Skip to content

Commit

Permalink
3rd party auth removal cleanup
Browse files Browse the repository at this point in the history
- Sequentiallize auth config removal migrations
- Remove references to third party auth
- update license files
- lint fix
- Remove unneeded docs
- Remove unreferenced file
- Remove social auth references from docs
- Remove rest of sso dir
- Remove references to third part auth in docs
- Removed screenshots of UI listing removed settings
- Remove AuthView references
- Remove unused imports
...

Co-Authored-By: jessicamack <[email protected]>
  • Loading branch information
TheRealHaoLiu and jessicamack committed Oct 15, 2024
1 parent 3d0bb21 commit 5d80cad
Show file tree
Hide file tree
Showing 48 changed files with 44 additions and 1,258 deletions.
19 changes: 1 addition & 18 deletions awx/api/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,10 +34,7 @@
'DISABLE_LOCAL_AUTH',
field_class=fields.BooleanField,
label=_('Disable the built-in authentication system'),
help_text=_(
"Controls whether users are prevented from using the built-in authentication system. "
"You probably want to do this if you are using an LDAP integration."
),
help_text=_("Controls whether users are prevented from using the built-in authentication system. "),
category=_('Authentication'),
category_slug='authentication',
)
Expand Down Expand Up @@ -70,20 +67,6 @@
category_slug='authentication',
unit=_('seconds'),
)
register(
'ALLOW_OAUTH2_FOR_EXTERNAL_USERS',
field_class=fields.BooleanField,
default=False,
label=_('Allow External Users to Create OAuth2 Tokens'),
help_text=_(
'For security reasons, users from external auth providers (LDAP, SSO, '
' and others) are not allowed to create OAuth2 tokens. '
'To change this behavior, enable this setting. Existing tokens will '
'not be deleted when this setting is toggled off.'
),
category=_('Authentication'),
category_slug='authentication',
)
register(
'LOGIN_REDIRECT_OVERRIDE',
field_class=fields.CharField,
Expand Down
1 change: 0 additions & 1 deletion awx/api/generics.py
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,6 @@ def post(self, request, *args, **kwargs):


class LoggedLogoutView(auth_views.LogoutView):

success_url_allowed_hosts = set(settings.LOGOUT_ALLOWED_HOSTS.split(",")) if settings.LOGOUT_ALLOWED_HOSTS else set()

def dispatch(self, request, *args, **kwargs):
Expand Down
2 changes: 0 additions & 2 deletions awx/api/urls/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
ApiV2AttachView,
)
from awx.api.views import (
AuthView,
UserMeList,
DashboardView,
DashboardJobsGraphView,
Expand Down Expand Up @@ -106,7 +105,6 @@
re_path(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'),
re_path(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'),
re_path(r'^config/attach/$', ApiV2AttachView.as_view(), name='api_v2_attach_view'),
re_path(r'^auth/$', AuthView.as_view()),
re_path(r'^me/$', UserMeList.as_view(), name='user_me_list'),
re_path(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'),
re_path(r'^dashboard/graphs/jobs/$', DashboardJobsGraphView.as_view(), name='dashboard_jobs_graph_view'),
Expand Down
28 changes: 1 addition & 27 deletions awx/api/views/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
# Django REST Framework
from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound
from rest_framework.parsers import FormParser
from rest_framework.permissions import AllowAny, IsAuthenticated
from rest_framework.permissions import IsAuthenticated
from rest_framework.renderers import JSONRenderer, StaticHTMLRenderer
from rest_framework.response import Response
from rest_framework.settings import api_settings
Expand Down Expand Up @@ -126,9 +126,6 @@
from awx.api.pagination import UnifiedJobEventPagination
from awx.main.utils import set_environ

if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
from ansible_base.authentication.models.authenticator import Authenticator as AnsibleBaseAuthenticator

logger = logging.getLogger('awx.api.views')


