From fba4e06c50f995b48c9a6f03934cc02078efa92b Mon Sep 17 00:00:00 2001
From: John Westcott IV <32551173+john-westcott-iv@users.noreply.github.com>
Date: Thu, 13 Apr 2023 09:02:52 -0400
Subject: [PATCH] Adding basic validation for local passwords (#13789)
* Adding basic validation for local passwords
* Adding edit screen
* Fixing tests
---
awx/api/serializers.py | 18 +
.../tests/functional/api/test_serializers.py | 75 +++
awx/sso/conf.py | 44 ++
.../MiscAuthenticationEdit.js | 30 +-
.../MiscAuthenticationEdit.test.js | 4 +
.../shared/data.allSettingOptions.json | 515 +++++++++-----
.../Setting/shared/data.allSettings.json | 630 ++++++++++--------
7 files changed, 885 insertions(+), 431 deletions(-)
create mode 100644 awx/main/tests/functional/api/test_serializers.py
diff --git a/awx/api/serializers.py b/awx/api/serializers.py
index 4b3a62c841..13228331e0 100644
--- a/awx/api/serializers.py
+++ b/awx/api/serializers.py
@@ -995,6 +995,24 @@ class UserSerializer(BaseSerializer):
django_validate_password(value)
if not self.instance and value in (None, ''):
raise serializers.ValidationError(_('Password required for new User.'))
+
+ # Check if a password is too long
+ password_max_length = User._meta.get_field('password').max_length
+ if len(value) > password_max_length:
+ raise serializers.ValidationError(_('Password max length is {}'.format(password_max_length)))
+ if getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH', 0) and len(value) < getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH'):
+ raise serializers.ValidationError(_('Password must be at least {} characters long.'.format(getattr(settings, 'LOCAL_PASSWORD_MIN_LENGTH'))))
+ if getattr(settings, 'LOCAL_PASSWORD_MIN_DIGITS', 0) and sum(c.isdigit() for c in value) < getattr(settings, 'LOCAL_PASSWORD_MIN_DIGITS'):
+ raise serializers.ValidationError(_('Password must contain at least {} digits.'.format(getattr(settings, 'LOCAL_PASSWORD_MIN_DIGITS'))))
+ if getattr(settings, 'LOCAL_PASSWORD_MIN_UPPER', 0) and sum(c.isupper() for c in value) < getattr(settings, 'LOCAL_PASSWORD_MIN_UPPER'):
+ raise serializers.ValidationError(
+ _('Password must contain at least {} uppercase characters.'.format(getattr(settings, 'LOCAL_PASSWORD_MIN_UPPER')))
+ )
+ if getattr(settings, 'LOCAL_PASSWORD_MIN_SPECIAL', 0) and sum(not c.isalnum() for c in value) < getattr(settings, 'LOCAL_PASSWORD_MIN_SPECIAL'):
+ raise serializers.ValidationError(
+ _('Password must contain at least {} special characters.'.format(getattr(settings, 'LOCAL_PASSWORD_MIN_SPECIAL')))
+ )
+
return value
def _update_password(self, obj, new_password):
diff --git a/awx/main/tests/functional/api/test_serializers.py b/awx/main/tests/functional/api/test_serializers.py
new file mode 100644
index 0000000000..ab31e186e9
--- /dev/null
+++ b/awx/main/tests/functional/api/test_serializers.py
@@ -0,0 +1,75 @@
+import pytest
+
+from django.test.utils import override_settings
+
+from rest_framework.serializers import ValidationError
+
+from awx.api.serializers import UserSerializer
+from django.contrib.auth.models import User
+
+
+@pytest.mark.parametrize(
+ "password,min_length,min_digits,min_upper,min_special,expect_error",
+ [
+ # Test length
+ ("a", 1, 0, 0, 0, False),
+ ("a", 2, 0, 0, 0, True),
+ ("aa", 2, 0, 0, 0, False),
+ ("aaabcDEF123$%^", 2, 0, 0, 0, False),
+ # Test digits
+ ("a", 0, 1, 0, 0, True),
+ ("1", 0, 1, 0, 0, False),
+ ("1", 0, 2, 0, 0, True),
+ ("12", 0, 2, 0, 0, False),
+ ("12abcDEF123$%^", 0, 2, 0, 0, False),
+ # Test upper
+ ("a", 0, 0, 1, 0, True),
+ ("A", 0, 0, 1, 0, False),
+ ("A", 0, 0, 2, 0, True),
+ ("AB", 0, 0, 2, 0, False),
+ ("ABabcDEF123$%^", 0, 0, 2, 0, False),
+ # Test special
+ ("a", 0, 0, 0, 1, True),
+ ("!", 0, 0, 0, 1, False),
+ ("!", 0, 0, 0, 2, True),
+ ("!@", 0, 0, 0, 2, False),
+ ("!@abcDEF123$%^", 0, 0, 0, 2, False),
+ ],
+)
+@pytest.mark.django_db
+def test_validate_password_rules(password, min_length, min_digits, min_upper, min_special, expect_error):
+ user_serializer = UserSerializer()
+
+ # First test password with no params, this should always pass
+ try:
+ user_serializer.validate_password(password)
+ except ValidationError:
+ assert False, f"Password {password} should not have validation issue if no params are used"
+
+ with override_settings(
+ LOCAL_PASSWORD_MIN_LENGTH=min_length, LOCAL_PASSWORD_MIN_DIGITS=min_digits, LOCAL_PASSWORD_MIN_UPPER=min_upper, LOCAL_PASSWORD_MIN_SPECIAL=min_special
+ ):
+ if expect_error:
+ with pytest.raises(ValidationError):
+ user_serializer.validate_password(password)
+ else:
+ try:
+ user_serializer.validate_password(password)
+ except ValidationError:
+ assert False, "validate_password raised an unexpected exception"
+
+
+@pytest.mark.django_db
+def test_validate_password_too_long():
+ password_max_length = User._meta.get_field('password').max_length
+ password = "x" * password_max_length
+
+ user_serializer = UserSerializer()
+ try:
+ user_serializer.validate_password(password)
+ except ValidationError:
+ assert False, f"Password {password} should not have validation"
+
+ password = f"{password}x"
+ with pytest.raises(ValidationError):
+ user_serializer.validate_password(password)
diff --git a/awx/sso/conf.py b/awx/sso/conf.py
index ddfd80fd13..3cae57311c 100644
--- a/awx/sso/conf.py
+++ b/awx/sso/conf.py
@@ -1603,6 +1603,50 @@ register(
],
)
+register(
+ 'LOCAL_PASSWORD_MIN_LENGTH',
+ field_class=fields.IntegerField,
+ min_value=0,
+ default=0,
+ label=_('Minimum number of characters in local password'),
+ help_text=_('Minimum number of characters required in a local password. 0 means no minimum'),
+ category=_('Authentication'),
+ category_slug='authentication',
+)
+
+register(
+ 'LOCAL_PASSWORD_MIN_DIGITS',
+ field_class=fields.IntegerField,
+ min_value=0,
+ default=0,
+ label=_('Minimum number of digit characters in local password'),
+ help_text=_('Minimum number of digit characters required in a local password. 0 means no minimum'),
+ category=_('Authentication'),
+ category_slug='authentication',
+)
+
+register(
+ 'LOCAL_PASSWORD_MIN_UPPER',
+ field_class=fields.IntegerField,
+ min_value=0,
+ default=0,
+ label=_('Minimum number of uppercase characters in local password'),
+ help_text=_('Minimum number of uppercase characters required in a local password. 0 means no minimum'),
+ category=_('Authentication'),
+ category_slug='authentication',
+)
+
+register(
+ 'LOCAL_PASSWORD_MIN_SPECIAL',
+ field_class=fields.IntegerField,
+ min_value=0,
+ default=0,
+ label=_('Minimum number of special characters in local password'),
+ help_text=_('Minimum number of special characters required in a local password. 0 means no minimum'),
+ category=_('Authentication'),
+ category_slug='authentication',
+)
+
def tacacs_validate(serializer, attrs):
if not serializer.instance or not hasattr(serializer.instance, 'TACACSPLUS_HOST') or not hasattr(serializer.instance, 'TACACSPLUS_SECRET'):
diff --git a/awx/ui/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.js b/awx/ui/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.js
index a8b7814543..97240efdbc 100644
--- a/awx/ui/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.js
+++ b/awx/ui/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.js
@@ -54,7 +54,11 @@ function MiscAuthenticationEdit() {
'SOCIAL_AUTH_ORGANIZATION_MAP',
'SOCIAL_AUTH_TEAM_MAP',
'SOCIAL_AUTH_USER_FIELDS',
