awx/awx/sso/utils/oidc_migrator.py

"""
Generic OIDC authenticator migrator.

This module handles the migration of generic OIDC authenticators from AWX to Gateway.
"""

from awx.sso.utils.base_migrator import BaseAuthenticatorMigrator


class OIDCMigrator(BaseAuthenticatorMigrator):
    """
    Handles the migration of generic OIDC authenticators from AWX to Gateway.
    """

    def get_authenticator_type(self):
        """Get the human-readable authenticator type name."""
        return "OIDC"

    def get_controller_config(self):
        """
        Export generic OIDC authenticators. An OIDC authenticator is only exported if both,
        id and secret, are defined. Otherwise it will be skipped.

        Returns:
            list: List of configured OIDC authentication providers with their settings
        """
        # TODO: Implement OIDC configuration retrieval
        # OIDC settings typically include:
        # - SOCIAL_AUTH_OIDC_KEY
        # - SOCIAL_AUTH_OIDC_SECRET
        # - SOCIAL_AUTH_OIDC_SCOPE
        # - SOCIAL_AUTH_OIDC_OIDC_ENDPOINT
        # - SOCIAL_AUTH_OIDC_VERIFY_SSL
        # - SOCIAL_AUTH_OIDC_ORGANIZATION_MAP
        # - SOCIAL_AUTH_OIDC_TEAM_MAP
        found_configs = []
        return found_configs

    def create_gateway_authenticator(self, config):
        """Create a generic OIDC authenticator in Gateway."""
        # TODO: Implement OIDC authenticator creation
        # When implementing, use this pattern for slug generation:
        # client_id = settings.get('SOCIAL_AUTH_OIDC_KEY', 'oidc')
        # authenticator_slug = self._generate_authenticator_slug('oidc', category, client_id)
        # OIDC requires:
        # - Client ID and secret
        # - OIDC endpoint URL
        # - Proper scope configuration
        # - SSL verification settings
        self._write_output('OIDC authenticator creation not yet implemented', 'warning')
        return False