mirror of
https://github.com/ansible/awx.git
synced 2024-11-01 08:21:15 +03:00
Merge pull request #3233 from ryanpetrello/F405
remove usage of import * and enforce F405 in our linter Reviewed-by: https://github.com/softwarefactory-project-zuul[bot]
This commit is contained in:
softwarefactory-project-zuul[bot]
GitHub
commit
80cf154fb7
@ -33,9 +33,17 @@ from rest_framework.negotiation import DefaultContentNegotiation
|
||||
|
||||
# AWX
|
||||
from awx.api.filters import FieldLookupBackend
|
||||
from awx.main.models import * # noqa
|
||||
from awx.main.models import (
|
||||
UnifiedJob, UnifiedJobTemplate, User, Role
|
||||
)
|
||||
from awx.main.access import access_registry
|
||||
from awx.main.utils import * # noqa
|
||||
from awx.main.utils import (
|
||||
camelcase_to_underscore,
|
||||
get_search_fields,
|
||||
getattrd,
|
||||
get_object_or_400,
|
||||
decrypt_field
|
||||
)
|
||||
from awx.main.utils.db import get_all_field_names
|
||||
from awx.api.serializers import ResourceAccessListElementSerializer, CopySerializer, UserSerializer
|
||||
from awx.api.versioning import URLPathVersioning, get_request_version
|
||||
|
||||
@ -9,8 +9,8 @@ from rest_framework.exceptions import MethodNotAllowed, PermissionDenied
|
||||
from rest_framework import permissions
|
||||
|
||||
# AWX
|
||||
from awx.main.access import * # noqa
|
||||
from awx.main.models import * # noqa
|
||||
from awx.main.access import check_user_access
|
||||
from awx.main.models import Inventory, UnifiedJob
|
||||
from awx.main.utils import get_object_or_400
|
||||
|
||||
logger = logging.getLogger('awx.api.permissions')
|
||||
|
||||
@ -45,8 +45,22 @@ from awx.main.constants import (
|
||||
ACTIVE_STATES,
|
||||
CENSOR_VALUE,
|
||||
)
|
||||
from awx.main.models import * # noqa
|
||||
from awx.main.models.base import NEW_JOB_TYPE_CHOICES
|
||||
from awx.main.models import (
|
||||
ActivityStream, AdHocCommand, AdHocCommandEvent, Credential,
|
||||
CredentialType, CustomInventoryScript, Fact, Group, Host, Instance,
|
||||
InstanceGroup, Inventory, InventorySource, InventoryUpdate,
|
||||
InventoryUpdateEvent, Job, JobEvent, JobHostSummary, JobLaunchConfig,
|
||||
JobTemplate, Label, Notification, NotificationTemplate, OAuth2AccessToken,
|
||||
OAuth2Application, Organization, Project, ProjectUpdate,
|
||||
ProjectUpdateEvent, RefreshToken, Role, Schedule, SystemJob,
|
||||
SystemJobEvent, SystemJobTemplate, Team, UnifiedJob, UnifiedJobTemplate,
|
||||
UserSessionMembership, V1Credential, WorkflowJob, WorkflowJobNode,
|
||||
WorkflowJobTemplate, WorkflowJobTemplateNode, StdoutMaxBytesExceeded
|
||||
)
|
||||
from awx.main.models.base import VERBOSITY_CHOICES, NEW_JOB_TYPE_CHOICES
|
||||
from awx.main.models.rbac import (
|
||||
get_roles_on_resource, role_summary_fields_generator
|
||||
)
|
||||
from awx.main.fields import ImplicitRoleField, JSONBField
|
||||
from awx.main.utils import (
|
||||
get_type_for_model, get_model_for_type, timestamp_apiformat,
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -8,7 +8,10 @@ from django.core.validators import URLValidator
|
||||
from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
# Django REST Framework
|
||||
from rest_framework.fields import * # noqa
|
||||
from rest_framework.fields import ( # noqa
|
||||
BooleanField, CharField, ChoiceField, DictField, EmailField, IntegerField,
