diff --git a/awx/main/management/commands/dump_auth_config.py b/awx/main/management/commands/dump_auth_config.py index ce8b778486e7..45afc9b41d41 100644 --- a/awx/main/management/commands/dump_auth_config.py +++ b/awx/main/management/commands/dump_auth_config.py @@ -2,10 +2,11 @@ import os import sys import re - from typing import Any + from django.core.management.base import BaseCommand from django.conf import settings + from awx.conf import settings_registry @@ -40,6 +41,15 @@ class Command(BaseCommand): "USER_SEARCH": False, } + def is_enabled(self, settings, keys): + missing_fields = [] + for key, required in keys.items(): + if required and not settings.get(key): + missing_fields.append(key) + if missing_fields: + return False, missing_fields + return True, None + def get_awx_ldap_settings(self) -> dict[str, dict[str, Any]]: awx_ldap_settings = {} @@ -64,14 +74,16 @@ def get_awx_ldap_settings(self) -> dict[str, dict[str, Any]]: if new_key == "SERVER_URI" and value: value = value.split(", ") + grouped_settings[index][new_key] = value - return grouped_settings + if type(value).__name__ == "LDAPSearch": + data = [] + data.append(value.base_dn) + data.append("SCOPE_SUBTREE") + data.append(value.filterstr) + grouped_settings[index][new_key] = data - def is_enabled(self, settings, keys): - for key, required in keys.items(): - if required and not settings.get(key): - return False - return True + return grouped_settings def get_awx_saml_settings(self) -> dict[str, Any]: awx_saml_settings = {} @@ -82,7 +94,7 @@ def get_awx_saml_settings(self) -> dict[str, Any]: def format_config_data(self, enabled, awx_settings, type, keys, name): config = { - "type": f"awx.authentication.authenticator_plugins.{type}", + "type": f"ansible_base.authentication.authenticator_plugins.{type}", "name": name, "enabled": enabled, "create_objects": True, @@ -130,7 +142,7 @@ def handle(self, *args, **options): # dump SAML settings awx_saml_settings = self.get_awx_saml_settings() - awx_saml_enabled = self.is_enabled(awx_saml_settings, self.DAB_SAML_AUTHENTICATOR_KEYS) + awx_saml_enabled, saml_missing_fields = self.is_enabled(awx_saml_settings, self.DAB_SAML_AUTHENTICATOR_KEYS) if awx_saml_enabled: awx_saml_name = awx_saml_settings["ENABLED_IDPS"] data.append( @@ -142,21 +154,25 @@ def handle(self, *args, **options): awx_saml_name, ) ) + else: + data.append({"SAML_missing_fields": saml_missing_fields}) # dump LDAP settings awx_ldap_group_settings = self.get_awx_ldap_settings() - for awx_ldap_name, awx_ldap_settings in enumerate(awx_ldap_group_settings.values()): - enabled = self.is_enabled(awx_ldap_settings, self.DAB_LDAP_AUTHENTICATOR_KEYS) - if enabled: + for awx_ldap_name, awx_ldap_settings in awx_ldap_group_settings.items(): + awx_ldap_enabled, ldap_missing_fields = self.is_enabled(awx_ldap_settings, self.DAB_LDAP_AUTHENTICATOR_KEYS) + if awx_ldap_enabled: data.append( self.format_config_data( - enabled, + awx_ldap_enabled, awx_ldap_settings, "ldap", self.DAB_LDAP_AUTHENTICATOR_KEYS, - str(awx_ldap_name), + f"LDAP_{awx_ldap_name}", ) ) + else: + data.append({f"LDAP_{awx_ldap_name}_missing_fields": ldap_missing_fields}) # write to file if requested if options["output_file"]: diff --git a/awx/main/tests/unit/commands/test_dump_auth_config.py b/awx/main/tests/unit/commands/test_dump_auth_config.py index 96f6aeb865cb..48024ff5e425 100644 --- a/awx/main/tests/unit/commands/test_dump_auth_config.py +++ b/awx/main/tests/unit/commands/test_dump_auth_config.py @@ -52,7 +52,7 @@ def setUp(self): super().setUp() self.expected_config = [ { - "type": "awx.authentication.authenticator_plugins.saml", + "type": "ansible_base.authentication.authenticator_plugins.saml", "name": "Keycloak", "enabled": True, "create_objects": True, @@ -94,14 +94,14 @@ def setUp(self): }, }, { - "type": "awx.authentication.authenticator_plugins.ldap", - "name": "1", + "type": "ansible_base.authentication.authenticator_plugins.ldap", + "name": "LDAP_1", "enabled": True, "create_objects": True, "users_unique": False, "remove_users": True, "configuration": { - "SERVER_URI": "SERVER_URI", + "SERVER_URI": ["SERVER_URI"], "BIND_DN": "BIND_DN", "BIND_PASSWORD": "BIND_PASSWORD", "CONNECTION_OPTIONS": {}, @@ -119,4 +119,14 @@ def setUp(self): def test_json_returned_from_cmd(self): output = StringIO() call_command("dump_auth_config", stdout=output) - assert json.loads(output.getvalue()) == self.expected_config + cmmd_output = json.loads(output.getvalue()) + + # check configured SAML return + assert cmmd_output[0] == self.expected_config[0] + + # check configured LDAP return + assert cmmd_output[2] == self.expected_config[1] + + # check unconfigured LDAP return + assert "LDAP_0_missing_fields" in cmmd_output[1] + assert cmmd_output[1]["LDAP_0_missing_fields"] == ['SERVER_URI', 'GROUP_TYPE', 'GROUP_TYPE_PARAMS', 'USER_DN_TEMPLATE', 'USER_ATTR_MAP']