- 'SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL'
+ 'SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL',
+ 'LOCAL_PASSWORD_MIN_LENGTH',
+ 'LOCAL_PASSWORD_MIN_DIGITS',
+ 'LOCAL_PASSWORD_MIN_UPPER',
+ 'LOCAL_PASSWORD_MIN_SPECIAL'
);
const authenticationData = {
@@ -247,6 +251,30 @@ function MiscAuthenticationEdit() {
name="SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL"
config={authentication.SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL}
/>
+
+
+
+
{submitError && }
{revertError && }
diff --git a/awx/ui/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.test.js b/awx/ui/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.test.js
index d84b759113..3e790a7544 100644
--- a/awx/ui/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.test.js
+++ b/awx/ui/src/screens/Setting/MiscAuthentication/MiscAuthenticationEdit/MiscAuthenticationEdit.test.js
@@ -33,6 +33,10 @@ const authenticationData = {
SOCIAL_AUTH_TEAM_MAP: null,
SOCIAL_AUTH_USER_FIELDS: null,
SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL: false,
+ LOCAL_PASSWORD_MIN_LENGTH: 0,
+ LOCAL_PASSWORD_MIN_DIGITS: 0,
+ LOCAL_PASSWORD_MIN_UPPER: 0,
+ LOCAL_PASSWORD_MIN_SPECIAL: 0,
};
describe('', () => {
diff --git a/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json b/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
index c68b11474e..fa397c07f5 100644
--- a/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
+++ b/awx/ui/src/screens/Setting/shared/data.allSettingOptions.json
@@ -204,7 +204,7 @@
"type": "list",
"required": false,
"label": "Paths to expose to isolated jobs",
- "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.",
+ "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
"category": "Jobs",
"category_slug": "jobs",
"default": [],
@@ -231,26 +231,36 @@
"read_only": false
}
},
+ "AWX_RUNNER_KEEPALIVE_SECONDS": {
+ "type": "integer",
+ "required": true,
+ "label": "K8S Ansible Runner Keep-Alive Message Interval",
+ "help_text": "Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "placeholder": 240,
+ "default": 0
+ },
"GALAXY_TASK_ENV": {
"type": "nested object",
- "required": true,
+ "required": true,
"label": "Environment Variables for Galaxy Commands",
- "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
- "category": "Jobs",
- "category_slug": "jobs",
- "placeholder": {
- "HTTP_PROXY": "myproxy.local:8080"
- },
- "default": {
- "ANSIBLE_FORCE_COLOR": "false",
- "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
+ "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "placeholder": {
+ "HTTP_PROXY": "myproxy.local:8080"
},
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
+ "default": {
+ "ANSIBLE_FORCE_COLOR": "false",
+ "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
+ },
+ "child": {
+ "type": "string",
+ "required": true,
+ "read_only": false
}
- },
+ },
"INSIGHTS_TRACKING_STATE": {
"type": "boolean",
"required": false,
@@ -334,6 +344,16 @@
"category_slug": "jobs",
"default": 1024
},
+ "MAX_WEBSOCKET_EVENT_RATE": {
+ "type": "integer",
+ "required": false,
+ "label": "Job Event Maximum Websocket Messages Per Second",
+ "help_text": "Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "default": 30
+ },
"SCHEDULE_MAX_JOBS": {
"type": "integer",
"required": true,
@@ -344,16 +364,6 @@
"category_slug": "jobs",
"default": 10
},
- "AWX_RUNNER_KEEPALIVE_SECONDS": {
- "type": "integer",
- "required": true,
- "label": "K8S Ansible Runner Keep-Alive Message Interval",
- "help_text": "Only applies to K8S deployments and container_group jobs. If not 0, send a message every so-many seconds to keep connection open.",
- "category": "Jobs",
- "category_slug": "jobs",
- "placeholder": 240,
- "default": 0
- },
"AWX_ANSIBLE_CALLBACK_PLUGINS": {
"type": "list",
"required": false,
@@ -383,7 +393,7 @@
"type": "integer",
"required": false,
"label": "Default Job Idle Timeout",
- "help_text": "If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to used default idle_timeout is 600s.",
+ "help_text": "If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
"min_value": 0,
"category": "Jobs",
"category_slug": "jobs",
@@ -489,10 +499,16 @@
"type": "list",
"required": false,
"label": "Loggers Sending Data to Log Aggregator Form",
- "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs.",
+ "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
"category": "Logging",
"category_slug": "logging",
- "default": ["awx", "activity_stream", "job_events", "system_tracking"],
+ "default": [
+ "awx",
+ "activity_stream",
+ "job_events",
+ "system_tracking",
+ "broadcast_websocket"
+ ],
"child": {
"type": "string",
"required": true,
@@ -639,15 +655,51 @@
"unit": "seconds",
"default": 14400
},
+ "BULK_JOB_MAX_LAUNCH": {
+ "type": "integer",
+ "required": false,
+ "label": "Max jobs to allow bulk jobs to launch",
+ "help_text": "Max jobs to allow bulk jobs to launch",
+ "category": "Bulk Actions",
+ "category_slug": "bulk",
+ "default": 100
+ },
+ "BULK_HOST_MAX_CREATE": {
+ "type": "integer",
+ "required": false,
+ "label": "Max number of hosts to allow to be created in a single bulk action",
+ "help_text": "Max number of hosts to allow to be created in a single bulk action",
+ "category": "Bulk Actions",
+ "category_slug": "bulk",
+ "default": 100
+ },
"UI_NEXT": {
"type": "boolean",
"required": false,
"label": "Enable Preview of New User Interface",
- "help_text": "'Enable preview of new user interface.",
+ "help_text": "Enable preview of new user interface.",
"category": "System",
"category_slug": "system",
"default": true
},
+ "SUBSCRIPTION_USAGE_MODEL": {
+ "type": "choice",
+ "required": false,
+ "label": "Defines subscription usage model and shows Host Metrics",
+ "category": "System",
+ "category_slug": "system",
+ "default": "",
+ "choices": [
+ [
+ "",
+ "Default model for AWX - no subscription. Deletion of host_metrics will not be considered for purposes of managed host counting"
+ ],
+ [
+ "unique_managed_hosts",
+ "Usage based on unique managed nodes in a large historical time frame and delete functionality for no longer used managed nodes"
+ ]
+ ]
+ },
"SESSION_COOKIE_AGE": {
"type": "integer",
"required": true,
@@ -740,6 +792,15 @@
["detailed", "Detailed"]
]
},
+ "ALLOW_METRICS_FOR_ANONYMOUS_USERS": {
+ "type": "boolean",
+ "required": false,
+ "label": "Allow anonymous users to poll metrics",
+ "help_text": "If true, anonymous users are allowed to poll metrics.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": false
+ },
"CUSTOM_LOGIN_INFO": {
"type": "string",
"required": false,
@@ -782,7 +843,7 @@
"type": "nested object",
"required": false,
"label": "Social Auth Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "Authentication",
"category_slug": "authentication",
"placeholder": {
@@ -868,39 +929,6 @@
"category_slug": "authentication",
"default": false
},
- "SOCIAL_AUTH_OIDC_KEY": {
- "type": "string",
- "label": "OIDC Key",
- "help_text": "The OIDC key (Client ID) from your IDP.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": ""
- },
- "SOCIAL_AUTH_OIDC_SECRET": {
- "type": "string",
- "label": "OIDC Secret",
- "help_text": "The OIDC secret (Client Secret) from your IDP.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": ""
- },
- "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": {
- "type": "string",
- "label": "OIDC Provider URL",