|
||||
ListField, NullBooleanField
|
||||
)
|
||||
|
||||
logger = logging.getLogger('awx.conf.fields')
|
||||
|
||||
|
||||
@ -17,10 +17,15 @@ from rest_framework import serializers
|
||||
from rest_framework import status
|
||||
|
||||
# Tower
|
||||
from awx.api.generics import * # noqa
|
||||
from awx.api.generics import (
|
||||
APIView,
|
||||
GenericAPIView,
|
||||
ListAPIView,
|
||||
RetrieveUpdateDestroyAPIView,
|
||||
)
|
||||
from awx.api.permissions import IsSuperUser
|
||||
from awx.api.versioning import reverse, get_request_version
|
||||
from awx.main.utils import * # noqa
|
||||
from awx.main.utils import camelcase_to_underscore
|
||||
from awx.main.utils.handlers import AWXProxyHandler, LoggingConnectivityException
|
||||
from awx.main.tasks import handle_setting_changes
|
||||
from awx.conf.license import get_licensed_features
|
||||
|
||||
@ -28,7 +28,17 @@ from awx.main.utils import (
|
||||
to_python_boolean,
|
||||
get_licenser,
|
||||
)
|
||||
from awx.main.models import * # noqa
|
||||
from awx.main.models import (
|
||||
ActivityStream, AdHocCommand, AdHocCommandEvent, Credential, CredentialType,
|
||||
CustomInventoryScript, Group, Host, Instance, InstanceGroup, Inventory,
|
||||
InventorySource, InventoryUpdate, InventoryUpdateEvent, Job, JobEvent,
|
||||
JobHostSummary, JobLaunchConfig, JobTemplate, Label, Notification,
|
||||
NotificationTemplate, Organization, Project, ProjectUpdate,
|
||||
ProjectUpdateEvent, Role, Schedule, SystemJob, SystemJobEvent,
|
||||
SystemJobTemplate, Team, UnifiedJob, UnifiedJobTemplate, WorkflowJob,
|
||||
WorkflowJobNode, WorkflowJobTemplate, WorkflowJobTemplateNode,
|
||||
ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, ROLE_SINGLETON_SYSTEM_AUDITOR
|
||||
)
|
||||
from awx.main.models.mixins import ResourceMixin
|
||||
|
||||
from awx.conf.license import LicenseForbids, feature_enabled
|
||||
@ -434,12 +444,16 @@ class InstanceAccess(BaseAccess):
|
||||
skip_sub_obj_read_check=False):
|
||||
if relationship == 'rampart_groups' and isinstance(sub_obj, InstanceGroup):
|
||||
return self.user.is_superuser
|
||||
return super(InstanceAccess, self).can_attach(obj, sub_obj, relationship, *args, **kwargs)
|
||||
return super(InstanceAccess, self).can_attach(
|
||||
obj, sub_obj, relationship, data, skip_sub_obj_read_check=skip_sub_obj_read_check
|
||||
)
|
||||
|
||||
def can_unattach(self, obj, sub_obj, relationship, data=None):
|
||||
if relationship == 'rampart_groups' and isinstance(sub_obj, InstanceGroup):
|
||||
return self.user.is_superuser
|
||||
return super(InstanceAccess, self).can_unattach(obj, sub_obj, relationship, *args, **kwargs)
|
||||
return super(InstanceAccess, self).can_unattach(
|
||||
obj, sub_obj, relationship, relationship, data=data
|
||||
)
|
||||
|
||||
def can_add(self, data):
|
||||
return False
|
||||
@ -1341,7 +1355,7 @@ class JobTemplateAccess(BaseAccess):
|
||||
'''
|
||||
|
||||
# obj.credentials.all() is accessible ONLY when object is saved (has valid id)
|
||||
credential_manager = getattr(obj, 'credentials', None) if getattr(obj, 'id', False) else Credentials.objects.none()
|
||||
credential_manager = getattr(obj, 'credentials', None) if getattr(obj, 'id', False) else Credential.objects.none()
|
||||
return reduce(lambda prev, cred: prev and self.user in cred.use_role, credential_manager.all(), True)
