3rd party auth removal cleanup

- Sequentiallize auth config removal migrations - Remove references to third party auth - update license files - lint fix - Remove unneeded docs - Remove unreferenced file - Remove social auth references from docs - Remove rest of sso dir - Remove references to third part auth in docs - Removed screenshots of UI listing removed settings - Remove AuthView references - Remove unused imports ... Co-Authored-By: jessicamack <[email protected]>
ansible · Oct 15, 2024 · 31e4770 · 31e4770
1 parent 4c76974
commit 31e4770
Show file tree

Hide file tree

Showing 48 changed files with 44 additions and 1,258 deletions.
diff --git a/awx/api/conf.py b/awx/api/conf.py
@@ -34,10 +34,7 @@
  'DISABLE_LOCAL_AUTH',
  field_class=fields.BooleanField,
  label=_('Disable the built-in authentication system'),
- help_text=_(
- "Controls whether users are prevented from using the built-in authentication system. "
- "You probably want to do this if you are using an LDAP integration."
- ),
+ help_text=_("Controls whether users are prevented from using the built-in authentication system. "),
  category=_('Authentication'),
  category_slug='authentication',
 )
@@ -70,20 +67,6 @@
  category_slug='authentication',
  unit=_('seconds'),
 )
-register(
- 'ALLOW_OAUTH2_FOR_EXTERNAL_USERS',
- field_class=fields.BooleanField,
- default=False,
- label=_('Allow External Users to Create OAuth2 Tokens'),
- help_text=_(
- 'For security reasons, users from external auth providers (LDAP, SSO, '
- ' and others) are not allowed to create OAuth2 tokens. '
- 'To change this behavior, enable this setting. Existing tokens will '
- 'not be deleted when this setting is toggled off.'
- ),
- category=_('Authentication'),
- category_slug='authentication',
-)
 register(
  'LOGIN_REDIRECT_OVERRIDE',
  field_class=fields.CharField,

diff --git a/awx/api/generics.py b/awx/api/generics.py
@@ -130,7 +130,6 @@ def post(self, request, *args, **kwargs):
 
 
 class LoggedLogoutView(auth_views.LogoutView):
-
  success_url_allowed_hosts = set(settings.LOGOUT_ALLOWED_HOSTS.split(",")) if settings.LOGOUT_ALLOWED_HOSTS else set()
 
  def dispatch(self, request, *args, **kwargs):

diff --git a/awx/api/urls/urls.py b/awx/api/urls/urls.py
@@ -15,7 +15,6 @@
  ApiV2AttachView,
 )
 from awx.api.views import (
- AuthView,
  UserMeList,
  DashboardView,
  DashboardJobsGraphView,
@@ -106,7 +105,6 @@
  re_path(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'),
  re_path(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'),
  re_path(r'^config/attach/$', ApiV2AttachView.as_view(), name='api_v2_attach_view'),
- re_path(r'^auth/$', AuthView.as_view()),
  re_path(r'^me/$', UserMeList.as_view(), name='user_me_list'),
  re_path(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'),
  re_path(r'^dashboard/graphs/jobs/$', DashboardJobsGraphView.as_view(), name='dashboard_jobs_graph_view'),

diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py
@@ -36,7 +36,7 @@
 # Django REST Framework
 from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound
 from rest_framework.parsers import FormParser
-from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.renderers import JSONRenderer, StaticHTMLRenderer
 from rest_framework.response import Response
 from rest_framework.settings import api_settings
@@ -126,9 +126,6 @@
 from awx.api.pagination import UnifiedJobEventPagination
 from awx.main.utils import set_environ
 
-if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
- from ansible_base.authentication.models.authenticator import Authenticator as AnsibleBaseAuthenticator
-
 logger = logging.getLogger('awx.api.views')
 
 
@@ -676,29 +673,6 @@ class ScheduleUnifiedJobsList(SubListAPIView):
  name = _('Schedule Jobs List')
 
 
-class AuthView(APIView):
- '''List enabled single-sign-on endpoints'''
-
- authentication_classes = []
- permission_classes = (AllowAny,)
- swagger_topic = 'System Configuration'
-
- def get(self, request):
- data = OrderedDict()
- if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
- # app is using ansible_base authentication
- # add ansible_base authenticators
- authenticators = AnsibleBaseAuthenticator.objects.filter(enabled=True, category="sso")
- for authenticator in authenticators:
- login_url = authenticator.get_login_url()
- data[authenticator.name] = {
- 'login_url': login_url,
- 'name': authenticator.name,
- }
-
- return Response(data)
-
-
 def immutablesharedfields(cls):
  '''
  Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False.