- "help_text": "The URL for your OIDC provider, e.g.: http(s)://hostname/.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": ""
- },
- "SOCIAL_AUTH_OIDC_VERIFY_SSL": {
- "type": "boolean",
- "required": false,
- "label": "Verify OIDC Provider Certificate",
- "help_text": "Verify the OIDC provider ssl certificate.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": true
- },
"AUTH_LDAP_SERVER_URI": {
"type": "string",
"required": false,
@@ -2726,7 +2754,7 @@
"type": "nested object",
"required": false,
"label": "Google OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "Google OAuth2",
"category_slug": "google-oauth2",
"placeholder": {
@@ -2810,7 +2838,7 @@
"type": "nested object",
"required": false,
"label": "GitHub OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub OAuth2",
"category_slug": "github",
"placeholder": {
@@ -2903,7 +2931,7 @@
"type": "nested object",
"required": false,
"label": "GitHub Organization OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Organization OAuth2",
"category_slug": "github-org",
"placeholder": {
@@ -2996,7 +3024,7 @@
"type": "nested object",
"required": false,
"label": "GitHub Team OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Team OAuth2",
"category_slug": "github-team",
"placeholder": {
@@ -3098,7 +3126,7 @@
"type": "nested object",
"required": false,
"label": "GitHub Enterprise OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Enterprise OAuth2",
"category_slug": "github-enterprise",
"placeholder": {
@@ -3209,7 +3237,7 @@
"type": "nested object",
"required": false,
"label": "GitHub Enterprise Organization OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Enterprise Organization OAuth2",
"category_slug": "github-enterprise-org",
"placeholder": {
@@ -3320,7 +3348,7 @@
"type": "nested object",
"required": false,
"label": "GitHub Enterprise Team OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Enterprise Team OAuth2",
"category_slug": "github-enterprise-team",
"placeholder": {
@@ -3404,7 +3432,7 @@
"type": "nested object",
"required": false,
"label": "Azure AD OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "Azure AD OAuth2",
"category_slug": "azuread-oauth2",
"placeholder": {
@@ -3466,6 +3494,42 @@
}
}
},
+ "SOCIAL_AUTH_OIDC_KEY": {
+ "type": "string",
+ "required": false,
+ "label": "OIDC Key",
+ "help_text": "The OIDC key (Client ID) from your IDP.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "default": null
+ },
+ "SOCIAL_AUTH_OIDC_SECRET": {
+ "type": "string",
+ "required": false,
+ "label": "OIDC Secret",
+ "help_text": "The OIDC secret (Client Secret) from your IDP.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "default": ""
+ },
+ "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": {
+ "type": "string",
+ "required": false,
+ "label": "OIDC Provider URL",
+ "help_text": "The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "default": ""
+ },
+ "SOCIAL_AUTH_OIDC_VERIFY_SSL": {
+ "type": "boolean",
+ "required": false,
+ "label": "Verify OIDC Provider Certificate",
+ "help_text": "Verify the OIDC provider ssl certificate.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "default": true
+ },
"SAML_AUTO_CREATE_OBJECTS": {
"type": "boolean",
"required": false,
@@ -3678,7 +3742,7 @@
"type": "nested object",
"required": false,
"label": "SAML Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "SAML",
"category_slug": "saml",
"placeholder": {
@@ -3813,20 +3877,62 @@
"help_text": "Used to map super users and system auditors from SAML.",
"category": "SAML",
"category_slug": "saml",
- "placeholder": {
- "is_superuser_attr": "saml_attr",
- "is_superuser_value": "value",
- "is_superuser_role": "saml_role",
- "is_system_auditor_attr": "saml_attr",
- "is_system_auditor_value": "value",
- "is_system_auditor_role": "saml_role"
- },
+ "placeholder": [
+ ["is_superuser_attr", "saml_attr"],
+ ["is_superuser_value", ["value"]],
+ ["is_superuser_role", ["saml_role"]],
+ ["remove_superusers", true],
+ ["is_system_auditor_attr", "saml_attr"],
+ ["is_system_auditor_value", ["value"]],
+ ["is_system_auditor_role", ["saml_role"]],
+ ["remove_system_auditors", true]
+ ],
"default": {},
"child": {
"type": "field",
"required": true,
"read_only": false
}
+ },
+ "LOCAL_PASSWORD_MIN_LENGTH": {
+ "type": "integer",
+ "required": false,
+ "label": "Minimum number of characters in local password",
+ "help_text": "Minimum number of characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": 0
+ },
+ "LOCAL_PASSWORD_MIN_DIGITS": {
+ "type": "integer",
+ "required": false,
+ "label": "Minimum number of digit characters in local password",
+ "help_text": "Minimum number of digit characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": 0
+ },
+ "LOCAL_PASSWORD_MIN_UPPER": {
+ "type": "integer",
+ "required": false,
+ "label": "Minimum number of uppercase characters in local password",
+ "help_text": "Minimum number of uppercase characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": 0
+ },
+ "LOCAL_PASSWORD_MIN_SPECIAL": {
+ "type": "integer",
+ "required": false,
+ "label": "Minimum number of special characters in local password",
+ "help_text": "Minimum number of special characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "default": 0
}
},
"GET": {
@@ -3873,7 +3979,7 @@
"REMOTE_HOST_HEADERS": {
"type": "list",
"label": "Remote Host Headers",
- "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the Adminstrator guide for more details.",
+ "help_text": "HTTP headers and meta keys to search to determine remote host name or IP. Add additional items to this list, such as \"HTTP_X_FORWARDED_FOR\", if behind a reverse proxy. See the \"Proxy Support\" section of the AAP Installation guide for more details.",
"category": "System",
"category_slug": "system",
"defined_in_file": false,
@@ -3950,6 +4056,20 @@
"category_slug": "system",
"defined_in_file": false
},
+ "DEFAULT_CONTROL_PLANE_QUEUE_NAME": {
+ "type": "string",
+ "label": "The instance group where control plane tasks run",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "DEFAULT_EXECUTION_QUEUE_NAME": {
+ "type": "string",
+ "label": "The instance group where user jobs run (currently only on non-VM installs)",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
"DEFAULT_EXECUTION_ENVIRONMENT": {
"type": "field",
"label": "Global default execution environment",
@@ -4004,7 +4124,7 @@
"AWX_ISOLATION_SHOW_PATHS": {
"type": "list",
"label": "Paths to expose to isolated jobs",
- "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line.",
+ "help_text": "List of paths that would otherwise be hidden to expose to isolated jobs. Enter one path per line. Volumes will be mounted from the execution node to the container. The supported format is HOST-DIR[:CONTAINER-DIR[:OPTIONS]]. ",
"category": "Jobs",
"category_slug": "jobs",
"defined_in_file": false,
@@ -4023,26 +4143,25 @@
"type": "string"
}
},
+ "AWX_RUNNER_KEEPALIVE_SECONDS": {
+ "type": "integer",
+ "label": "K8S Ansible Runner Keep-Alive Message Interval",
+ "help_text": "Only applies to jobs running in a Container Group. If not 0, send a message every so-many seconds to keep connection open.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
"GALAXY_TASK_ENV": {
"type": "nested object",
- "required": true,
"label": "Environment Variables for Galaxy Commands",
- "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
- "category": "Jobs",
- "category_slug": "jobs",
- "placeholder": {