|
||||
|
||||
def can_start(self, obj, validate_license=True):
|
||||
@ -1850,7 +1864,6 @@ class WorkflowJobTemplateAccess(BaseAccess):
|
||||
qs = obj.workflow_job_template_nodes
|
||||
qs = qs.prefetch_related('unified_job_template', 'inventory__use_role', 'credentials__use_role')
|
||||
for node in qs.all():
|
||||
node_errors = {}
|
||||
if node.inventory and self.user not in node.inventory.use_role:
|
||||
missing_inventories.append(node.inventory.name)
|
||||
for cred in node.credentials.all():
|
||||
@ -1859,8 +1872,6 @@ class WorkflowJobTemplateAccess(BaseAccess):
|
||||
ujt = node.unified_job_template
|
||||
if ujt and not self.user.can_access(UnifiedJobTemplate, 'start', ujt, validate_license=False):
|
||||
missing_ujt.append(ujt.name)
|
||||
if node_errors:
|
||||
wfjt_errors[node.id] = node_errors
|
||||
if missing_ujt:
|
||||
self.messages['templates_unable_to_copy'] = missing_ujt
|
||||
if missing_credentials:
|
||||
|
||||
@ -6,27 +6,60 @@ from django.conf import settings # noqa
|
||||
from django.db.models.signals import pre_delete # noqa
|
||||
|
||||
# AWX
|
||||
from awx.main.models.base import * # noqa
|
||||
from awx.main.models.unified_jobs import * # noqa
|
||||
from awx.main.models.organization import * # noqa
|
||||
from awx.main.models.credential import * # noqa
|
||||
from awx.main.models.projects import * # noqa
|
||||
from awx.main.models.inventory import * # noqa
|
||||
from awx.main.models.jobs import * # noqa
|
||||
from awx.main.models.events import * # noqa
|
||||
from awx.main.models.ad_hoc_commands import * # noqa
|
||||
from awx.main.models.schedules import * # noqa
|
||||
from awx.main.models.activity_stream import * # noqa
|
||||
from awx.main.models.ha import * # noqa
|
||||
from awx.main.models.rbac import * # noqa
|
||||
from awx.main.models.mixins import * # noqa
|
||||
from awx.main.models.notifications import * # noqa
|
||||
from awx.main.models.fact import * # noqa
|
||||
from awx.main.models.label import * # noqa
|
||||
from awx.main.models.workflow import * # noqa
|
||||
from awx.main.models.channels import * # noqa
|
||||
from awx.main.models.base import ( # noqa
|
||||
BaseModel, prevent_search, CLOUD_INVENTORY_SOURCES, VERBOSITY_CHOICES
|
||||
)
|
||||
from awx.main.models.unified_jobs import ( # noqa
|
||||
UnifiedJob, UnifiedJobTemplate, StdoutMaxBytesExceeded
|
||||
)
|
||||
from awx.main.models.organization import ( # noqa
|
||||
Organization, Profile, Team, UserSessionMembership
|
||||
)
|
||||
from awx.main.models.credential import ( # noqa
|
||||
Credential, CredentialType, V1Credential, build_safe_env
|
||||
)
|
||||
from awx.main.models.projects import Project, ProjectUpdate # noqa
|
||||
from awx.main.models.inventory import ( # noqa
|
||||
CustomInventoryScript, Group, Host, Inventory, InventorySource,
|
||||
InventoryUpdate, SmartInventoryMembership
|
||||
)
|
||||
from awx.main.models.jobs import ( # noqa
|
||||
Job, JobHostSummary, JobLaunchConfig, JobTemplate, SystemJob,
|
||||
SystemJobTemplate,
|
||||
)
|
||||
from awx.main.models.events import ( # noqa
|
||||
AdHocCommandEvent, InventoryUpdateEvent, JobEvent, ProjectUpdateEvent,
|
||||
SystemJobEvent,
|
||||
)
|
||||
from awx.main.models.ad_hoc_commands import AdHocCommand # noqa
|
||||
from awx.main.models.schedules import Schedule # noqa
|
||||