Expand Down Expand Up @@ -676,29 +673,6 @@ class ScheduleUnifiedJobsList(SubListAPIView):
name = _('Schedule Jobs List')


class AuthView(APIView):
'''List enabled single-sign-on endpoints'''

authentication_classes = []
permission_classes = (AllowAny,)
swagger_topic = 'System Configuration'

def get(self, request):
data = OrderedDict()
if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []):
# app is using ansible_base authentication
# add ansible_base authenticators
authenticators = AnsibleBaseAuthenticator.objects.filter(enabled=True, category="sso")
for authenticator in authenticators:
login_url = authenticator.get_login_url()
data[authenticator.name] = {
'login_url': login_url,
'name': authenticator.name,
}

return Response(data)


def immutablesharedfields(cls):
'''
Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ def remove_oidc_auth_conf(apps, scheme_editor):

class Migration(migrations.Migration):
dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0011_remove_ldap_auth_conf'),
]

operations = [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,8 @@ def remove_radius_auth_conf(apps, scheme_editor):


class Migration(migrations.Migration):

dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0012_remove_oidc_auth_conf'),
]

operations = [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,8 @@ def remove_saml_auth_conf(apps, scheme_editor):


class Migration(migrations.Migration):

dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0013_remove_radius_auth_conf'),
]

operations = [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,8 @@ def remove_social_oauth_conf(apps, scheme_editor):


class Migration(migrations.Migration):

dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0014_remove_saml_auth_conf'),
]

operations = [
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,8 @@ def remove_tacacs_plus_auth_conf(apps, scheme_editor):


class Migration(migrations.Migration):

dependencies = [
('conf', '0010_change_to_JSONField'),
('conf', '0015_remove_social_oauth_conf'),
]

operations = [
Expand Down
1 change: 0 additions & 1 deletion awx/conf/tests/unit/test_fields.py
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,6 @@ class TestURLField:
@pytest.mark.parametrize(
"url,schemes,regex, allow_numbers_in_top_level_domain, expect_no_error",
[
("ldap://www.example.org42", "ldap", None, True, True),
("https://www.example.org42", "https", None, False, False),
("https://www.example.org", None, regex, None, True),
("https://www.example3.org", None, regex, None, False),
Expand Down
5 changes: 1 addition & 4 deletions awx/main/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,7 @@
'MANAGE_ORGANIZATION_AUTH',
field_class=fields.BooleanField,
label=_('Organization Admins Can Manage Users and Teams'),
help_text=_(
'Controls whether any Organization Admin has the privileges to create and manage users and teams. '
'You may want to disable this ability if you are using an LDAP integration.'
),
help_text=_('Controls whether any Organization Admin has the privileges to create and manage users and teams.'),
category=_('System'),
category_slug='system',
)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@


class Migration(migrations.Migration):

dependencies = [
('main', '0192_custom_roles'),
]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@


class Migration(migrations.Migration):

dependencies = [
('main', '0193_alter_notification_notification_type_and_more'),
]
Expand Down
1 change: 0 additions & 1 deletion awx/main/migrations/0195_EE_permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ def delete_execution_environment_read_role(apps, schema_editor):


class Migration(migrations.Migration):

dependencies = [
('main', '0194_alter_inventorysource_source_and_more'),
]
Expand Down
1 change: 0 additions & 1 deletion awx/main/migrations/0196_delete_profile.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@


class Migration(migrations.Migration):

dependencies = [
('main', '0195_EE_permissions'),
]
Expand Down
1 change: 0 additions & 1 deletion awx/main/migrations/0197_remove_sso_app_content.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@


class Migration(migrations.Migration):

dependencies = [
('main', '0196_delete_profile'),
]
Expand Down
1 change: 0 additions & 1 deletion awx/settings/defaults.py
Original file line number Diff line number Diff line change
Expand Up @@ -393,7 +393,6 @@
OAUTH2_PROVIDER_ID_TOKEN_MODEL = "oauth2_provider.IDToken"

OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000}
ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False


# Enable / Disable HTTP Basic Authentication used in the API browser
Expand Down
18 changes: 0 additions & 18 deletions awx/sso/migrations/0004_alter_userenterpriseauth_provider.py

This file was deleted.

12 changes: 0 additions & 12 deletions docs/auth/README.md

This file was deleted.

Loading

0 comments on commit 5d80cad

Please sign in to comment.