- "HTTP_PROXY": "myproxy.local:8080"
- },
- "default": {
- "ANSIBLE_FORCE_COLOR": "false",
- "GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
- },
- "child": {
- "type": "string",
- "required": true,
- "read_only": false
+ "help_text": "Additional environment variables set for invocations of ansible-galaxy within project updates. Useful if you must use a proxy server for ansible-galaxy but not git.",
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false,
+ "child": {
+ "type": "string"
}
- },
+ },
"INSIGHTS_TRACKING_STATE": {
"type": "boolean",
"label": "Gather data for Automation Analytics",
@@ -4117,6 +4236,15 @@
"category_slug": "jobs",
"defined_in_file": false
},
+ "MAX_WEBSOCKET_EVENT_RATE": {
+ "type": "integer",
+ "label": "Job Event Maximum Websocket Messages Per Second",
+ "help_text": "Maximum number of messages to update the UI live job output with per second. Value of 0 means no limit.",
+ "min_value": 0,
+ "category": "Jobs",
+ "category_slug": "jobs",
+ "defined_in_file": false
+ },
"SCHEDULE_MAX_JOBS": {
"type": "integer",
"label": "Maximum Scheduled Jobs",
@@ -4126,15 +4254,6 @@
"category_slug": "jobs",
"defined_in_file": false
},
- "AWX_RUNNER_KEEPALIVE_SECONDS": {
- "type": "integer",
- "label": "K8S Ansible Runner Keep-Alive Message Interval",
- "help_text": "Only applies to K8S deployments and container_group jobs. If not 0, send a message every so-many seconds to keep connection open.",
- "category": "Jobs",
- "category_slug": "jobs",
- "placeholder": 240,
- "default": 0
- },
"AWX_ANSIBLE_CALLBACK_PLUGINS": {
"type": "list",
"label": "Ansible Callback Plugins",
@@ -4159,7 +4278,7 @@
"DEFAULT_JOB_IDLE_TIMEOUT": {
"type": "integer",
"label": "Default Job Idle Timeout",
- "help_text": "If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to used default idle_timeout is 600s.",
+ "help_text": "If no output is detected from ansible in this number of seconds the execution will be terminated. Use value of 0 to indicate that no idle timeout should be imposed.",
"min_value": 0,
"category": "Jobs",
"category_slug": "jobs",
@@ -4255,7 +4374,7 @@
"LOG_AGGREGATOR_LOGGERS": {
"type": "list",
"label": "Loggers Sending Data to Log Aggregator Form",
- "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs.",
+ "help_text": "List of loggers that will send HTTP logs to the collector, these can include any or all of: \nawx - service logs\nactivity_stream - activity stream records\njob_events - callback data from Ansible job events\nsystem_tracking - facts gathered from scan jobs\nbroadcast_websocket - errors pertaining to websockets broadcast metrics\n",
"category": "Logging",
"category_slug": "logging",
"defined_in_file": false,
@@ -4359,12 +4478,11 @@
},
"API_400_ERROR_LOG_FORMAT": {
"type": "string",
- "required": false,
"label": "Log Format For API 4XX Errors",
"help_text": "The format of logged messages when an API 4XX error occurs, the following variables will be substituted: \nstatus_code - The HTTP status code of the error\nuser_name - The user name attempting to use the API\nurl_path - The URL path to the API endpoint called\nremote_addr - The remote address seen for the user\nerror - The error set by the api endpoint\nVariables need to be in the format {}.",
"category": "Logging",
"category_slug": "logging",
- "default": "status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}"
+ "defined_in_file": false
},
"AUTOMATION_ANALYTICS_LAST_GATHER": {
"type": "datetime",
@@ -4390,6 +4508,30 @@
"defined_in_file": false,
"unit": "seconds"
},
+ "IS_K8S": {
+ "type": "boolean",
+ "label": "Is k8s",
+ "help_text": "Indicates whether the instance is part of a kubernetes-based deployment.",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false
+ },
+ "BULK_JOB_MAX_LAUNCH": {
+ "type": "integer",
+ "label": "Max jobs to allow bulk jobs to launch",
+ "help_text": "Max jobs to allow bulk jobs to launch",
+ "category": "Bulk Actions",
+ "category_slug": "bulk",
+ "defined_in_file": false
+ },
+ "BULK_HOST_MAX_CREATE": {
+ "type": "integer",
+ "label": "Max number of hosts to allow to be created in a single bulk action",
+ "help_text": "Max number of hosts to allow to be created in a single bulk action",
+ "category": "Bulk Actions",
+ "category_slug": "bulk",
+ "defined_in_file": false
+ },
"UI_NEXT": {
"type": "boolean",
"label": "Enable Preview of New User Interface",
@@ -4398,6 +4540,23 @@
"category_slug": "system",
"defined_in_file": false
},
+ "SUBSCRIPTION_USAGE_MODEL": {
+ "type": "choice",
+ "label": "Defines subscription usage model and shows Host Metrics",
+ "category": "System",
+ "category_slug": "system",
+ "defined_in_file": false,
+ "choices": [
+ [
+ "",
+ "Default model for AWX - no subscription. Deletion of host_metrics will not be considered for purposes of managed host counting"
+ ],
+ [
+ "unique_managed_hosts",
+ "Usage based on unique managed nodes in a large historical time frame and delete functionality for no longer used managed nodes"
+ ]
+ ]
+ },
"SESSION_COOKIE_AGE": {
"type": "integer",
"label": "Idle Time Force Log Out",
@@ -4463,6 +4622,14 @@
"category_slug": "authentication",
"defined_in_file": false
},
+ "ALLOW_METRICS_FOR_ANONYMOUS_USERS": {
+ "type": "boolean",
+ "label": "Allow anonymous users to poll metrics",
+ "help_text": "If true, anonymous users are allowed to poll metrics.",
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
"PENDO_TRACKING_STATE": {
"type": "choice",
"label": "User Analytics Tracking State",
@@ -4523,7 +4690,7 @@
"SOCIAL_AUTH_ORGANIZATION_MAP": {
"type": "nested object",
"label": "Social Auth Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "Authentication",
"category_slug": "authentication",
"defined_in_file": false,
@@ -4569,39 +4736,7 @@
"help_text": "Enabling this setting will tell social auth to use the full Email as username instead of the full name",
"category": "Authentication",
"category_slug": "authentication",
- "default": false
- },
- "SOCIAL_AUTH_OIDC_KEY": {
- "type": "string",
- "label": "OIDC Key",
- "help_text": "The OIDC key (Client ID) from your IDP.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": ""
- },
- "SOCIAL_AUTH_OIDC_SECRET": {
- "type": "string",
- "label": "OIDC Secret",
- "help_text": "The OIDC secret (Client Secret) from your IDP.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": ""
- },
- "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": {
- "type": "string",
- "label": "OIDC Provider URL",
- "help_text": "The URL for your OIDC provider, e.g.: http(s)://hostname/.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": ""
- },
- "SOCIAL_AUTH_OIDC_VERIFY_SSL": {
- "type": "boolean",
- "label": "Verify OIDC Provider Certificate",
- "help_text": "Verify the OIDC provider ssl certificate.",
- "category": "Generic OIDC",
- "category_slug": "oidc",
- "default": true
+ "defined_in_file": false
},
"AUTH_LDAP_SERVER_URI": {
"type": "string",
@@ -5830,7 +5965,7 @@
"SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": {
"type": "nested object",
"label": "Google OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "Google OAuth2",
"category_slug": "google-oauth2",
"defined_in_file": false,
@@ -5886,7 +6021,7 @@
"SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": {
"type": "nested object",
"label": "GitHub OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub OAuth2",
"category_slug": "github",