from awx.main.models.activity_stream import ActivityStream # noqa
|
||||
from awx.main.models.ha import ( # noqa
|
||||
Instance, InstanceGroup, JobOrigin, TowerScheduleState,
|
||||
)
|
||||
from awx.main.models.rbac import ( # noqa
|
||||
Role, batch_role_ancestor_rebuilding, get_roles_on_resource,
|
||||
role_summary_fields_generator, ROLE_SINGLETON_SYSTEM_ADMINISTRATOR,
|
||||
ROLE_SINGLETON_SYSTEM_AUDITOR,
|
||||
)
|
||||
from awx.main.models.mixins import ( # noqa
|
||||
CustomVirtualEnvMixin, ResourceMixin, SurveyJobMixin,
|
||||
SurveyJobTemplateMixin, TaskManagerInventoryUpdateMixin,
|
||||
TaskManagerJobMixin, TaskManagerProjectUpdateMixin,
|
||||
TaskManagerUnifiedJobMixin,
|
||||
)
|
||||
from awx.main.models.notifications import Notification, NotificationTemplate # noqa
|
||||
from awx.main.models.fact import Fact # noqa
|
||||
from awx.main.models.label import Label # noqa
|
||||
from awx.main.models.workflow import ( # noqa
|
||||
WorkflowJob, WorkflowJobNode, WorkflowJobOptions, WorkflowJobTemplate,
|
||||
WorkflowJobTemplateNode,
|
||||
)
|
||||
from awx.main.models.channels import ChannelGroup # noqa
|
||||
from awx.api.versioning import reverse
|
||||
from awx.main.models.oauth import * # noqa
|
||||
from awx.main.models.oauth import ( # noqa
|
||||
OAuth2AccessToken, OAuth2Application
|
||||
)
|
||||
from oauth2_provider.models import Grant, RefreshToken # noqa -- needed django-oauth-toolkit model migrations
|
||||
|
||||
|
||||
@ -50,7 +83,10 @@ _PythonSerializer.handle_m2m_field = _new_handle_m2m_field
|
||||
|
||||
# Add custom methods to User model for permissions checks.
|
||||
from django.contrib.auth.models import User # noqa
|
||||
from awx.main.access import * # noqa
|
||||
from awx.main.access import ( # noqa
|
||||
get_user_queryset, check_user_access, check_user_access_with_errors,
|
||||
user_accessible_objects
|
||||
)
|
||||
|
||||
|
||||
User.add_to_class('get_queryset', get_user_queryset)
|
||||
|
||||
@ -30,7 +30,14 @@ from crum.signals import current_user_getter
|
||||
|
||||
|
||||
# AWX
|
||||
from awx.main.models import * # noqa
|
||||
from awx.main.models import (
|
||||
ActivityStream, AdHocCommandEvent, Group, Host, InstanceGroup, Inventory,
|
||||
InventorySource, InventoryUpdateEvent, Job, JobEvent, JobHostSummary,
|
||||
JobTemplate, OAuth2AccessToken, Organization, Project, ProjectUpdateEvent,
|
||||
Role, SystemJob, SystemJobEvent, SystemJobTemplate, UnifiedJob,
|
||||
UnifiedJobTemplate, User, UserSessionMembership,
|
||||
ROLE_SINGLETON_SYSTEM_ADMINISTRATOR
|
||||
)
|
||||
from awx.main.constants import CENSOR_VALUE
|
||||
from awx.main.utils import model_instance_diff, model_to_dict, camelcase_to_underscore, get_current_apps
|
||||
from awx.main.utils import ignore_inventory_computed_fields, ignore_inventory_group_removal, _inventory_updates
|
||||
|
||||
@ -10,7 +10,7 @@ import pytest
|
||||
from unittest import mock
|
||||
|
||||
# AWX
|
||||
from awx.main.models import * # noqa
|
||||
from awx.main.models import ProjectUpdate
|
||||
from awx.api.versioning import reverse
|
||||
|
||||
|
||||
|
||||
@ -1,10 +1,15 @@
|
||||
import pytest
|
||||
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
from django.conf import settings
|
||||
|
||||
from awx.api.versioning import reverse
|
||||
from awx.main.middleware import URLModificationMiddleware
|
||||
from awx.main.models import * # noqa