diff --git a/.../migrations/0011_remove_oidc_auth_conf.py → .../migrations/0012_remove_oidc_auth_conf.py b/.../migrations/0011_remove_oidc_auth_conf.py → .../migrations/0012_remove_oidc_auth_conf.py
@@ -12,7 +12,7 @@ def remove_oidc_auth_conf(apps, scheme_editor):
 
 class Migration(migrations.Migration):
  dependencies = [
- ('conf', '0010_change_to_JSONField'),
+ ('conf', '0011_remove_ldap_auth_conf'),
  ]
 
  operations = [

diff --git a/...igrations/0011_remove_radius_auth_conf.py → ...igrations/0013_remove_radius_auth_conf.py b/...igrations/0011_remove_radius_auth_conf.py → ...igrations/0013_remove_radius_auth_conf.py
@@ -13,9 +13,8 @@ def remove_radius_auth_conf(apps, scheme_editor):
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
- ('conf', '0010_change_to_JSONField'),
+ ('conf', '0012_remove_oidc_auth_conf'),
  ]
 
  operations = [

diff --git a/.../migrations/0011_remove_saml_auth_conf.py → .../migrations/0014_remove_saml_auth_conf.py b/.../migrations/0011_remove_saml_auth_conf.py → .../migrations/0014_remove_saml_auth_conf.py
@@ -30,9 +30,8 @@ def remove_saml_auth_conf(apps, scheme_editor):
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
- ('conf', '0010_change_to_JSONField'),
+ ('conf', '0013_remove_radius_auth_conf'),
  ]
 
  operations = [

diff --git a/...grations/0011_remove_social_oauth_conf.py → ...grations/0015_remove_social_oauth_conf.py b/...grations/0011_remove_social_oauth_conf.py → ...grations/0015_remove_social_oauth_conf.py
@@ -72,9 +72,8 @@ def remove_social_oauth_conf(apps, scheme_editor):
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
- ('conf', '0010_change_to_JSONField'),
+ ('conf', '0014_remove_saml_auth_conf'),
  ]
 
  operations = [

diff --git a/...ions/0011_remove_tacacs_plus_auth_conf.py → ...ions/0016_remove_tacacs_plus_auth_conf.py b/...ions/0011_remove_tacacs_plus_auth_conf.py → ...ions/0016_remove_tacacs_plus_auth_conf.py
@@ -16,9 +16,8 @@ def remove_tacacs_plus_auth_conf(apps, scheme_editor):
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
- ('conf', '0010_change_to_JSONField'),
+ ('conf', '0015_remove_social_oauth_conf'),
  ]
 
  operations = [

diff --git a/awx/conf/tests/unit/test_fields.py b/awx/conf/tests/unit/test_fields.py
@@ -111,7 +111,6 @@ class TestURLField:
  @pytest.mark.parametrize(
  "url,schemes,regex, allow_numbers_in_top_level_domain, expect_no_error",
  [
- ("ldap://www.example.org42", "ldap", None, True, True),
  ("https://www.example.org42", "https", None, False, False),
  ("https://www.example.org", None, regex, None, True),
  ("https://www.example3.org", None, regex, None, False),

diff --git a/awx/main/conf.py b/awx/main/conf.py
@@ -46,10 +46,7 @@
  'MANAGE_ORGANIZATION_AUTH',
  field_class=fields.BooleanField,
  label=_('Organization Admins Can Manage Users and Teams'),
- help_text=_(
- 'Controls whether any Organization Admin has the privileges to create and manage users and teams. '
- 'You may want to disable this ability if you are using an LDAP integration.'
- ),
+ help_text=_('Controls whether any Organization Admin has the privileges to create and manage users and teams.'),
  category=_('System'),
  category_slug='system',
 )

diff --git a/awx/main/migrations/0193_alter_notification_notification_type_and_more.py b/awx/main/migrations/0193_alter_notification_notification_type_and_more.py
@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
  ('main', '0192_custom_roles'),
  ]

diff --git a/awx/main/migrations/0194_alter_inventorysource_source_and_more.py b/awx/main/migrations/0194_alter_inventorysource_source_and_more.py
@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
  ('main', '0193_alter_notification_notification_type_and_more'),
  ]

diff --git a/awx/main/migrations/0195_EE_permissions.py b/awx/main/migrations/0195_EE_permissions.py
@@ -12,7 +12,6 @@ def delete_execution_environment_read_role(apps, schema_editor):
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
  ('main', '0194_alter_inventorysource_source_and_more'),
  ]

diff --git a/awx/main/migrations/0196_delete_profile.py b/awx/main/migrations/0196_delete_profile.py
@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
  ('main', '0195_EE_permissions'),
  ]

diff --git a/awx/main/migrations/0197_remove_sso_app_content.py b/awx/main/migrations/0197_remove_sso_app_content.py
@@ -4,7 +4,6 @@
 
 
 class Migration(migrations.Migration):
-
  dependencies = [
  ('main', '0196_delete_profile'),
  ]

diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
@@ -397,7 +397,6 @@
 OAUTH2_PROVIDER_ID_TOKEN_MODEL = "oauth2_provider.IDToken"
 
 OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000}
-ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False
 
 
 # Enable / Disable HTTP Basic Authentication used in the API browser

diff --git a/awx/sso/migrations/0004_alter_userenterpriseauth_provider.py b/awx/sso/migrations/0004_alter_userenterpriseauth_provider.py
diff --git a/docs/auth/README.md b/docs/auth/README.md