"defined_in_file": false,
@@ -5950,7 +6085,7 @@
"SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": {
"type": "nested object",
"label": "GitHub Organization OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Organization OAuth2",
"category_slug": "github-org",
"defined_in_file": false,
@@ -6014,7 +6149,7 @@
"SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": {
"type": "nested object",
"label": "GitHub Team OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Team OAuth2",
"category_slug": "github-team",
"defined_in_file": false,
@@ -6086,7 +6221,7 @@
"SOCIAL_AUTH_GITHUB_ENTERPRISE_ORGANIZATION_MAP": {
"type": "nested object",
"label": "GitHub Enterprise OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Enterprise OAuth2",
"category_slug": "github-enterprise",
"defined_in_file": false,
@@ -6166,7 +6301,7 @@
"SOCIAL_AUTH_GITHUB_ENTERPRISE_ORG_ORGANIZATION_MAP": {
"type": "nested object",
"label": "GitHub Enterprise Organization OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Enterprise Organization OAuth2",
"category_slug": "github-enterprise-org",
"defined_in_file": false,
@@ -6246,7 +6381,7 @@
"SOCIAL_AUTH_GITHUB_ENTERPRISE_TEAM_ORGANIZATION_MAP": {
"type": "nested object",
"label": "GitHub Enterprise Team OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "GitHub Enterprise Team OAuth2",
"category_slug": "github-enterprise-team",
"defined_in_file": false,
@@ -6302,7 +6437,7 @@
"SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": {
"type": "nested object",
"label": "Azure AD OAuth2 Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "Azure AD OAuth2",
"category_slug": "azuread-oauth2",
"defined_in_file": false,
@@ -6331,6 +6466,38 @@
}
}
},
+ "SOCIAL_AUTH_OIDC_KEY": {
+ "type": "string",
+ "label": "OIDC Key",
+ "help_text": "The OIDC key (Client ID) from your IDP.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_OIDC_SECRET": {
+ "type": "string",
+ "label": "OIDC Secret",
+ "help_text": "The OIDC secret (Client Secret) from your IDP.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": {
+ "type": "string",
+ "label": "OIDC Provider URL",
+ "help_text": "The URL for your OIDC provider including the path up to /.well-known/openid-configuration",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "defined_in_file": false
+ },
+ "SOCIAL_AUTH_OIDC_VERIFY_SSL": {
+ "type": "boolean",
+ "label": "Verify OIDC Provider Certificate",
+ "help_text": "Verify the OIDC provider ssl certificate.",
+ "category": "Generic OIDC",
+ "category_slug": "oidc",
+ "defined_in_file": false
+ },
"SAML_AUTO_CREATE_OBJECTS": {
"type": "boolean",
"label": "Automatically Create Organizations and Teams on SAML Login",
@@ -6469,7 +6636,7 @@
"SOCIAL_AUTH_SAML_ORGANIZATION_MAP": {
"type": "nested object",
"label": "SAML Organization Map",
- "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the \ndocumentation.",
+ "help_text": "Mapping to organization admins/users from social auth accounts. This setting\ncontrols which users are placed into which organizations based on their\nusername and email address. Configuration details are available in the\ndocumentation.",
"category": "SAML",
"category_slug": "saml",
"defined_in_file": false,
@@ -6522,7 +6689,7 @@
},
"SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {
"type": "nested object",
- "label": "SAML User Flags Attribute Mapping",
+ "label": "SAML User Flags Attribute Mapping",
"help_text": "Used to map super users and system auditors from SAML.",
"category": "SAML",
"category_slug": "saml",
@@ -6531,6 +6698,42 @@
"type": "field"
}
},
+ "LOCAL_PASSWORD_MIN_LENGTH": {
+ "type": "integer",
+ "label": "Minimum number of characters in local password",
+ "help_text": "Minimum number of characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "LOCAL_PASSWORD_MIN_DIGITS": {
+ "type": "integer",
+ "label": "Minimum number of digit characters in local password",
+ "help_text": "Minimum number of digit characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "LOCAL_PASSWORD_MIN_UPPER": {
+ "type": "integer",
+ "label": "Minimum number of uppercase characters in local password",
+ "help_text": "Minimum number of uppercase characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
+ "LOCAL_PASSWORD_MIN_SPECIAL": {
+ "type": "integer",
+ "label": "Minimum number of special characters in local password",
+ "help_text": "Minimum number of special characters required in a local password. 0 means no minimum",
+ "min_value": 0,
+ "category": "Authentication",
+ "category_slug": "authentication",
+ "defined_in_file": false
+ },
"NAMED_URL_FORMATS": {
"type": "nested object",
"label": "Formats of all available named urls",
diff --git a/awx/ui/src/screens/Setting/shared/data.allSettings.json b/awx/ui/src/screens/Setting/shared/data.allSettings.json
index bf73ce0308..a23c1cfba3 100644
--- a/awx/ui/src/screens/Setting/shared/data.allSettings.json
+++ b/awx/ui/src/screens/Setting/shared/data.allSettings.json
@@ -1,19 +1,19 @@
{
- "ACTIVITY_STREAM_ENABLED":true,
- "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC":false,
- "ORG_ADMINS_CAN_SEE_ALL_USERS":true,
- "MANAGE_ORGANIZATION_AUTH":true,
- "DISABLE_LOCAL_AUTH":false,
- "TOWER_URL_BASE":"https://localhost:3000",
- "REMOTE_HOST_HEADERS":["REMOTE_ADDR","REMOTE_HOST"],
- "PROXY_IP_ALLOWED_LIST":[],
- "LICENSE":{},
- "REDHAT_USERNAME":"",
- "REDHAT_PASSWORD":"",
- "AUTOMATION_ANALYTICS_URL":"https://example.com",
- "INSTALL_UUID":"3f5a4d68-3a94-474c-a3c0-f23a33122ce6",
- "CUSTOM_VENV_PATHS":[],
- "AD_HOC_COMMANDS":[
+ "ACTIVITY_STREAM_ENABLED": true,
+ "ACTIVITY_STREAM_ENABLED_FOR_INVENTORY_SYNC": false,
+ "ORG_ADMINS_CAN_SEE_ALL_USERS": true,
+ "MANAGE_ORGANIZATION_AUTH": true,
+ "DISABLE_LOCAL_AUTH": false,
+ "TOWER_URL_BASE": "https://localhost:3000",
+ "REMOTE_HOST_HEADERS": ["REMOTE_ADDR", "REMOTE_HOST"],
+ "PROXY_IP_ALLOWED_LIST": [],
+ "LICENSE": {},
+ "REDHAT_USERNAME": "",
+ "REDHAT_PASSWORD": "",
+ "AUTOMATION_ANALYTICS_URL": "https://example.com",
+ "INSTALL_UUID": "3f5a4d68-3a94-474c-a3c0-f23a33122ce6",
+ "CUSTOM_VENV_PATHS": [],
+ "AD_HOC_COMMANDS": [
"command",
"shell",
"yum",
@@ -34,278 +34,360 @@
"win_group",
"win_user"
],
- "ALLOW_JINJA_IN_EXTRA_VARS":"template",
- "AWX_ISOLATION_BASE_PATH":"/tmp",
- "AWX_ISOLATION_SHOW_PATHS":[],
- "AWX_TASK_ENV":{},
+ "ALLOW_JINJA_IN_EXTRA_VARS": "template",
+ "AWX_ISOLATION_BASE_PATH": "/tmp",
+ "AWX_ISOLATION_SHOW_PATHS": [],
+ "AWX_TASK_ENV": {},
"GALAXY_TASK_ENV": {
"ANSIBLE_FORCE_COLOR": "false",
"GIT_SSH_COMMAND": "ssh -o StrictHostKeyChecking=no"
- },
- "INSIGHTS_TRACKING_STATE":false,
- "PROJECT_UPDATE_VVV":false,
- "AWX_ROLES_ENABLED":true,
- "AWX_COLLECTIONS_ENABLED":true,
- "AWX_SHOW_PLAYBOOK_LINKS":false,
- "GALAXY_IGNORE_CERTS":false,
- "STDOUT_MAX_BYTES_DISPLAY":1048576,
- "EVENT_STDOUT_MAX_BYTES_DISPLAY":1024,
- "SCHEDULE_MAX_JOBS":10,
- "AWX_RUNNER_KEEPALIVE_SECONDS": 0,
- "AWX_ANSIBLE_CALLBACK_PLUGINS":[],
- "DEFAULT_JOB_TIMEOUT":0,
- "DEFAULT_JOB_IDLE_TIMEOUT":0,
- "DEFAULT_INVENTORY_UPDATE_TIMEOUT":0,
- "DEFAULT_PROJECT_UPDATE_TIMEOUT":0,
- "ANSIBLE_FACT_CACHE_TIMEOUT":0,
- "MAX_FORKS":200,
- "LOG_AGGREGATOR_HOST":null,
- "LOG_AGGREGATOR_PORT":null,
- "LOG_AGGREGATOR_TYPE":null,
- "LOG_AGGREGATOR_USERNAME":"",
- "LOG_AGGREGATOR_PASSWORD":"",
- "LOG_AGGREGATOR_LOGGERS":["awx","activity_stream","job_events","system_tracking"],
- "LOG_AGGREGATOR_INDIVIDUAL_FACTS":false,
