From d64b6d4dfea8f91027dd80a99d856cc7503b661d Mon Sep 17 00:00:00 2001 From: Gabe Muniz Date: Thu, 26 Jan 2023 14:11:17 -0500 Subject: [PATCH 1/2] adding new management command to allow failsafe enabling of local authenication for disaster recovery or in case 3rd party authenication becomes unavailable --- .../management/commands/enable_auth_system.py | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 awx/main/management/commands/enable_auth_system.py diff --git a/awx/main/management/commands/enable_auth_system.py b/awx/main/management/commands/enable_auth_system.py new file mode 100644 index 0000000000..bbb768ce93 --- /dev/null +++ b/awx/main/management/commands/enable_auth_system.py @@ -0,0 +1,32 @@ +from django.core.management.base import BaseCommand, CommandError +from django.conf import settings +import argparse + + +class Command(BaseCommand): + """enable or disable authentication system""" + + def add_arguments(self, parser): + """ + This adds the --enable functionality to the command using argparse to allow either enable or no-enable + """ + parser.add_argument('--enable', action=argparse.BooleanOptionalAction, help='to disable local auth --no-enable to enable --enable') + + def _enable_disable_auth(self, enable): + """ + this method allows the disabling or enabling of local authenication based on the argument passed into the parser + if no arguments throw a command error, if --enable set the DISABLE_LOCAL_AUTH to False + if --no-enable set to True. Realizing that the flag is counterintuitive to what is expected. + """ + if enable is None: + raise CommandError('Please pass --enable flag to allow local auth or --no-enable flag to disable local auth') + if enable: + settings.DISABLE_LOCAL_AUTH = False + print("Setting has changed to {} allowing local authentication".format(settings.DISABLE_LOCAL_AUTH)) + return + + settings.DISABLE_LOCAL_AUTH = True + print("Setting has changed to {} disallowing local authentication".format(settings.DISABLE_LOCAL_AUTH)) + + def handle(self, **options): + self._enable_disable_auth(options.get('enable')) From 2d9da11443654c355b1451525e643ed4c147dd7f Mon Sep 17 00:00:00 2001 From: Gabe Muniz Date: Mon, 30 Jan 2023 21:07:17 -0500 Subject: [PATCH 2/2] refactored the code to pass both enable and disable flags --- .../management/commands/enable_auth_system.py | 25 +++++++++++-------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/awx/main/management/commands/enable_auth_system.py b/awx/main/management/commands/enable_auth_system.py index bbb768ce93..dcb4c1df8c 100644 --- a/awx/main/management/commands/enable_auth_system.py +++ b/awx/main/management/commands/enable_auth_system.py @@ -1,6 +1,5 @@ from django.core.management.base import BaseCommand, CommandError from django.conf import settings -import argparse class Command(BaseCommand): @@ -8,25 +7,29 @@ class Command(BaseCommand): def add_arguments(self, parser): """ - This adds the --enable functionality to the command using argparse to allow either enable or no-enable + This adds the --enable --disable functionalities to the command using mutally_exclusive to avoid situations in which users pass both flags """ - parser.add_argument('--enable', action=argparse.BooleanOptionalAction, help='to disable local auth --no-enable to enable --enable') + group = parser.add_mutually_exclusive_group() + group.add_argument('--enable', dest='enable', action='store_true', help='Pass --enable to enable local authentication') + group.add_argument('--disable', dest='disable', action='store_true', help='Pass --disable to disable local authentication') - def _enable_disable_auth(self, enable): + def _enable_disable_auth(self, enable, disable): """ this method allows the disabling or enabling of local authenication based on the argument passed into the parser if no arguments throw a command error, if --enable set the DISABLE_LOCAL_AUTH to False if --no-enable set to True. Realizing that the flag is counterintuitive to what is expected. """ - if enable is None: - raise CommandError('Please pass --enable flag to allow local auth or --no-enable flag to disable local auth') + if enable: settings.DISABLE_LOCAL_AUTH = False print("Setting has changed to {} allowing local authentication".format(settings.DISABLE_LOCAL_AUTH)) - return - - settings.DISABLE_LOCAL_AUTH = True - print("Setting has changed to {} disallowing local authentication".format(settings.DISABLE_LOCAL_AUTH)) + + elif disable: + settings.DISABLE_LOCAL_AUTH = True + print("Setting has changed to {} disallowing local authentication".format(settings.DISABLE_LOCAL_AUTH)) + + else: + raise CommandError('Please pass --enable flag to allow local auth or --disable flag to disable local auth') def handle(self, **options): - self._enable_disable_auth(options.get('enable')) + self._enable_disable_auth(options.get('enable'), options.get('disable'))