External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-09 23:12:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

Disable SAML Authenticator upon migrate (#7062)

Browse Source
This commit is contained in:
Zack Kayyali 2025-08-13 17:56:41 -04:00 committed by thedoubl3j
parent df1c453c37
commit e9928ff513
No known key found for this signature in database
GPG Key ID: E84C42ACF75B0768
2 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
awx/sso/tests/unit/test_saml_migrator.py
View File

@ -1,5 +1,5 @@
import pytest import pytest
from unittest.mock import MagicMock from unittest.mock import MagicMock, patch
from awx.sso.utils.saml_migrator import SAMLMigrator from awx.sso.utils.saml_migrator import SAMLMigrator
@ -233,3 +233,40 @@ def test_get_controller_config_with_roles(basic_saml_config):
for item in extra_data_items: for item in extra_data_items:
assert item in extra_data assert item in extra_data
assert extra_data.count(item) == 1 assert extra_data.count(item) == 1
@pytest.mark.django_db
def test_get_controller_config_enabled_false(basic_saml_config):
"""SAML controller export marks settings.enabled False by default."""
gateway_client = MagicMock()
command_obj = MagicMock()
obj = SAMLMigrator(gateway_client, command_obj)
result = obj.get_controller_config()
assert isinstance(result, list) and len(result) >= 1
assert result[0]['settings']['enabled'] is False
@pytest.mark.django_db
def test_create_gateway_authenticator_submits_disabled(basic_saml_config):
"""Submitted Gateway authenticator config must have enabled=False and correct ignore keys."""
gateway_client = MagicMock()
command_obj = MagicMock()
obj = SAMLMigrator(gateway_client, command_obj)
config = obj.get_controller_config()[0]
with patch.object(
obj,
'submit_authenticator',
return_value={'success': True, 'action': 'created', 'error': None},
) as submit_mock:
obj.create_gateway_authenticator(config)
# Extract submitted args: gateway_config, ignore_keys, original_config
submitted_gateway_config = submit_mock.call_args[0][0]
ignore_keys = submit_mock.call_args[0][1]
assert submitted_gateway_config['enabled'] is False
assert 'CALLBACK_URL' in ignore_keys
assert 'SP_PRIVATE_KEY' in ignore_keys

2
awx/sso/utils/saml_migrator.py
View File

@ -156,7 +156,7 @@ class SAMLMigrator(BaseAuthenticatorMigrator):
"name": authenticator_name, "name": authenticator_name,
"slug": authenticator_slug, "slug": authenticator_slug,
"type": config_settings["type"], "type": config_settings["type"],
"enabled": True, "enabled": False,
"create_objects": True, # Allow Gateway to create users/orgs/teams "create_objects": True, # Allow Gateway to create users/orgs/teams
"remove_users": False, # Don't remove users by default "remove_users": False, # Don't remove users by default
"configuration": config_settings["configuration"], "configuration": config_settings["configuration"],