External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-03-06 03:01:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

Remove OIDC (#15569)

Browse Source 
* remove oidc

* remove test fields, linting fix

* merge commit
This commit is contained in:
jessicamack
2024-10-02 12:18:47 -04:00
parent 65817d4fa4
commit bf09b95b61
5 changed files with 22 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
awx/conf/migrations/0011_remove_oidc_auth_conf.py Normal file
View File

@@ -0,0 +1,20 @@
# Generated by Django 4.2.10 on 2024-08-27 19:31
from django.db import migrations
OIDC_AUTH_CONF_KEYS = ['SOCIAL_AUTH_OIDC_KEY', 'SOCIAL_AUTH_OIDC_SECRET', 'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT', 'SOCIAL_AUTH_OIDC_VERIFY_SSL']
def remove_oidc_auth_conf(apps, scheme_editor):
setting = apps.get_model('conf', 'Setting')
setting.objects.filter(key__in=OIDC_AUTH_CONF_KEYS).delete()
class Migration(migrations.Migration):
dependencies = [
('conf', '0010_change_to_JSONField'),
]
operations = [
migrations.RunPython(remove_oidc_auth_conf),
]

48
awx/sso/conf.py
View File

@@ -143,54 +143,6 @@ if settings.ALLOW_LOCAL_RESOURCE_MANAGEMENT:
category_slug='authentication', category_slug='authentication',
) )
###############################################################################
# Generic OIDC AUTHENTICATION SETTINGS
###############################################################################
register(
'SOCIAL_AUTH_OIDC_KEY',
field_class=fields.CharField,
allow_null=False,
default=None,
label=_('OIDC Key'),
help_text='The OIDC key (Client ID) from your IDP.',
category=_('Generic OIDC'),
category_slug='oidc',
)
register(
'SOCIAL_AUTH_OIDC_SECRET',
field_class=fields.CharField,
allow_blank=True,
default='',
label=_('OIDC Secret'),
help_text=_('The OIDC secret (Client Secret) from your IDP.'),
category=_('Generic OIDC'),
category_slug='oidc',
encrypted=True,
)
register(
'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT',
field_class=fields.CharField,
allow_blank=True,
default='',
label=_('OIDC Provider URL'),
help_text=_('The URL for your OIDC provider including the path up to /.well-known/openid-configuration'),
category=_('Generic OIDC'),
category_slug='oidc',
)
register(
'SOCIAL_AUTH_OIDC_VERIFY_SSL',
field_class=fields.BooleanField,
default=True,
label=_('Verify OIDC Provider Certificate'),
help_text=_('Verify the OIDC provider ssl certificate.'),
category=_('Generic OIDC'),
category_slug='oidc',
)
############################################################################### ###############################################################################
# SAML AUTHENTICATION SETTINGS # SAML AUTHENTICATION SETTINGS
############################################################################### ###############################################################################

16
awx/sso/tests/functional/test_common.py
View File

@@ -303,24 +303,14 @@ class TestCommonFunctions:
(True, False, 'social'), (True, False, 'social'),
], ],
) )
def test_get_external_account(self, enable_social, enable_enterprise, expected_results):
def test_get_external_account(self, enable_enterprise, expected_results):
try: try:
user = User.objects.get(username="external_tester") user = User.objects.get(username="external_tester")
except User.DoesNotExist: except User.DoesNotExist:
user = User(username="external_tester") user = User(username="external_tester")
user.set_unusable_password() user.set_unusable_password()
user.save() user.save()
if enable_social:
from social_django.models import UserSocialAuth
social_auth, _ = UserSocialAuth.objects.get_or_create(
uid='667ec049-cdf3-45d0-a4dc-0465f7505954',
provider='oidc',
extra_data={},
user_id=user.id,
)
user.social_auth.set([social_auth])
if enable_enterprise: if enable_enterprise:
from awx.sso.models import UserEnterpriseAuth from awx.sso.models import UserEnterpriseAuth
@@ -335,8 +325,6 @@ class TestCommonFunctions:
# Set none of the social auth settings # Set none of the social auth settings
('JUNK_SETTING', False), ('JUNK_SETTING', False),
('SOCIAL_AUTH_SAML_ENABLED_IDPS', True), ('SOCIAL_AUTH_SAML_ENABLED_IDPS', True),
# Set some SOCIAL_SOCIAL_AUTH_OIDC_KEYAUTH_*_KEY settings
('SOCIAL_AUTH_OIDC_KEY', True),
# Try a hypothetical future one # Try a hypothetical future one
('SOCIAL_AUTH_GIBBERISH_KEY', True), ('SOCIAL_AUTH_GIBBERISH_KEY', True),
# Do a SAML one # Do a SAML one

2
tools/docker-compose/README.md
View File

@@ -271,7 +271,6 @@ $ make docker-compose
- [Using Logstash](./docs/logstash.md) - [Using Logstash](./docs/logstash.md)
- [Start a Cluster](#start-a-cluster) - [Start a Cluster](#start-a-cluster)
- [Start with Minikube](#start-with-minikube) - [Start with Minikube](#start-with-minikube)
- [SAML and OIDC Integration](#saml-and-oidc-integration)
- [Splunk Integration](#splunk-integration) - [Splunk Integration](#splunk-integration)
### Start a Shell ### Start a Shell
@@ -352,7 +351,6 @@ If you want to clean all things once your are done, you can do:
(host)$ make docker-compose-container-group-clean (host)$ make docker-compose-container-group-clean
``` ```
### Splunk Integration ### Splunk Integration
Splunk is a log aggregation tool that can be used to test AWX with external logging integration. This section describes how to build a reference Splunk instance and plumb it with your AWX for testing purposes. Splunk is a log aggregation tool that can be used to test AWX with external logging integration. This section describes how to build a reference Splunk instance and plumb it with your AWX for testing purposes.

6
tools/docker-compose/ansible/templates/oidc_settings.json.j2
View File

@@ -1,6 +0,0 @@
{
"SOCIAL_AUTH_OIDC_KEY": "awx_oidc_client",
"SOCIAL_AUTH_OIDC_SECRET": "7b1c3527-8702-4742-af69-2b74ee5742e8",
"SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": "https://{{ oidc_reference | default(container_reference) }}:8443/auth/realms/awx",
"SOCIAL_AUTH_OIDC_VERIFY_SSL": "False"
}