Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove oauth provider #15588

Open
wants to merge 6 commits into
base: devel
Choose a base branch
from
Open

Remove oauth provider #15588

wants to merge 6 commits into from

Conversation

gravesm
Copy link
Member

@gravesm gravesm commented Oct 17, 2024

SUMMARY

This removes the oauth provider functionality from awx. The oauth2_provider app and all references to it have been removed. Migrations to delete the two tables that locally overwrote oauth2_provider tables are included. This change does not include migrations to delete the tables provided by the oauth2_provider app.

ISSUE TYPE
  • Breaking Change
COMPONENT NAME
  • API
  • Docs
AWX VERSION
ADDITIONAL INFORMATION

@adrisala
Copy link

Shouldn't we also modify references of OAuth usage inside the awx_collection directory? The default login method for the collections right now seems to be OAuth.
cc @tvo318
https://github.com/ansible/awx/blob/devel/awx_collection/README.md#running
https://github.com/ansible/awx/blob/devel/awx_collection/TESTING.md

@gravesm
Copy link
Member Author

gravesm commented Oct 21, 2024

Shouldn't we also modify references of OAuth usage inside the awx_collection directory? The default login method for the collections right now seems to be OAuth.

Docs will definitely need to be changed. #15554 should have fixed the collection to allow basic auth. I'm still working through test failures, though, so there may be further changes needed.

@tvo318
Copy link
Member

tvo318 commented Oct 21, 2024

@adrisala @gravesm Yes I agree, the docs in the awx_collection need to be updated as well. Thanks for working on this!

@github-actions github-actions bot added component:awx_collection issues related to the collection for controlling AWX component:cli labels Oct 24, 2024
@adrisala adrisala self-assigned this Nov 12, 2024
@adrisala adrisala force-pushed the remove-oauth-provider branch 4 times, most recently from b1f2579 to 8d91fe6 Compare November 18, 2024 08:11
@PabloHiro PabloHiro mentioned this pull request Nov 18, 2024
Merged
@chrismeyersfsu
Copy link
Member

I reviewed with an eye towards migrations. If we missed some code to delete or deleted too much we can fix that easily. An error is in the data is harder to retroactivity fix.

I found changes in the activity stream entries. I don't think I care.

Activity Stream

Steps to Recreate

  • docker volume rm tools_awx_db_15 <-- blow away your db and start the dev env from the devel branch
  • Make an application via the API
  • Make a token for the application ^^
  • Edit the token
  • Edit the application
  • now swap to this branch and start the dev env (this will run the migrations)
  • You now have some activity stream entries

I'll note how those activity stream entries change because of this PR.