|
||||
from awx.main.models import ( # noqa
|
||||
Credential, CustomInventoryScript, Group, Host, Instance, InstanceGroup,
|
||||
Inventory, InventorySource, JobTemplate, NotificationTemplate,
|
||||
Organization, Project, User, WorkflowJobTemplate,
|
||||
)
|
||||
from awx.conf import settings_registry
|
||||
|
||||
|
||||
|
||||
@ -113,7 +113,7 @@ class TestInventoryInventorySourcesUpdate:
|
||||
|
||||
with mocker.patch.object(InventoryInventorySourcesUpdate, 'get_object', return_value=obj):
|
||||
with mocker.patch.object(InventoryInventorySourcesUpdate, 'get_serializer_context', return_value=None):
|
||||
with mocker.patch('awx.api.views.InventoryUpdateDetailSerializer') as serializer_class:
|
||||
with mocker.patch('awx.api.serializers.InventoryUpdateDetailSerializer') as serializer_class:
|
||||
serializer = serializer_class.return_value
|
||||
serializer.to_representation.return_value = {}
|
||||
|
||||
|
||||
@ -3,4 +3,7 @@
|
||||
|
||||
# AWX
|
||||
from awx.main.utils.common import * # noqa
|
||||
from awx.main.utils.encryption import * # noqa
|
||||
from awx.main.utils.encryption import ( # noqa
|
||||
get_encryption_key, encrypt_field, decrypt_field, encrypt_value,
|
||||
decrypt_value, encrypt_dict,
|
||||
)
|
||||
|
||||
@ -101,7 +101,7 @@ EXAMPLES = '''
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
module = AnsibleModule( # noqa
|
||||
argument_spec = dict(paths=dict(required=True, type='list'),
|
||||
recursive=dict(required=False, default='no', type='bool'),
|
||||
get_checksum=dict(required=False, default='no', type='bool')))
|
||||
|
||||
@ -47,7 +47,7 @@ def get_system_id(filname):
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
module = AnsibleModule( # noqa
|
||||
argument_spec = dict()
|
||||
)
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@ def deb_package_list():
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
module = AnsibleModule( # noqa
|
||||
argument_spec = dict(os_family=dict(required=True))
|
||||
)
|
||||
ans_os = module.params['os_family']
|
||||
|
||||
@ -167,7 +167,7 @@ class SystemctlScanService(BaseService):
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(argument_spec = dict())
|
||||
module = AnsibleModule(argument_spec = dict()) # noqa
|
||||
service_modules = (ServiceScanService, SystemctlScanService)
|
||||
all_services = {}
|
||||
incomplete_warning = False
|
||||
|
||||
@ -44,13 +44,13 @@ SHELL_PLUS_PRINT_SQL = False
|
||||
|
||||
# show colored logs in the dev environment
|
||||
# to disable this, set `COLOR_LOGS = False` in awx/settings/local_settings.py
|
||||
LOGGING['handlers']['console']['()'] = 'awx.main.utils.handlers.ColorHandler'
|
||||
LOGGING['handlers']['console']['()'] = 'awx.main.utils.handlers.ColorHandler' # noqa
|
||||
# task system does not propagate to AWX, so color log these too
|
||||
LOGGING['handlers']['task_system'] = LOGGING['handlers']['console'].copy()
|
||||
LOGGING['handlers']['task_system'] = LOGGING['handlers']['console'].copy() # noqa
|
||||
COLOR_LOGS = True
|
||||
|
||||
# Pipe management playbook output to console
|
||||
LOGGING['loggers']['awx.isolated.manager.playbooks']['propagate'] = True
|
||||
LOGGING['loggers']['awx.isolated.manager.playbooks']['propagate'] = True # noqa
|
||||
|
||||
ALLOWED_HOSTS = ['*']
|
||||
|
||||
@ -92,7 +92,7 @@ PENDO_TRACKING_STATE = "off"
