Remove OIDC (#15569)

* remove oidc

* remove test fields, linting fix

* merge commit

awx/conf/migrations/0011_remove_oidc_auth_conf.py

@@ -0,0 +1,20 @@
+# Generated by Django 4.2.10 on 2024-08-27 19:31
+
+from django.db import migrations
+
+OIDC_AUTH_CONF_KEYS = ['SOCIAL_AUTH_OIDC_KEY', 'SOCIAL_AUTH_OIDC_SECRET', 'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT', 'SOCIAL_AUTH_OIDC_VERIFY_SSL']
+
+
+def remove_oidc_auth_conf(apps, scheme_editor):
+    setting = apps.get_model('conf', 'Setting')
+    setting.objects.filter(key__in=OIDC_AUTH_CONF_KEYS).delete()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('conf', '0010_change_to_JSONField'),
+    ]
+
+    operations = [
+        migrations.RunPython(remove_oidc_auth_conf),
+    ]

awx/sso/conf.py

@@ -143,54 +143,6 @@ if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
         category_slug='authentication',
     )
 
-    ###############################################################################
-    # Generic OIDC AUTHENTICATION SETTINGS
-    ###############################################################################
-
-    register(
-        'SOCIAL_AUTH_OIDC_KEY',
-        field_class=fields.CharField,
-        allow_null=False,
-        default=None,
-        label=_('OIDC Key'),
-        help_text='The OIDC key (Client ID) from your IDP.',
-        category=_('Generic OIDC'),
-        category_slug='oidc',
-    )
-
-    register(
-        'SOCIAL_AUTH_OIDC_SECRET',
-        field_class=fields.CharField,
-        allow_blank=True,
-        default='',
-        label=_('OIDC Secret'),
-        help_text=_('The OIDC secret (Client Secret) from your IDP.'),
-        category=_('Generic OIDC'),
-        category_slug='oidc',
-        encrypted=True,
-    )
-
-    register(
-        'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT',
-        field_class=fields.CharField,
-        allow_blank=True,
-        default='',
-        label=_('OIDC Provider URL'),
-        help_text=_('The URL for your OIDC provider including the path up to /.well-known/openid-configuration'),
-        category=_('Generic OIDC'),
-        category_slug='oidc',
-    )
-
-    register(
-        'SOCIAL_AUTH_OIDC_VERIFY_SSL',
-        field_class=fields.BooleanField,
-        default=True,
-        label=_('Verify OIDC Provider Certificate'),
-        help_text=_('Verify the OIDC provider ssl certificate.'),
-        category=_('Generic OIDC'),
-        category_slug='oidc',
-    )
-
     ###############################################################################
     # SAML AUTHENTICATION SETTINGS
     ###############################################################################

awx/sso/tests/functional/test_common.py

@@ -303,24 +303,14 @@ class TestCommonFunctions:
             (True, False, 'social'),
         ],
     )
-    def test_get_external_account(self, enable_social, enable_enterprise, expected_results):
+
+    def test_get_external_account(self, enable_enterprise, expected_results):
         try:
             user = User.objects.get(username="external_tester")
         except User.DoesNotExist:
             user = User(username="external_tester")
             user.set_unusable_password()
             user.save()
-
-        if enable_social:
-            from social_django.models import UserSocialAuth
-
-            social_auth, _ = UserSocialAuth.objects.get_or_create(
-                uid='667ec049-cdf3-45d0-a4dc-0465f7505954',
-                provider='oidc',
-                extra_data={},
-                user_id=user.id,
-            )
-            user.social_auth.set([social_auth])
         if enable_enterprise:
             from awx.sso.models import UserEnterpriseAuth
 
@@ -335,8 +325,6 @@ class TestCommonFunctions:
             # Set none of the social auth settings
             ('JUNK_SETTING', False),
             ('SOCIAL_AUTH_SAML_ENABLED_IDPS', True),
-            # Set some SOCIAL_SOCIAL_AUTH_OIDC_KEYAUTH_*_KEY settings
-            ('SOCIAL_AUTH_OIDC_KEY', True),
             # Try a hypothetical future one
             ('SOCIAL_AUTH_GIBBERISH_KEY', True),
             # Do a SAML one

tools/docker-compose/README.md

@@ -271,7 +271,6 @@ $ make docker-compose
 - [Using Logstash](./docs/logstash.md)
 - [Start a Cluster](#start-a-cluster)
 - [Start with Minikube](#start-with-minikube)
-- [SAML and OIDC Integration](#saml-and-oidc-integration)
 - [Splunk Integration](#splunk-integration)
 
 ### Start a Shell
@@ -352,7 +351,6 @@ If you want to clean all things once your are done, you can do:
 (host)$ make docker-compose-container-group-clean
 ```
 
-
 ### Splunk Integration
 
 Splunk is a log aggregation tool that can be used to test AWX with external logging integration. This section describes how to build a reference Splunk instance and plumb it with your AWX for testing purposes.

tools/docker-compose/ansible/templates/oidc_settings.json.j2

@@ -1,6 +0,0 @@
-{
-    "SOCIAL_AUTH_OIDC_KEY": "awx_oidc_client",
-    "SOCIAL_AUTH_OIDC_SECRET": "7b1c3527-8702-4742-af69-2b74ee5742e8",
-    "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": "https://{{ oidc_reference | default(container_reference) }}:8443/auth/realms/awx",
-    "SOCIAL_AUTH_OIDC_VERIFY_SSL": "False"
-}