App Creation - Before 
{
    "id": 21,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/21/](http://localhost:8013/api/v2/activity_stream/21/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)",
        "o_auth2_application": [
            "[/api/v2/applications/1/](http://localhost:8013/api/v2/applications/1/)"
        ]
    },
    "summary_fields": {
        "o_auth2_application": [
            {
                "id": 1,
                "name": "cmeyers app",
                "description": ""
            }
        ],
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:17:56.321841Z",
    "operation": "create",
    "changes": {
        "name": "cmeyers app",
        "description": "",
        "client_type": "public",
        "redirect_uris": "",
        "authorization_grant_type": "password",
        "skip_authorization": false,
        "organization": "Default-1",
        "id": 1
    },
    "object1": "o_auth2_application",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
App Creation - After 
{
    "id": 21,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/21/](http://localhost:8013/api/v2/activity_stream/21/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)"
    },
    "summary_fields": {
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:17:56.321841Z",
    "operation": "create",
    "changes": {
        "name": "cmeyers app",
        "description": "",
        "client_type": "public",
        "redirect_uris": "",
        "authorization_grant_type": "password",
        "skip_authorization": false,
        "organization": "Default-1",
        "id": 1
    },
    "object1": "o_auth2_application",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
Token Creation - Before 
{
    "id": 22,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/22/](http://localhost:8013/api/v2/activity_stream/22/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)",
        "o_auth2_access_token": [
            "[/api/v2/tokens/1/](http://localhost:8013/api/v2/tokens/1/)"
        ]
    },
    "summary_fields": {
        "o_auth2_access_token": [
            {
                "id": 1,
                "user_id": 1,
                "description": "hello world 2",
                "application_id": 1,
                "scope": "read"
            }
        ],
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:18:22.438100Z",
    "operation": "create",
    "changes": {
        "description": "hello world",
        "application": "cmeyers app",
        "scope": "write",
        "id": 1,
        "token": "************"
    },
    "object1": "o_auth2_access_token",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
Token Creation - After 
{
    "id": 22,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/22/](http://localhost:8013/api/v2/activity_stream/22/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)"
    },
    "summary_fields": {
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:18:22.438100Z",
    "operation": "create",
    "changes": {
        "description": "hello world",
        "application": "cmeyers app",
        "scope": "write",
        "id": 1,
        "token": "************"
    },
    "object1": "o_auth2_access_token",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
Application Edit - Before 
{
    "id": 23,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/23/](http://localhost:8013/api/v2/activity_stream/23/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)",
        "o_auth2_access_token": [
            "[/api/v2/tokens/1/](http://localhost:8013/api/v2/tokens/1/)"
        ]
    },
    "summary_fields": {
        "o_auth2_access_token": [
            {
                "id": 1,
                "user_id": 1,
                "description": "hello world 2",
                "application_id": 1,
                "scope": "read"
            }
        ],
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:18:32.145751Z",
    "operation": "update",
    "changes": {
        "description": [
            "hello world",
            "hello world 2"
        ],
        "scope": [
            "write",
            "read"
        ]
    },
    "object1": "o_auth2_access_token",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
Application Edit - After 
{
    "id": 23,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/23/](http://localhost:8013/api/v2/activity_stream/23/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)"
    },
    "summary_fields": {
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:18:32.145751Z",
    "operation": "update",
    "changes": {
        "description": [
            "hello world",
            "hello world 2"
        ],
        "scope": [
            "write",
            "read"
        ]
    },
    "object1": "o_auth2_access_token",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}

Token edit before/after is also effected in the same way.

Thoughts

The migrations in this PR change the activity stream entries. Specifically, the deletion of the application and/or token can cause the summary_fields section to change.

We recommend that customers and users hook up external logging to their splunk/grafana-thing/elk to track these sorts of things long-term, so I guess it's OK that our activity stream entries change.

@AlanCoding
Copy link
Member

Unblocked now, because #15647 is merged

@gravesm @adrisala
Remove oauth provider
8d6a1b1 
This removes the oauth provider functionality from awx. The
oauth2_provider app and all references to it have been removed.
Migrations to delete the two tables that locally overwrote
oauth2_provider tables are included. This change does not include
migrations to delete the tables provided by the oauth2_provider app.

Also not included here are changes to awxkit, awx_collection or the ui.
@gravesm @adrisala
Fix docs build
d742d83
@gravesm @adrisala
Fix linters
eac83ba
@gravesm @adrisala
Update migrations after rebase
d0acf47
@gravesm @adrisala
Update collection tests for auth changes
594445c 
The changes in ansible#15554 will cause a
few collection tests to fail, depending on what the test configuration
is. This changes the tests to look for a specific warning rather than
counting the number of warnings emitted.
@gravesm @adrisala
Update migration
0341aba
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 20, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

AlanCoding
AlanCoding reviewed Nov 21, 2024
View reviewed changes
awx/main/migrations/0199_alter_oauth2application_unique_together_and_more.py
@@ -0,0 +1,39 @@
# Generated by Django 4.2.10 on 2024-10-24 14:06
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This migration file should be renamed to the obvious like "remove oauth2 models"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlanCoding AlanCoding AlanCoding left review comments

@chrismeyersfsu chrismeyersfsu chrismeyersfsu approved these changes

Assignees

@adrisala adrisala

Labels
component:api component:awx_collection issues related to the collection for controlling AWX component:docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@gravesm @adrisala @tvo318 @chrismeyersfsu @AlanCoding