* Add gateway support to awxkit
This updates awxkit to add support for gateway when fetching oauth
tokens, which is used during the `login` subcommand. awxkit will first
try fetching a token from gateway and if that fails, fallback to
existing behavior. This change is backwards compatible.
Signed-off-by: Mike Graves <mgraves@redhat.com>
* Address review feedback
This:
* adds coverage for the get_oauth2_token() method
* changes AuthUrls to a TypedDict
* changes the url used for personal token access in gateway
* Address review feedback
This is just minor stylistic changes.
---------
Signed-off-by: Mike Graves <mgraves@redhat.com>
Remove RADIUS authentication from AWX
Do not remove models fields and tables let it for a stage where all the work of removing external auth finished AAP-27707
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
This is a rather hacky, but fixes the DRF pages when going through a
trusted proxy.
Notably: This is meant to primarily fix the DRF pages on downstream
builds while leaving the upstream to function as-is.
When using a trusted proxy, the DRF login and logout endpoints now
redirect to the Platform login page (which respects ?next) and logout
endpoint respectively.
The CSS and JS is inlined because the trusted proxy might only proxy
to /api/ and not /static/ which is a harder problem to solve.
Signed-off-by: Rick Elrod <rick@elrod.me>
* Fix CI for newer debian image
Signed-off-by: Rick Elrod <rick@elrod.me>
* Missed one
Signed-off-by: Rick Elrod <rick@elrod.me>
---------
Signed-off-by: Rick Elrod <rick@elrod.me>
* Add `awx_plugins.interfaces` runtime dependency
* Use `awx_plugins.interfaces` for runtime detection
The original function name was `server_product_name()` but it didn't
really represent what it did. So it was renamed into
`detect_server_product_name()` in an attempt of disambiguation.
* Use `awx_plugins.interfaces` to map container path
The original function `to_container_path` has been renamed into
`get_incontainer_path()` to represent what it does better and make
the imports more obvious.
* Add license file for awx_plugins.interfaces
---------
Co-authored-by: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com>
* There isn't a great reason to allow the UI to edit these meta-data
fields that denote the last time an analytics job ran.
* The only reason I hesitate to mark them uneditable in the API is that
they are useful to change in order to influence when the jobs run.
Mostly for debug purposes or 1-off.
* Removed files from AWX that were moved to awx-plugins.
* Removed credential plugins file from AWX.
* Resolved broken build: added back missing graphics and removed obsolete xrefs.
Adding credential and execution environment roles
validates that the user belongs to the same org
as the credential or EE.
In some situations, the user-org membership has not
yet been synced from gateway to controller.
In this case, controller will make a request to
gateway to check if the user is part of the org.
Signed-off-by: Seth Foster <fosterbseth@gmail.com>