- "LOG_AGGREGATOR_ENABLED":true,
- "LOG_AGGREGATOR_TOWER_UUID":"",
- "LOG_AGGREGATOR_PROTOCOL":"https",
- "LOG_AGGREGATOR_TCP_TIMEOUT":5,
- "LOG_AGGREGATOR_VERIFY_CERT":true,
- "LOG_AGGREGATOR_LEVEL":"INFO",
- "LOG_AGGREGATOR_MAX_DISK_USAGE_GB":1,
- "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH":"/var/lib/awx",
- "LOG_AGGREGATOR_RSYSLOGD_DEBUG":false,
- "API_400_ERROR_LOG_FORMAT":"status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}",
- "AUTOMATION_ANALYTICS_LAST_GATHER":null,
- "AUTOMATION_ANALYTICS_GATHER_INTERVAL":14400,
- "SESSION_COOKIE_AGE":1800,
- "SESSIONS_PER_USER":-1,
- "AUTH_BASIC_ENABLED":true,
- "OAUTH2_PROVIDER":{
- "ACCESS_TOKEN_EXPIRE_SECONDS":31536000000,
- "REFRESH_TOKEN_EXPIRE_SECONDS":2628000,
- "AUTHORIZATION_CODE_EXPIRE_SECONDS":600
},
- "ALLOW_OAUTH2_FOR_EXTERNAL_USERS":false,
- "LOGIN_REDIRECT_OVERRIDE":"",
- "PENDO_TRACKING_STATE":"off",
- "CUSTOM_LOGIN_INFO":"",
- "CUSTOM_LOGO":"",
- "MAX_UI_JOB_EVENTS":4000,
- "UI_LIVE_UPDATES_ENABLED":true,
- "AUTHENTICATION_BACKENDS":[
+ "INSIGHTS_TRACKING_STATE": false,
+ "PROJECT_UPDATE_VVV": false,
+ "AWX_ROLES_ENABLED": true,
+ "AWX_COLLECTIONS_ENABLED": true,
+ "AWX_SHOW_PLAYBOOK_LINKS": false,
+ "GALAXY_IGNORE_CERTS": false,
+ "STDOUT_MAX_BYTES_DISPLAY": 1048576,
+ "EVENT_STDOUT_MAX_BYTES_DISPLAY": 1024,
+ "SCHEDULE_MAX_JOBS": 10,
+ "AWX_RUNNER_KEEPALIVE_SECONDS": 0,
+ "AWX_ANSIBLE_CALLBACK_PLUGINS": [],
+ "DEFAULT_JOB_TIMEOUT": 0,
+ "DEFAULT_JOB_IDLE_TIMEOUT": 0,
+ "DEFAULT_INVENTORY_UPDATE_TIMEOUT": 0,
+ "DEFAULT_PROJECT_UPDATE_TIMEOUT": 0,
+ "ANSIBLE_FACT_CACHE_TIMEOUT": 0,
+ "MAX_FORKS": 200,
+ "LOG_AGGREGATOR_HOST": null,
+ "LOG_AGGREGATOR_PORT": null,
+ "LOG_AGGREGATOR_TYPE": null,
+ "LOG_AGGREGATOR_USERNAME": "",
+ "LOG_AGGREGATOR_PASSWORD": "",
+ "LOG_AGGREGATOR_LOGGERS": [
+ "awx",
+ "activity_stream",
+ "job_events",
+ "system_tracking"
+ ],
+ "LOG_AGGREGATOR_INDIVIDUAL_FACTS": false,
+ "LOG_AGGREGATOR_ENABLED": true,
+ "LOG_AGGREGATOR_TOWER_UUID": "",
+ "LOG_AGGREGATOR_PROTOCOL": "https",
+ "LOG_AGGREGATOR_TCP_TIMEOUT": 5,
+ "LOG_AGGREGATOR_VERIFY_CERT": true,
+ "LOG_AGGREGATOR_LEVEL": "INFO",
+ "LOG_AGGREGATOR_MAX_DISK_USAGE_GB": 1,
+ "LOG_AGGREGATOR_MAX_DISK_USAGE_PATH": "/var/lib/awx",
+ "LOG_AGGREGATOR_RSYSLOGD_DEBUG": false,
+ "API_400_ERROR_LOG_FORMAT": "status {status_code} received by user {user_name} attempting to access {url_path} from {remote_addr}",
+ "AUTOMATION_ANALYTICS_LAST_GATHER": null,
+ "AUTOMATION_ANALYTICS_GATHER_INTERVAL": 14400,
+ "SESSION_COOKIE_AGE": 1800,
+ "SESSIONS_PER_USER": -1,
+ "AUTH_BASIC_ENABLED": true,
+ "OAUTH2_PROVIDER": {
+ "ACCESS_TOKEN_EXPIRE_SECONDS": 31536000000,
+ "REFRESH_TOKEN_EXPIRE_SECONDS": 2628000,
+ "AUTHORIZATION_CODE_EXPIRE_SECONDS": 600
+ },
+ "ALLOW_OAUTH2_FOR_EXTERNAL_USERS": false,
+ "LOGIN_REDIRECT_OVERRIDE": "",
+ "PENDO_TRACKING_STATE": "off",
+ "CUSTOM_LOGIN_INFO": "",
+ "CUSTOM_LOGO": "",
+ "MAX_UI_JOB_EVENTS": 4000,
+ "UI_LIVE_UPDATES_ENABLED": true,
+ "AUTHENTICATION_BACKENDS": [
"awx.sso.backends.LDAPBackend",
"awx.sso.backends.RADIUSBackend",
"awx.sso.backends.TACACSPlusBackend",
"social_core.backends.github.GithubTeamOAuth2",
"django.contrib.auth.backends.ModelBackend"
],
- "SOCIAL_AUTH_ORGANIZATION_MAP":null,
- "SOCIAL_AUTH_TEAM_MAP":null,
- "SOCIAL_AUTH_USER_FIELDS":null,
- "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL":false,
- "AUTH_LDAP_SERVER_URI":"ldap://ldap.example.com",
- "AUTH_LDAP_BIND_DN":"cn=eng_user1",
- "AUTH_LDAP_BIND_PASSWORD":"$encrypted$",
- "AUTH_LDAP_START_TLS":false,
- "AUTH_LDAP_CONNECTION_OPTIONS":{"OPT_REFERRALS":0,"OPT_NETWORK_TIMEOUT":30},
- "AUTH_LDAP_USER_SEARCH":[],
- "AUTH_LDAP_USER_DN_TEMPLATE":"uid=%(user)s,OU=Users,DC=example,DC=com",
- "AUTH_LDAP_USER_ATTR_MAP":{},
- "AUTH_LDAP_GROUP_SEARCH":["DC=example,DC=com","SCOPE_SUBTREE","(objectClass=group)"],
- "AUTH_LDAP_GROUP_TYPE":"MemberDNGroupType",
- "AUTH_LDAP_GROUP_TYPE_PARAMS":{"name_attr":"cn","member_attr":"member"},
- "AUTH_LDAP_REQUIRE_GROUP":"CN=Service Users,OU=Users,DC=example,DC=com",
- "AUTH_LDAP_DENY_GROUP":null,
- "AUTH_LDAP_USER_FLAGS_BY_GROUP":{"is_superuser":["cn=superusers"]},
- "AUTH_LDAP_ORGANIZATION_MAP":{},
- "AUTH_LDAP_TEAM_MAP":{},
- "AUTH_LDAP_1_SERVER_URI":"",
- "AUTH_LDAP_1_BIND_DN":"",
- "AUTH_LDAP_1_BIND_PASSWORD":"",
- "AUTH_LDAP_1_START_TLS":true,
- "AUTH_LDAP_1_CONNECTION_OPTIONS":{"OPT_REFERRALS":0,"OPT_NETWORK_TIMEOUT":30},
- "AUTH_LDAP_1_USER_SEARCH":[],
- "AUTH_LDAP_1_USER_DN_TEMPLATE":null,
- "AUTH_LDAP_1_USER_ATTR_MAP":{},
- "AUTH_LDAP_1_GROUP_SEARCH":[],
- "AUTH_LDAP_1_GROUP_TYPE":"MemberDNGroupType",
- "AUTH_LDAP_1_GROUP_TYPE_PARAMS":{"member_attr":"member","name_attr":"cn"},
- "AUTH_LDAP_1_REQUIRE_GROUP":null,
- "AUTH_LDAP_1_DENY_GROUP":"CN=Disabled1",
- "AUTH_LDAP_1_USER_FLAGS_BY_GROUP":{},
- "AUTH_LDAP_1_ORGANIZATION_MAP":{},
- "AUTH_LDAP_1_TEAM_MAP":{},
- "AUTH_LDAP_2_SERVER_URI":"",
- "AUTH_LDAP_2_BIND_DN":"",
- "AUTH_LDAP_2_BIND_PASSWORD":"",
- "AUTH_LDAP_2_START_TLS":false,
- "AUTH_LDAP_2_CONNECTION_OPTIONS":{"OPT_REFERRALS":0,"OPT_NETWORK_TIMEOUT":30},
- "AUTH_LDAP_2_USER_SEARCH":[],
- "AUTH_LDAP_2_USER_DN_TEMPLATE":null,
- "AUTH_LDAP_2_USER_ATTR_MAP":{},
- "AUTH_LDAP_2_GROUP_SEARCH":[],
- "AUTH_LDAP_2_GROUP_TYPE":"MemberDNGroupType",
- "AUTH_LDAP_2_GROUP_TYPE_PARAMS":{"member_attr":"member","name_attr":"cn"},
- "AUTH_LDAP_2_REQUIRE_GROUP":null,
- "AUTH_LDAP_2_DENY_GROUP":"CN=Disabled2",
- "AUTH_LDAP_2_USER_FLAGS_BY_GROUP":{},
- "AUTH_LDAP_2_ORGANIZATION_MAP":{},
- "AUTH_LDAP_2_TEAM_MAP":{},
- "AUTH_LDAP_3_SERVER_URI":"",
- "AUTH_LDAP_3_BIND_DN":"",
- "AUTH_LDAP_3_BIND_PASSWORD":"",
- "AUTH_LDAP_3_START_TLS":false,
- "AUTH_LDAP_3_CONNECTION_OPTIONS":{"OPT_REFERRALS":0,"OPT_NETWORK_TIMEOUT":30},
- "AUTH_LDAP_3_USER_SEARCH":[],
- "AUTH_LDAP_3_USER_DN_TEMPLATE":null,
- "AUTH_LDAP_3_USER_ATTR_MAP":{},
- "AUTH_LDAP_3_GROUP_SEARCH":[],
- "AUTH_LDAP_3_GROUP_TYPE":"MemberDNGroupType",
- "AUTH_LDAP_3_GROUP_TYPE_PARAMS":{"member_attr":"member","name_attr":"cn"},
- "AUTH_LDAP_3_REQUIRE_GROUP":null,
- "AUTH_LDAP_3_DENY_GROUP":null,
- "AUTH_LDAP_3_USER_FLAGS_BY_GROUP":{},
- "AUTH_LDAP_3_ORGANIZATION_MAP":{},
- "AUTH_LDAP_3_TEAM_MAP":{},
- "AUTH_LDAP_4_SERVER_URI":"",
- "AUTH_LDAP_4_BIND_DN":"",
- "AUTH_LDAP_4_BIND_PASSWORD":"",
- "AUTH_LDAP_4_START_TLS":false,
- "AUTH_LDAP_4_CONNECTION_OPTIONS":{"OPT_REFERRALS":0,"OPT_NETWORK_TIMEOUT":30},
- "AUTH_LDAP_4_USER_SEARCH":[],
- "AUTH_LDAP_4_USER_DN_TEMPLATE":null,
- "AUTH_LDAP_4_USER_ATTR_MAP":{},
- "AUTH_LDAP_4_GROUP_SEARCH":[],
- "AUTH_LDAP_4_GROUP_TYPE":"MemberDNGroupType",
- "AUTH_LDAP_4_GROUP_TYPE_PARAMS":{"member_attr":"member","name_attr":"cn"},
- "AUTH_LDAP_4_REQUIRE_GROUP":null,
- "AUTH_LDAP_4_DENY_GROUP":null,
- "AUTH_LDAP_4_USER_FLAGS_BY_GROUP":{},
- "AUTH_LDAP_4_ORGANIZATION_MAP":{},
- "AUTH_LDAP_4_TEAM_MAP":{},
- "AUTH_LDAP_5_SERVER_URI":"",
- "AUTH_LDAP_5_BIND_DN":"",
- "AUTH_LDAP_5_BIND_PASSWORD":"",
- "AUTH_LDAP_5_START_TLS":false,
- "AUTH_LDAP_5_CONNECTION_OPTIONS":{"OPT_REFERRALS":0,"OPT_NETWORK_TIMEOUT":30},
- "AUTH_LDAP_5_USER_SEARCH":[],
- "AUTH_LDAP_5_USER_DN_TEMPLATE":null,
- "AUTH_LDAP_5_USER_ATTR_MAP":{},
- "AUTH_LDAP_5_GROUP_SEARCH":[],
- "AUTH_LDAP_5_GROUP_TYPE":"MemberDNGroupType",
- "AUTH_LDAP_5_GROUP_TYPE_PARAMS":{"member_attr":"member","name_attr":"cn"},
- "AUTH_LDAP_5_REQUIRE_GROUP":null,
- "AUTH_LDAP_5_DENY_GROUP":null,
- "AUTH_LDAP_5_USER_FLAGS_BY_GROUP":{},