|
||||
# Use Django-Jenkins if installed. Only run tests for awx.main app.
|
||||
try:
|
||||
import django_jenkins
|
||||
INSTALLED_APPS += (django_jenkins.__name__,)
|
||||
INSTALLED_APPS += (django_jenkins.__name__,) # noqa
|
||||
PROJECT_APPS = ('awx.main.tests', 'awx.api.tests',)
|
||||
except ImportError:
|
||||
pass
|
||||
|
||||
@ -52,14 +52,14 @@ AWX_VENV_PATH = os.path.join(BASE_VENV_PATH, "awx")
|
||||
|
||||
AWX_ISOLATED_USERNAME = 'awx'
|
||||
|
||||
LOGGING['handlers']['tower_warnings']['filename'] = '/var/log/tower/tower.log'
|
||||
LOGGING['handlers']['callback_receiver']['filename'] = '/var/log/tower/callback_receiver.log'
|
||||
LOGGING['handlers']['dispatcher']['filename'] = '/var/log/tower/dispatcher.log'
|
||||
LOGGING['handlers']['task_system']['filename'] = '/var/log/tower/task_system.log'
|
||||
LOGGING['handlers']['fact_receiver']['filename'] = '/var/log/tower/fact_receiver.log'
|
||||
LOGGING['handlers']['management_playbooks']['filename'] = '/var/log/tower/management_playbooks.log'
|
||||
LOGGING['handlers']['system_tracking_migrations']['filename'] = '/var/log/tower/tower_system_tracking_migrations.log'
|
||||
LOGGING['handlers']['rbac_migrations']['filename'] = '/var/log/tower/tower_rbac_migrations.log'
|
||||
LOGGING['handlers']['tower_warnings']['filename'] = '/var/log/tower/tower.log' # noqa
|
||||
LOGGING['handlers']['callback_receiver']['filename'] = '/var/log/tower/callback_receiver.log' # noqa
|
||||
LOGGING['handlers']['dispatcher']['filename'] = '/var/log/tower/dispatcher.log' # noqa
|
||||
LOGGING['handlers']['task_system']['filename'] = '/var/log/tower/task_system.log' # noqa
|
||||
LOGGING['handlers']['fact_receiver']['filename'] = '/var/log/tower/fact_receiver.log' # noqa
|
||||
LOGGING['handlers']['management_playbooks']['filename'] = '/var/log/tower/management_playbooks.log' # noqa
|
||||
LOGGING['handlers']['system_tracking_migrations']['filename'] = '/var/log/tower/tower_system_tracking_migrations.log' # noqa
|
||||
LOGGING['handlers']['rbac_migrations']['filename'] = '/var/log/tower/tower_rbac_migrations.log' # noqa
|
||||
|
||||
# Store a snapshot of default settings at this point before loading any
|
||||
# customizable config files.
|
||||
|
||||
@ -11,10 +11,21 @@ from django.utils.translation import ugettext_lazy as _
|
||||
from rest_framework import serializers
|
||||
|
||||
# Tower
|
||||
from awx.conf import register, register_validate
|
||||
from awx.sso import fields
|
||||
from awx.conf import register, register_validate, fields
|
||||
from awx.sso.fields import (
|
||||
AuthenticationBackendsField, LDAPConnectionOptionsField, LDAPDNField,
|
||||
LDAPDNWithUserField, LDAPGroupTypeField, LDAPGroupTypeParamsField,
|
||||
LDAPOrganizationMapField, LDAPSearchField, LDAPSearchUnionField,
|
||||
LDAPServerURIField, LDAPTeamMapField, LDAPUserAttrMapField,
|
||||
LDAPUserFlagsField, SAMLContactField, SAMLEnabledIdPsField,
|
||||
SAMLOrgAttrField, SAMLOrgInfoField, SAMLSecurityField, SAMLTeamAttrField,
|
||||
SocialOrganizationMapField, SocialTeamMapField,
|
||||
)
|
||||
from awx.main.validators import validate_private_key, validate_certificate
|
||||
from awx.sso.validators import * # noqa
|
||||
from awx.sso.validators import ( # noqa
|
||||
validate_ldap_bind_dn,
|
||||
validate_tacacsplus_disallow_nonascii,
|
||||
)
|
||||
|
||||
|
||||
class SocialAuthCallbackURL(object):
|
||||
@ -76,19 +87,19 @@ SOCIAL_AUTH_TEAM_MAP_PLACEHOLDER = collections.OrderedDict([
|
||||
|
||||
register(
|
||||
'AUTHENTICATION_BACKENDS',
|
||||
field_class=fields.AuthenticationBackendsField,
|
||||
field_class=AuthenticationBackendsField,
|
||||
label=_('Authentication Backends'),
|
||||
help_text=_('List of authentication backends that are enabled based on '
|
||||
'license features and other authentication settings.'),
|
||||
