From 1456cf56f10a5d73aa6ae155ac08348136c04c5e Mon Sep 17 00:00:00 2001 From: jessicamack Date: Fri, 12 Apr 2024 08:20:01 -0400 Subject: [PATCH 1/2] add OIDC config dump --- .../management/commands/dump_auth_config.py | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/awx/main/management/commands/dump_auth_config.py b/awx/main/management/commands/dump_auth_config.py index ce8b778486e7..501858bb7ddf 100644 --- a/awx/main/management/commands/dump_auth_config.py +++ b/awx/main/management/commands/dump_auth_config.py @@ -40,6 +40,13 @@ class Command(BaseCommand): "USER_SEARCH": False, } + DAB_OIDC_AUTHENTICATOR_KEYS = { + "KEY": True, + "SECRET": False, + "OIDC_ENDPOINT": True, + "VERIFY_SSL": False, + } + def get_awx_ldap_settings(self) -> dict[str, dict[str, Any]]: awx_ldap_settings = {} @@ -80,6 +87,13 @@ def get_awx_saml_settings(self) -> dict[str, Any]: return awx_saml_settings + def get_awx_oidc_settings(self) -> dict[str, Any]: + awx_oidc_settings = {} + for awx_oidc_setting in settings_registry.get_registered_settings(category_slug='oidc'): + awx_oidc_settings[awx_oidc_setting.removeprefix("SOCIAL_AUTH_OIDC_")] = getattr(settings, awx_oidc_setting, None) + + return awx_oidc_settings + def format_config_data(self, enabled, awx_settings, type, keys, name): config = { "type": f"awx.authentication.authenticator_plugins.{type}", @@ -158,6 +172,20 @@ def handle(self, *args, **options): ) ) + # dump OIDC settings + awx_oidc_settings = self.get_awx_oidc_settings() + awx_oidc_enabled = self.is_enabled(awx_oidc_settings, self.DAB_OIDC_AUTHENTICATOR_KEYS) + if awx_oidc_enabled: + data.append( + self.format_config_data( + awx_oidc_enabled, + awx_oidc_settings, + "open_id_connect", + self.DAB_OIDC_AUTHENTICATOR_KEYS, + "OIDC", + ) + ) + # write to file if requested if options["output_file"]: # Define the path for the output JSON file From 30d66d90c3b318bdd5840f163e079e1db42057b9 Mon Sep 17 00:00:00 2001 From: jessicamack Date: Tue, 23 Apr 2024 12:58:52 -0400 Subject: [PATCH 2/2] check for missing fields --- awx/main/management/commands/dump_auth_config.py | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/awx/main/management/commands/dump_auth_config.py b/awx/main/management/commands/dump_auth_config.py index d2d315759e10..3e5d165d7c5b 100644 --- a/awx/main/management/commands/dump_auth_config.py +++ b/awx/main/management/commands/dump_auth_config.py @@ -48,13 +48,6 @@ class Command(BaseCommand): "VERIFY_SSL": False, } - DAB_OIDC_AUTHENTICATOR_KEYS = { - "KEY": True, - "SECRET": False, - "OIDC_ENDPOINT": True, - "VERIFY_SSL": False, - } - def is_enabled(self, settings, keys): missing_fields = [] for key, required in keys.items(): @@ -197,7 +190,7 @@ def handle(self, *args, **options): # dump OIDC settings awx_oidc_settings = self.get_awx_oidc_settings() - awx_oidc_enabled = self.is_enabled(awx_oidc_settings, self.DAB_OIDC_AUTHENTICATOR_KEYS) + awx_oidc_enabled, oidc_missing_fields = self.is_enabled(awx_oidc_settings, self.DAB_OIDC_AUTHENTICATOR_KEYS) if awx_oidc_enabled: data.append( self.format_config_data( @@ -208,7 +201,8 @@ def handle(self, *args, **options): "OIDC", ) ) - + else: + data.append({"OIDC_missing_fields": oidc_missing_fields}) # write to file if requested if options["output_file"]: