Remove LDAP authentication (#15546)

Remove LDAP authentication from AWX

tools/docker-compose/ansible/roles/vault/defaults/main.yml

@@ -5,8 +5,5 @@ vault_cert_dir: "{{ sources_dest }}/vault_certs"
 vault_server_cert: "{{ vault_cert_dir }}/server.crt"
 vault_client_cert: "{{ vault_cert_dir }}/client.crt"
 vault_client_key: "{{ vault_cert_dir }}/client.key"
-ldap_ldif: "{{ sources_dest }}/ldap.ldifs/ldap.ldif"
-vault_ldap_username: "awx_ldap_vault"
-vault_ldap_password: "vault123"
 vault_userpass_username: "awx_userpass_admin"
 vault_userpass_password: "userpass123"

tools/docker-compose/ansible/roles/vault/tasks/initialize.yml

@@ -92,74 +92,6 @@
         validate_certs: false
         token: "{{ Initial_Root_Token }}"
 
-    - name: Configure the vault ldap auth
-      block:
-        - name: Create ldap auth mount
-          flowerysong.hvault.write:
-            path: "sys/auth/ldap"
-            vault_addr: "{{ vault_addr_from_host }}"
-            validate_certs: false
-            token: "{{ Initial_Root_Token }}"
-            data:
-              type: "ldap"
-          register: vault_auth_ldap
-          changed_when: vault_auth_ldap.result.errors | default([]) | length == 0
-          failed_when:
-            - vault_auth_ldap.result.errors | default([]) | length > 0
-            - "'path is already in use at ldap/' not in vault_auth_ldap.result.errors | default([])"
-
-        - name: Create ldap engine
-          flowerysong.hvault.engine:
-            path: "ldap_engine"
-            type: "kv"
-            vault_addr: "{{ vault_addr_from_host }}"
-            validate_certs: false
-            token: "{{ Initial_Root_Token }}"
-
-        - name: Create a ldap secret
-          flowerysong.hvault.kv:
-            mount_point: "ldap_engine/ldaps_root"
-            key: "ldap_secret"
-            value:
-              my_key: "this_is_the_ldap_secret_value"
-            vault_addr: "{{ vault_addr_from_host }}"
-            validate_certs: false
-            token: "{{ Initial_Root_Token }}"
-
-        - name: Configure ldap auth
-          flowerysong.hvault.ldap_config:
-            vault_addr: "{{ vault_addr_from_host }}"
-            validate_certs: false
-            token: "{{ Initial_Root_Token }}"
-            url: "ldap://ldap:1389"
-            binddn: "cn=awx_ldap_vault,ou=users,dc=example,dc=org"
-            bindpass: "vault123"
-            userdn: "ou=users,dc=example,dc=org"
-            deny_null_bind: "false"
-            discoverdn: "true"
-
-        - name: Create ldap access policy
-          flowerysong.hvault.policy:
-            vault_addr: "{{ vault_addr_from_host }}"
-            validate_certs: false
-            token: "{{ Initial_Root_Token }}"
-            name: "ldap_engine"
-            policy:
-              ldap_engine/*: [create, read, update, delete, list]
-              sys/mounts:/*: [create, read, update, delete, list]
-              sys/mounts: [read]
-
-        - name: Add awx_ldap_vault user to auth_method
-          flowerysong.hvault.ldap_user:
-            vault_addr: "{{ vault_addr_from_host }}"
-            validate_certs: false
-            token: "{{ Initial_Root_Token }}"
-            state: present
-            name: "{{ vault_ldap_username }}"
-            policies:
-              - "ldap_engine"
-      when: enable_ldap | bool
-
     - name: Create userpass engine
       flowerysong.hvault.engine:
         path: "userpass_engine"

tools/docker-compose/ansible/roles/vault/tasks/plumb.yml

@@ -78,56 +78,6 @@
       secret_path: "/my_root/my_folder"
       secret_version: ""
 
-- name: Create a HashiCorp Vault Credential for LDAP
-  awx.awx.credential:
-    credential_type: HashiCorp Vault Secret Lookup
-    name: Vault LDAP Lookup Cred
-    organization: Default
-    controller_host: "{{ awx_host }}"
-    controller_username: admin
-    controller_password: "{{ admin_password }}"
-    validate_certs: false
-    inputs:
-      api_version: "v1"
-      default_auth_path: "ldap"
-      kubernetes_role: ""
-      namespace: ""
-      url: "{{ vault_addr_from_container }}"
-      username: "{{ vault_ldap_username }}"
-      password: "{{ vault_ldap_password }}"
-  register: vault_ldap_cred
-  when: enable_ldap | bool
-
-- name: Create a credential from the Vault LDAP Custom Cred Type
-  awx.awx.credential:
-    credential_type: "{{ custom_vault_cred_type.id }}"
-    controller_host: "{{ awx_host }}"
-    controller_username: admin
-    controller_password: "{{ admin_password }}"
-    validate_certs: false
-    name: Credential From HashiCorp Vault via LDAP Auth
-    inputs: {}
-    organization: Default
-  register: custom_credential_via_ldap
-  when: enable_ldap | bool
-
-- name: Use the Vault LDAP Credential  the new credential
-  awx.awx.credential_input_source:
-    input_field_name: password
-    target_credential: "{{ custom_credential_via_ldap.id }}"
-    source_credential: "{{ vault_ldap_cred.id }}"
-    controller_host: "{{ awx_host }}"
-    controller_username: admin
-    controller_password: "{{ admin_password }}"
-    validate_certs: false
-    metadata:
-      auth_path: ""
-      secret_backend: "ldap_engine"
-      secret_key: "my_key"
-      secret_path: "ldaps_root/ldap_secret"
-      secret_version: ""
-  when: enable_ldap | bool
-
 - name: Create a HashiCorp Vault Credential for UserPass
   awx.awx.credential:
     credential_type: HashiCorp Vault Secret Lookup