From dfad93cf4c2714b6220619641f53f782dd74de5b Mon Sep 17 00:00:00 2001
From: Stevenson Michel <iamstevensonmichel@outlook.com>
Date: Wed, 6 Aug 2025 14:49:19 -0400
Subject: [PATCH] Deprecate legacy OAuth2 Application feature (#7045)

* Marked APIs legacy OAuth applications as deprecated

* Readded deprecation

* Fixed linter

* Added more deprecated mark to Oauth2 Api apps

* Fixed deprecation errors

* Fix tests
---
 awx/api/conf.py                               |  1 +
 awx/api/views/__init__.py                     | 22 +++++++++++++++++++
 awx_collection/meta/runtime.yml               |  4 ++++
 awx_collection/plugins/modules/application.py |  6 ++++-
 awx_collection/test/awx/test_export.py        |  2 +-
 5 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/awx/api/conf.py b/awx/api/conf.py
index 72aaf3eec3..0fabc8f4fb 100644
--- a/awx/api/conf.py
+++ b/awx/api/conf.py
@@ -60,6 +60,7 @@ register(
     },
     label=_('OAuth 2 Timeout Settings'),
     help_text=_(
+        'DEPRECATED: This setting is for a legacy feature and will be removed. Use token-based authentication instead.'
         'Dictionary for customizing OAuth 2 timeouts, available items are '
         '`ACCESS_TOKEN_EXPIRE_SECONDS`, the duration of access tokens in the number '
         'of seconds, `AUTHORIZATION_CODE_EXPIRE_SECONDS`, the duration of '
diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
index 665124181e..fbe535e869 100644
--- a/awx/api/views/__init__.py
+++ b/awx/api/views/__init__.py
@@ -1123,15 +1123,31 @@ class UserMeList(ListAPIView):
 
 
 class OAuth2ApplicationList(ListCreateAPIView):
+    """
+    DEPRECATED: This endpoint will be removed in a future release.
+    Please use Application Tokens or Personal Access Tokens instead.
+    """
+
     name = _("OAuth 2 Applications")
+    deprecated = True
 
     model = models.OAuth2Application
     serializer_class = serializers.OAuth2ApplicationSerializer
     swagger_topic = 'Authentication'
 
+    def post(self, request, *args, **kwargs):
+        logger.warning("This feature is deprecated and will be removed. " "Thus, it is recommended to migrate to token-based authentication.")
+        return super().post(request, *args, **kwargs)
+
 
 class OAuth2ApplicationDetail(RetrieveUpdateDestroyAPIView):
+    """
+    DEPRECATED: This endpoint will be removed in a future release.
+    Please use Application Tokens or Personal Access Tokens instead.
+    """
+
     name = _("OAuth 2 Application Detail")
+    deprecated = True
 
     model = models.OAuth2Application
     serializer_class = serializers.OAuth2ApplicationSerializer
@@ -1154,6 +1170,12 @@ class ApplicationOAuth2TokenList(SubListCreateAPIView):
 
 
 class OAuth2ApplicationActivityStreamList(SubListAPIView):
+    """
+    DEPRECATED: This endpoint will be removed in a future release.
+    Please use Application Tokens or Personal Access Tokens instead.
+    """
+
+    deprecated = True
     model = models.ActivityStream
     serializer_class = serializers.ActivityStreamSerializer
     parent_model = models.OAuth2Application
diff --git a/awx_collection/meta/runtime.yml b/awx_collection/meta/runtime.yml
index 12aec4d22d..3b7c2f4539 100644
--- a/awx_collection/meta/runtime.yml
+++ b/awx_collection/meta/runtime.yml
@@ -265,3 +265,7 @@ plugin_routing:
         removal_date: '2022-01-23'
         warning_text: The tower_* modules have been deprecated, use awx.awx.workflow_node_wait instead.
       redirect: awx.awx.workflow_node_wait
+    application:
+      deprecation:
+        removal_version: '25.0.0'
+        warning_text: The application module manages a legacy authentication feature that is being phased out, migrate to token-based authentication instead.
diff --git a/awx_collection/plugins/modules/application.py b/awx_collection/plugins/modules/application.py
index 4c858394d8..9e28195db1 100644
--- a/awx_collection/plugins/modules/application.py
+++ b/awx_collection/plugins/modules/application.py
@@ -17,6 +17,10 @@ DOCUMENTATION = '''
 module: application
 author: "Geoffrey Bacheot (@jffz)"
 short_description: create, update, or destroy Automation Platform Controller applications
+deprecated:
+    removed_in: '25.0.0'
+    why: This module manages a legacy authentication feature that is being phased out.
+    alternative: Migrate to token-based authentication.
 description:
     - Create, update, or destroy Automation Platform Controller applications. See
       U(https://www.ansible.com/tower) for an overview.
@@ -28,7 +32,7 @@ options:
       type: str
     new_name:
       description:
-        - Setting this option will change the existing name (looked up via the name field.
+        - Setting this option will change the existing name (looked up via the name field).
       type: str
     description:
       description:
diff --git a/awx_collection/test/awx/test_export.py b/awx_collection/test/awx/test_export.py
index 70c8466ec0..8a22e5fe8a 100644
--- a/awx_collection/test/awx/test_export.py
+++ b/awx_collection/test/awx/test_export.py
@@ -66,7 +66,7 @@ def test_export(run_module, admin_user):
     all_assets_except_users = {k: v for k, v in assets.items() if k != 'users'}
 
     for k, v in all_assets_except_users.items():
-        assert v == [], f"Expected resource {k} to be empty. Instead it is {v}"
+        assert v == [] or v is None, f"Expected resource {k} to be empty. Instead it is {v}"
 
 
 @pytest.mark.django_db