Remove OIDC (#15569)

* remove oidc * remove test fields, linting fix * merge commit
ansible · Oct 15, 2024 · 9077aaa · 9077aaa
1 parent 9aca18c
commit 9077aaa
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 70 deletions.
diff --git a/awx/conf/migrations/0011_remove_oidc_auth_conf.py b/awx/conf/migrations/0011_remove_oidc_auth_conf.py
@@ -0,0 +1,20 @@
+# Generated by Django 4.2.10 on 2024-08-27 19:31
+
+from django.db import migrations
+
+OIDC_AUTH_CONF_KEYS = ['SOCIAL_AUTH_OIDC_KEY', 'SOCIAL_AUTH_OIDC_SECRET', 'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT', 'SOCIAL_AUTH_OIDC_VERIFY_SSL']
+
+
+def remove_oidc_auth_conf(apps, scheme_editor):
+    setting = apps.get_model('conf', 'Setting')
+    setting.objects.filter(key__in=OIDC_AUTH_CONF_KEYS).delete()
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ('conf', '0010_change_to_JSONField'),
+    ]
+
+    operations = [
+        migrations.RunPython(remove_oidc_auth_conf),
+    ]
diff --git a/awx/sso/conf.py b/awx/sso/conf.py
@@ -143,54 +143,6 @@ def __call__(self):
         category_slug='authentication',
     )
 
-    ###############################################################################
-    # Generic OIDC AUTHENTICATION SETTINGS
-    ###############################################################################
-
-    register(
-        'SOCIAL_AUTH_OIDC_KEY',
-        field_class=fields.CharField,
-        allow_null=False,
-        default=None,
-        label=_('OIDC Key'),
-        help_text='The OIDC key (Client ID) from your IDP.',
-        category=_('Generic OIDC'),
-        category_slug='oidc',
-    )
-
-    register(
-        'SOCIAL_AUTH_OIDC_SECRET',
-        field_class=fields.CharField,
-        allow_blank=True,
-        default='',
-        label=_('OIDC Secret'),
-        help_text=_('The OIDC secret (Client Secret) from your IDP.'),
-        category=_('Generic OIDC'),
-        category_slug='oidc',
-        encrypted=True,
-    )
-
-    register(
-        'SOCIAL_AUTH_OIDC_OIDC_ENDPOINT',
-        field_class=fields.CharField,
-        allow_blank=True,
-        default='',
-        label=_('OIDC Provider URL'),
-        help_text=_('The URL for your OIDC provider including the path up to /.well-known/openid-configuration'),
-        category=_('Generic OIDC'),
-        category_slug='oidc',
-    )
-
-    register(
-        'SOCIAL_AUTH_OIDC_VERIFY_SSL',
-        field_class=fields.BooleanField,
-        default=True,
-        label=_('Verify OIDC Provider Certificate'),
-        help_text=_('Verify the OIDC provider ssl certificate.'),
-        category=_('Generic OIDC'),
-        category_slug='oidc',
-    )
-
     ###############################################################################
     # SAML AUTHENTICATION SETTINGS
     ###############################################################################

diff --git a/awx/sso/tests/functional/test_common.py b/awx/sso/tests/functional/test_common.py
@@ -303,24 +303,14 @@ def test_get_or_create_org_with_default_galaxy_cred_no_galaxy_cred(self, galaxy_
             (True, False, 'social'),
         ],
     )
-    def test_get_external_account(self, enable_social, enable_enterprise, expected_results):
+
+    def test_get_external_account(self, enable_enterprise, expected_results):
         try:
             user = User.objects.get(username="external_tester")
         except User.DoesNotExist:
             user = User(username="external_tester")
             user.set_unusable_password()
             user.save()
-
-        if enable_social:
-            from social_django.models import UserSocialAuth
-
-            social_auth, _ = UserSocialAuth.objects.get_or_create(
-                uid='667ec049-cdf3-45d0-a4dc-0465f7505954',
-                provider='oidc',
-                extra_data={},
-                user_id=user.id,
-            )
-            user.social_auth.set([social_auth])
         if enable_enterprise:
             from awx.sso.models import UserEnterpriseAuth
 
@@ -335,8 +325,6 @@ def test_get_external_account(self, enable_social, enable_enterprise, expected_r
             # Set none of the social auth settings
             ('JUNK_SETTING', False),
             ('SOCIAL_AUTH_SAML_ENABLED_IDPS', True),
-            # Set some SOCIAL_SOCIAL_AUTH_OIDC_KEYAUTH_*_KEY settings
-            ('SOCIAL_AUTH_OIDC_KEY', True),
             # Try a hypothetical future one
             ('SOCIAL_AUTH_GIBBERISH_KEY', True),
             # Do a SAML one

diff --git a/tools/docker-compose/README.md b/tools/docker-compose/README.md
@@ -271,7 +271,6 @@ $ make docker-compose
 - [Using Logstash](./docs/logstash.md)
 - [Start a Cluster](#start-a-cluster)
 - [Start with Minikube](#start-with-minikube)
-- [SAML and OIDC Integration](#saml-and-oidc-integration)
 - [Splunk Integration](#splunk-integration)
 
 ### Start a Shell
@@ -352,7 +351,6 @@ If you want to clean all things once your are done, you can do:
 (host)$ make docker-compose-container-group-clean
 ```
 
-
 ### Splunk Integration
 
 Splunk is a log aggregation tool that can be used to test AWX with external logging integration. This section describes how to build a reference Splunk instance and plumb it with your AWX for testing purposes.

diff --git a/tools/docker-compose/ansible/templates/oidc_settings.json.j2 b/tools/docker-compose/ansible/templates/oidc_settings.json.j2