diff --git a/awx/conf/migrations/0011_remove_oidc_auth_conf.py b/awx/conf/migrations/0011_remove_oidc_auth_conf.py new file mode 100644 index 000000000000..f3393f3f44ef --- /dev/null +++ b/awx/conf/migrations/0011_remove_oidc_auth_conf.py @@ -0,0 +1,20 @@ +# Generated by Django 4.2.10 on 2024-08-27 19:31 + +from django.db import migrations + +OIDC_AUTH_CONF_KEYS = ['SOCIAL_AUTH_OIDC_KEY', 'SOCIAL_AUTH_OIDC_SECRET', 'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT', 'SOCIAL_AUTH_OIDC_VERIFY_SSL'] + + +def remove_oidc_auth_conf(apps, scheme_editor): + setting = apps.get_model('conf', 'Setting') + setting.objects.filter(key__in=OIDC_AUTH_CONF_KEYS).delete() + + +class Migration(migrations.Migration): + dependencies = [ + ('conf', '0010_change_to_JSONField'), + ] + + operations = [ + migrations.RunPython(remove_oidc_auth_conf), + ] diff --git a/awx/sso/conf.py b/awx/sso/conf.py index 09befcaa0fc4..decac4028fb6 100644 --- a/awx/sso/conf.py +++ b/awx/sso/conf.py @@ -143,54 +143,6 @@ def __call__(self): category_slug='authentication', ) - ############################################################################### - # Generic OIDC AUTHENTICATION SETTINGS - ############################################################################### - - register( - 'SOCIAL_AUTH_OIDC_KEY', - field_class=fields.CharField, - allow_null=False, - default=None, - label=_('OIDC Key'), - help_text='The OIDC key (Client ID) from your IDP.', - category=_('Generic OIDC'), - category_slug='oidc', - ) - - register( - 'SOCIAL_AUTH_OIDC_SECRET', - field_class=fields.CharField, - allow_blank=True, - default='', - label=_('OIDC Secret'), - help_text=_('The OIDC secret (Client Secret) from your IDP.'), - category=_('Generic OIDC'), - category_slug='oidc', - encrypted=True, - ) - - register( - 'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT', - field_class=fields.CharField, - allow_blank=True, - default='', - label=_('OIDC Provider URL'), - help_text=_('The URL for your OIDC provider including the path up to /.well-known/openid-configuration'), - category=_('Generic OIDC'), - category_slug='oidc', - ) - - register( - 'SOCIAL_AUTH_OIDC_VERIFY_SSL', - field_class=fields.BooleanField, - default=True, - label=_('Verify OIDC Provider Certificate'), - help_text=_('Verify the OIDC provider ssl certificate.'), - category=_('Generic OIDC'), - category_slug='oidc', - ) - ############################################################################### # SAML AUTHENTICATION SETTINGS ############################################################################### diff --git a/awx/sso/tests/functional/test_common.py b/awx/sso/tests/functional/test_common.py index 8a7456b70380..cfed45649c84 100644 --- a/awx/sso/tests/functional/test_common.py +++ b/awx/sso/tests/functional/test_common.py @@ -303,24 +303,14 @@ def test_get_or_create_org_with_default_galaxy_cred_no_galaxy_cred(self, galaxy_ (True, False, 'social'), ], ) - def test_get_external_account(self, enable_social, enable_enterprise, expected_results): + + def test_get_external_account(self, enable_enterprise, expected_results): try: user = User.objects.get(username="external_tester") except User.DoesNotExist: user = User(username="external_tester") user.set_unusable_password() user.save() - - if enable_social: - from social_django.models import UserSocialAuth - - social_auth, _ = UserSocialAuth.objects.get_or_create( - uid='667ec049-cdf3-45d0-a4dc-0465f7505954', - provider='oidc', - extra_data={}, - user_id=user.id, - ) - user.social_auth.set([social_auth]) if enable_enterprise: from awx.sso.models import UserEnterpriseAuth @@ -335,8 +325,6 @@ def test_get_external_account(self, enable_social, enable_enterprise, expected_r # Set none of the social auth settings ('JUNK_SETTING', False), ('SOCIAL_AUTH_SAML_ENABLED_IDPS', True), - # Set some SOCIAL_SOCIAL_AUTH_OIDC_KEYAUTH_*_KEY settings - ('SOCIAL_AUTH_OIDC_KEY', True), # Try a hypothetical future one ('SOCIAL_AUTH_GIBBERISH_KEY', True), # Do a SAML one diff --git a/tools/docker-compose/README.md b/tools/docker-compose/README.md index 4175269f63b4..c8b7d32e2e42 100644 --- a/tools/docker-compose/README.md +++ b/tools/docker-compose/README.md @@ -271,7 +271,6 @@ $ make docker-compose - [Using Logstash](./docs/logstash.md) - [Start a Cluster](#start-a-cluster) - [Start with Minikube](#start-with-minikube) -- [SAML and OIDC Integration](#saml-and-oidc-integration) - [Splunk Integration](#splunk-integration) ### Start a Shell @@ -352,7 +351,6 @@ If you want to clean all things once your are done, you can do: (host)$ make docker-compose-container-group-clean ``` - ### Splunk Integration Splunk is a log aggregation tool that can be used to test AWX with external logging integration. This section describes how to build a reference Splunk instance and plumb it with your AWX for testing purposes. diff --git a/tools/docker-compose/ansible/templates/oidc_settings.json.j2 b/tools/docker-compose/ansible/templates/oidc_settings.json.j2 deleted file mode 100644 index dfeaa5809b39..000000000000 --- a/tools/docker-compose/ansible/templates/oidc_settings.json.j2 +++ /dev/null @@ -1,6 +0,0 @@ -{ - "SOCIAL_AUTH_OIDC_KEY": "awx_oidc_client", - "SOCIAL_AUTH_OIDC_SECRET": "7b1c3527-8702-4742-af69-2b74ee5742e8", - "SOCIAL_AUTH_OIDC_OIDC_ENDPOINT": "https://{{ oidc_reference | default(container_reference) }}:8443/auth/realms/awx", - "SOCIAL_AUTH_OIDC_VERIFY_SSL": "False" -}