- "AUTH_LDAP_5_ORGANIZATION_MAP":{},
- "AUTH_LDAP_5_TEAM_MAP":{},
- "RADIUS_SERVER":"example.org",
- "RADIUS_PORT":1812,
- "RADIUS_SECRET":"$encrypted$",
- "TACACSPLUS_HOST":"",
- "TACACSPLUS_PORT":49,
- "TACACSPLUS_SECRET":"",
- "TACACSPLUS_SESSION_TIMEOUT":5,
- "TACACSPLUS_AUTH_PROTOCOL":"ascii",
- "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL":"https://localhost:3000/sso/complete/google-oauth2/",
- "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY":"",
- "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET":"",
- "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS":[],
- "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS":{},
- "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP":null,
- "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP":null,
- "SOCIAL_AUTH_GITHUB_CALLBACK_URL":"https://localhost:3000/sso/complete/github/",
- "SOCIAL_AUTH_GITHUB_KEY":"",
- "SOCIAL_AUTH_GITHUB_SECRET":"",
- "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP":null,
- "SOCIAL_AUTH_GITHUB_TEAM_MAP":null,
- "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL":"https://localhost:3000/sso/complete/github-org/",
- "SOCIAL_AUTH_GITHUB_ORG_KEY":"",
- "SOCIAL_AUTH_GITHUB_ORG_SECRET":"",
- "SOCIAL_AUTH_GITHUB_ORG_NAME":"",
- "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP":null,
- "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP":null,
- "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL":"https://localhost:3000/sso/complete/github-team/",
- "SOCIAL_AUTH_GITHUB_TEAM_KEY":"OAuth2 key (Client ID)",
- "SOCIAL_AUTH_GITHUB_TEAM_SECRET":"$encrypted$",
- "SOCIAL_AUTH_GITHUB_TEAM_ID":"team_id",
- "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP":{},
- "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP":{},
- "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL":"https://localhost:3000/sso/complete/azuread-oauth2/",
- "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY":"",
- "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET":"",
- "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP":null,
- "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP":null,
- "SAML_AUTO_CREATE_OBJECTS":true,
- "SOCIAL_AUTH_SAML_CALLBACK_URL":"https://localhost:3000/sso/complete/saml/",
- "SOCIAL_AUTH_SAML_METADATA_URL":"https://localhost:3000/sso/metadata/saml/",
- "SOCIAL_AUTH_SAML_SP_ENTITY_ID":"",
- "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT":"",
- "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY":"",
- "SOCIAL_AUTH_SAML_ORG_INFO":{},
- "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT":{},
- "SOCIAL_AUTH_SAML_SUPPORT_CONTACT":{},
- "SOCIAL_AUTH_SAML_ENABLED_IDPS":{},
- "SOCIAL_AUTH_SAML_SECURITY_CONFIG":{"requestedAuthnContext":false},
- "SOCIAL_AUTH_SAML_SP_EXTRA":null,
- "SOCIAL_AUTH_SAML_EXTRA_DATA":null,
- "SOCIAL_AUTH_SAML_ORGANIZATION_MAP":null,
- "SOCIAL_AUTH_SAML_TEAM_MAP":null,
- "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR":{},
- "SOCIAL_AUTH_SAML_TEAM_ATTR":{},
- "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR":{},
- "SOCIAL_AUTH_OIDC_KEY":"",
- "SOCIAL_AUTH_OIDC_SECRET":"",
- "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT":"",
- "SOCIAL_AUTH_OIDC_VERIFY_SSL":true,
- "NAMED_URL_FORMATS":{
- "organizations":"",
- "teams":"++",
- "credential_types":"+",
- "credentials":"+++++",
- "notification_templates":"++",
- "job_templates":"++",
- "projects":"++",
- "inventories":"++",
- "hosts":"++++",
- "groups":"++++",
- "inventory_sources":"++++",
- "inventory_scripts":"++",
- "instance_groups":"",
- "labels":"++",
- "workflow_job_templates":"++",
- "workflow_job_template_nodes":"++++",
- "applications":"++",
- "users":"",
- "instances":""
+ "SOCIAL_AUTH_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_TEAM_MAP": null,
+ "SOCIAL_AUTH_USER_FIELDS": null,
+ "SOCIAL_AUTH_USERNAME_IS_FULL_EMAIL": false,
+ "AUTH_LDAP_SERVER_URI": "ldap://ldap.example.com",
+ "AUTH_LDAP_BIND_DN": "cn=eng_user1",
+ "AUTH_LDAP_BIND_PASSWORD": "$encrypted$",
+ "AUTH_LDAP_START_TLS": false,
+ "AUTH_LDAP_CONNECTION_OPTIONS": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
},
- "NAMED_URL_GRAPH_NODES":{
- "organizations":{"fields":["name"],"adj_list":[]},
- "teams":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "credential_types":{"fields":["name","kind"],"adj_list":[]},
- "credentials":{
- "fields":["name"],
- "adj_list":[["credential_type","credential_types"],["organization","organizations"]]
+ "AUTH_LDAP_USER_SEARCH": [],
+ "AUTH_LDAP_USER_DN_TEMPLATE": "uid=%(user)s,OU=Users,DC=example,DC=com",
+ "AUTH_LDAP_USER_ATTR_MAP": {},
+ "AUTH_LDAP_GROUP_SEARCH": [
+ "DC=example,DC=com",
+ "SCOPE_SUBTREE",
+ "(objectClass=group)"
+ ],
+ "AUTH_LDAP_GROUP_TYPE": "MemberDNGroupType",
+ "AUTH_LDAP_GROUP_TYPE_PARAMS": { "name_attr": "cn", "member_attr": "member" },
+ "AUTH_LDAP_REQUIRE_GROUP": "CN=Service Users,OU=Users,DC=example,DC=com",
+ "AUTH_LDAP_DENY_GROUP": null,
+ "AUTH_LDAP_USER_FLAGS_BY_GROUP": { "is_superuser": ["cn=superusers"] },
+ "AUTH_LDAP_ORGANIZATION_MAP": {},
+ "AUTH_LDAP_TEAM_MAP": {},
+ "AUTH_LDAP_1_SERVER_URI": "",
+ "AUTH_LDAP_1_BIND_DN": "",
+ "AUTH_LDAP_1_BIND_PASSWORD": "",
+ "AUTH_LDAP_1_START_TLS": true,
+ "AUTH_LDAP_1_CONNECTION_OPTIONS": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "AUTH_LDAP_1_USER_SEARCH": [],
+ "AUTH_LDAP_1_USER_DN_TEMPLATE": null,
+ "AUTH_LDAP_1_USER_ATTR_MAP": {},
+ "AUTH_LDAP_1_GROUP_SEARCH": [],
+ "AUTH_LDAP_1_GROUP_TYPE": "MemberDNGroupType",
+ "AUTH_LDAP_1_GROUP_TYPE_PARAMS": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "AUTH_LDAP_1_REQUIRE_GROUP": null,
+ "AUTH_LDAP_1_DENY_GROUP": "CN=Disabled1",
+ "AUTH_LDAP_1_USER_FLAGS_BY_GROUP": {},
+ "AUTH_LDAP_1_ORGANIZATION_MAP": {},
+ "AUTH_LDAP_1_TEAM_MAP": {},
+ "AUTH_LDAP_2_SERVER_URI": "",
+ "AUTH_LDAP_2_BIND_DN": "",
+ "AUTH_LDAP_2_BIND_PASSWORD": "",
+ "AUTH_LDAP_2_START_TLS": false,
+ "AUTH_LDAP_2_CONNECTION_OPTIONS": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "AUTH_LDAP_2_USER_SEARCH": [],
+ "AUTH_LDAP_2_USER_DN_TEMPLATE": null,
+ "AUTH_LDAP_2_USER_ATTR_MAP": {},
+ "AUTH_LDAP_2_GROUP_SEARCH": [],
+ "AUTH_LDAP_2_GROUP_TYPE": "MemberDNGroupType",
+ "AUTH_LDAP_2_GROUP_TYPE_PARAMS": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "AUTH_LDAP_2_REQUIRE_GROUP": null,
+ "AUTH_LDAP_2_DENY_GROUP": "CN=Disabled2",
+ "AUTH_LDAP_2_USER_FLAGS_BY_GROUP": {},
+ "AUTH_LDAP_2_ORGANIZATION_MAP": {},
+ "AUTH_LDAP_2_TEAM_MAP": {},
+ "AUTH_LDAP_3_SERVER_URI": "",
+ "AUTH_LDAP_3_BIND_DN": "",
+ "AUTH_LDAP_3_BIND_PASSWORD": "",
+ "AUTH_LDAP_3_START_TLS": false,
+ "AUTH_LDAP_3_CONNECTION_OPTIONS": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "AUTH_LDAP_3_USER_SEARCH": [],
+ "AUTH_LDAP_3_USER_DN_TEMPLATE": null,
+ "AUTH_LDAP_3_USER_ATTR_MAP": {},
+ "AUTH_LDAP_3_GROUP_SEARCH": [],
+ "AUTH_LDAP_3_GROUP_TYPE": "MemberDNGroupType",
+ "AUTH_LDAP_3_GROUP_TYPE_PARAMS": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "AUTH_LDAP_3_REQUIRE_GROUP": null,
+ "AUTH_LDAP_3_DENY_GROUP": null,
+ "AUTH_LDAP_3_USER_FLAGS_BY_GROUP": {},
+ "AUTH_LDAP_3_ORGANIZATION_MAP": {},
+ "AUTH_LDAP_3_TEAM_MAP": {},
+ "AUTH_LDAP_4_SERVER_URI": "",
+ "AUTH_LDAP_4_BIND_DN": "",
+ "AUTH_LDAP_4_BIND_PASSWORD": "",
+ "AUTH_LDAP_4_START_TLS": false,
+ "AUTH_LDAP_4_CONNECTION_OPTIONS": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "AUTH_LDAP_4_USER_SEARCH": [],
+ "AUTH_LDAP_4_USER_DN_TEMPLATE": null,
+ "AUTH_LDAP_4_USER_ATTR_MAP": {},
+ "AUTH_LDAP_4_GROUP_SEARCH": [],
+ "AUTH_LDAP_4_GROUP_TYPE": "MemberDNGroupType",
+ "AUTH_LDAP_4_GROUP_TYPE_PARAMS": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "AUTH_LDAP_4_REQUIRE_GROUP": null,
+ "AUTH_LDAP_4_DENY_GROUP": null,
+ "AUTH_LDAP_4_USER_FLAGS_BY_GROUP": {},
+ "AUTH_LDAP_4_ORGANIZATION_MAP": {},
+ "AUTH_LDAP_4_TEAM_MAP": {},
+ "AUTH_LDAP_5_SERVER_URI": "",
+ "AUTH_LDAP_5_BIND_DN": "",
+ "AUTH_LDAP_5_BIND_PASSWORD": "",
+ "AUTH_LDAP_5_START_TLS": false,
+ "AUTH_LDAP_5_CONNECTION_OPTIONS": {
+ "OPT_REFERRALS": 0,
+ "OPT_NETWORK_TIMEOUT": 30
+ },
+ "AUTH_LDAP_5_USER_SEARCH": [],
+ "AUTH_LDAP_5_USER_DN_TEMPLATE": null,
+ "AUTH_LDAP_5_USER_ATTR_MAP": {},
+ "AUTH_LDAP_5_GROUP_SEARCH": [],
+ "AUTH_LDAP_5_GROUP_TYPE": "MemberDNGroupType",
+ "AUTH_LDAP_5_GROUP_TYPE_PARAMS": {
+ "member_attr": "member",
+ "name_attr": "cn"
+ },
+ "AUTH_LDAP_5_REQUIRE_GROUP": null,
+ "AUTH_LDAP_5_DENY_GROUP": null,
+ "AUTH_LDAP_5_USER_FLAGS_BY_GROUP": {},
+ "AUTH_LDAP_5_ORGANIZATION_MAP": {},
+ "AUTH_LDAP_5_TEAM_MAP": {},
+ "RADIUS_SERVER": "example.org",
+ "RADIUS_PORT": 1812,
+ "RADIUS_SECRET": "$encrypted$",
+ "TACACSPLUS_HOST": "",
+ "TACACSPLUS_PORT": 49,
+ "TACACSPLUS_SECRET": "",
+ "TACACSPLUS_SESSION_TIMEOUT": 5,
+ "TACACSPLUS_AUTH_PROTOCOL": "ascii",
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_CALLBACK_URL": "https://localhost:3000/sso/complete/google-oauth2/",
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": "",
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": "",
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS": [],
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS": {},
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP": null,
+ "SOCIAL_AUTH_GITHUB_CALLBACK_URL": "https://localhost:3000/sso/complete/github/",
+ "SOCIAL_AUTH_GITHUB_KEY": "",
+ "SOCIAL_AUTH_GITHUB_SECRET": "",
+ "SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_GITHUB_TEAM_MAP": null,
+ "SOCIAL_AUTH_GITHUB_ORG_CALLBACK_URL": "https://localhost:3000/sso/complete/github-org/",
+ "SOCIAL_AUTH_GITHUB_ORG_KEY": "",
+ "SOCIAL_AUTH_GITHUB_ORG_SECRET": "",
+ "SOCIAL_AUTH_GITHUB_ORG_NAME": "",
+ "SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP": null,
+ "SOCIAL_AUTH_GITHUB_TEAM_CALLBACK_URL": "https://localhost:3000/sso/complete/github-team/",
+ "SOCIAL_AUTH_GITHUB_TEAM_KEY": "OAuth2 key (Client ID)",
+ "SOCIAL_AUTH_GITHUB_TEAM_SECRET": "$encrypted$",
+ "SOCIAL_AUTH_GITHUB_TEAM_ID": "team_id",
+ "SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP": {},
+ "SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP": {},
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_CALLBACK_URL": "https://localhost:3000/sso/complete/azuread-oauth2/",
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_KEY": "",
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET": "",
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP": null,
+ "SAML_AUTO_CREATE_OBJECTS": true,
+ "SOCIAL_AUTH_SAML_CALLBACK_URL": "https://localhost:3000/sso/complete/saml/",
+ "SOCIAL_AUTH_SAML_METADATA_URL": "https://localhost:3000/sso/metadata/saml/",
+ "SOCIAL_AUTH_SAML_SP_ENTITY_ID": "",
+ "SOCIAL_AUTH_SAML_SP_PUBLIC_CERT": "",
+ "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": "",
+ "SOCIAL_AUTH_SAML_ORG_INFO": {},
+ "SOCIAL_AUTH_SAML_TECHNICAL_CONTACT": {},
+ "SOCIAL_AUTH_SAML_SUPPORT_CONTACT": {},
+ "SOCIAL_AUTH_SAML_ENABLED_IDPS": {},
+ "SOCIAL_AUTH_SAML_SECURITY_CONFIG": { "requestedAuthnContext": false },
+ "SOCIAL_AUTH_SAML_SP_EXTRA": null,
+ "SOCIAL_AUTH_SAML_EXTRA_DATA": null,
+ "SOCIAL_AUTH_SAML_ORGANIZATION_MAP": null,
+ "SOCIAL_AUTH_SAML_TEAM_MAP": null,
+ "SOCIAL_AUTH_SAML_ORGANIZATION_ATTR": {},
+ "SOCIAL_AUTH_SAML_TEAM_ATTR": {},
+ "SOCIAL_AUTH_SAML_USER_FLAGS_BY_ATTR": {},
+ "SOCIAL_AUTH_OIDC_KEY": "",
+ "SOCIAL_AUTH_OIDC_SECRET": "",
+ "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": "",
+ "SOCIAL_AUTH_OIDC_VERIFY_SSL": true,
+ "NAMED_URL_FORMATS": {
+ "organizations": "",
+ "teams": "++",
+ "credential_types": "+",
+ "credentials": "+++++",
+ "notification_templates": "++",
+ "job_templates": "++",
+ "projects": "++",
+ "inventories": "++",
+ "hosts": "++++",
+ "groups": "++++",
+ "inventory_sources": "++++",
+ "inventory_scripts": "++",
+ "instance_groups": "",
+ "labels": "++",
+ "workflow_job_templates": "++",
+ "workflow_job_template_nodes": "++++",
+ "applications": "++",
+ "users": "",
+ "instances": ""
+ },
+ "LOCAL_PASSWORD_MIN_LENGTH": 0,
+ "LOCAL_PASSWORD_MIN_DIGITS": 0,
+ "LOCAL_PASSWORD_MIN_UPPER": 0,
+ "LOCAL_PASSWORD_MIN_SPECIAL": 0,
+ "NAMED_URL_GRAPH_NODES": {
+ "organizations": { "fields": ["name"], "adj_list": [] },
+ "teams": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
},
- "notification_templates":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "job_templates":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "projects":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "inventories":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "hosts":{"fields":["name"],"adj_list":[["inventory","inventories"]]},
- "groups":{"fields":["name"],"adj_list":[["inventory","inventories"]]},
- "inventory_sources":{"fields":["name"],"adj_list":[["inventory","inventories"]]},
- "inventory_scripts":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "instance_groups":{"fields":["name"],"adj_list":[]},
- "labels":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "workflow_job_templates":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "workflow_job_template_nodes":{
- "fields":["identifier"],
- "adj_list":[["workflow_job_template","workflow_job_templates"]]
+ "credential_types": { "fields": ["name", "kind"], "adj_list": [] },
+ "credentials": {
+ "fields": ["name"],
+ "adj_list": [
+ ["credential_type", "credential_types"],
+ ["organization", "organizations"]
+ ]
},
- "applications":{"fields":["name"],"adj_list":[["organization","organizations"]]},
- "users":{"fields":["username"],"adj_list":[]},
- "instances":{"fields":["hostname"],"adj_list":[]}
+ "notification_templates": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
+ },
+ "job_templates": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
+ },
+ "projects": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
+ },
+ "inventories": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
+ },
+ "hosts": { "fields": ["name"], "adj_list": [["inventory", "inventories"]] },
+ "groups": {
+ "fields": ["name"],
+ "adj_list": [["inventory", "inventories"]]
+ },
+ "inventory_sources": {
+ "fields": ["name"],
+ "adj_list": [["inventory", "inventories"]]
+ },
+ "inventory_scripts": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
+ },
+ "instance_groups": { "fields": ["name"], "adj_list": [] },
+ "labels": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
+ },
+ "workflow_job_templates": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
+ },
+ "workflow_job_template_nodes": {
+ "fields": ["identifier"],
+ "adj_list": [["workflow_job_template", "workflow_job_templates"]]
+ },
+ "applications": {
+ "fields": ["name"],
+ "adj_list": [["organization", "organizations"]]
+ },
+ "users": { "fields": ["username"], "adj_list": [] },
+ "instances": { "fields": ["hostname"], "adj_list": [] }
},
"DEFAULT_EXECUTION_ENVIRONMENT": 1,
"AWX_MOUNT_ISOLATED_PATHS_ON_K8S": false,