10
-
-# The time (in seconds) between the periodic isolated heartbeat status check
-AWX_ISOLATED_PERIODIC_CHECK = 600
-
 DEVSERVER_DEFAULT_ADDR = '0.0.0.0'
 DEVSERVER_DEFAULT_PORT = '8013'
 

awx/settings/development.py

@@ -64,10 +64,6 @@ CALLBACK_QUEUE = "callback_tasks"
 # Note: This setting may be overridden by database settings.
 AWX_ROLES_ENABLED = True
 
-AWX_ISOLATED_USERNAME = 'root'
-AWX_ISOLATED_CHECK_INTERVAL = 1
-AWX_ISOLATED_PERIODIC_CHECK = 30
-
 # Disable Pendo on the UI for development/test.
 # Note: This setting may be overridden by database settings.
 PENDO_TRACKING_STATE = "off"

awx/settings/production.py

@@ -40,8 +40,6 @@ ANSIBLE_VENV_PATH = os.path.join(BASE_VENV_PATH, "ansible")
 # Tower base virtualenv paths and enablement
 AWX_VENV_PATH = os.path.join(BASE_VENV_PATH, "awx")
 
-AWX_ISOLATED_USERNAME = 'awx'
-
 # Store a snapshot of default settings at this point before loading any
 # customizable config files.
 DEFAULTS_SNAPSHOT = {}