read_only=True,
|
||||
depends_on=fields.AuthenticationBackendsField.get_all_required_settings(),
|
||||
depends_on=AuthenticationBackendsField.get_all_required_settings(),
|
||||
category=_('Authentication'),
|
||||
category_slug='authentication',
|
||||
)
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_ORGANIZATION_MAP',
|
||||
field_class=fields.SocialOrganizationMapField,
|
||||
field_class=SocialOrganizationMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('Social Auth Organization Map'),
|
||||
@ -100,7 +111,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_TEAM_MAP',
|
||||
field_class=fields.SocialTeamMapField,
|
||||
field_class=SocialTeamMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('Social Auth Team Map'),
|
||||
@ -135,7 +146,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_SERVER_URI'.format(append_str),
|
||||
field_class=fields.LDAPServerURIField,
|
||||
field_class=LDAPServerURIField,
|
||||
allow_blank=True,
|
||||
default='',
|
||||
label=_('LDAP Server URI'),
|
||||
@ -190,7 +201,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_CONNECTION_OPTIONS'.format(append_str),
|
||||
field_class=fields.LDAPConnectionOptionsField,
|
||||
field_class=LDAPConnectionOptionsField,
|
||||
default={'OPT_REFERRALS': 0, 'OPT_NETWORK_TIMEOUT': 30},
|
||||
label=_('LDAP Connection Options'),
|
||||
help_text=_('Additional options to set for the LDAP connection. LDAP '
|
||||
@ -210,7 +221,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_USER_SEARCH'.format(append_str),
|
||||
field_class=fields.LDAPSearchUnionField,
|
||||
field_class=LDAPSearchUnionField,
|
||||
default=[],
|
||||
label=_('LDAP User Search'),
|
||||
help_text=_('LDAP search query to find users. Any user that matches the given '
|
||||
@ -231,7 +242,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_USER_DN_TEMPLATE'.format(append_str),
|
||||
field_class=fields.LDAPDNWithUserField,
|
||||
field_class=LDAPDNWithUserField,
|
||||
allow_blank=True,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
@ -249,7 +260,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_USER_ATTR_MAP'.format(append_str),
|
||||
field_class=fields.LDAPUserAttrMapField,
|
||||
field_class=LDAPUserAttrMapField,
|
||||
default={},
|
||||
label=_('LDAP User Attribute Map'),
|
||||
help_text=_('Mapping of LDAP user schema to Tower API user attributes. The default'
|
||||
@ -268,7 +279,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_GROUP_SEARCH'.format(append_str),
|
||||
field_class=fields.LDAPSearchField,
|
||||
field_class=LDAPSearchField,
|
||||
default=[],
|
||||
label=_('LDAP Group Search'),
|
||||
help_text=_('Users are mapped to organizations based on their membership in LDAP'
|
||||
@ -286,7 +297,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_GROUP_TYPE'.format(append_str),
|
||||
field_class=fields.LDAPGroupTypeField,
|
||||
field_class=LDAPGroupTypeField,
|
||||
label=_('LDAP Group Type'),
|
||||
help_text=_('The group type may need to be changed based on the type of the '
|
||||
'LDAP server. Values are listed at: '
|
||||
@ -300,7 +311,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_GROUP_TYPE_PARAMS'.format(append_str),
|
||||
field_class=fields.LDAPGroupTypeParamsField,
|
||||
field_class=LDAPGroupTypeParamsField,
|
||||
label=_('LDAP Group Type Parameters'),
|
||||
help_text=_('Key value parameters to send the chosen group type init method.'),
|
||||
category=_('LDAP'),
|
||||
@ -320,7 +331,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_REQUIRE_GROUP'.format(append_str),
|
||||
field_class=fields.LDAPDNField,
|
||||
field_class=LDAPDNField,
|
||||
allow_blank=True,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
@ -337,7 +348,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_DENY_GROUP'.format(append_str),
|
||||
field_class=fields.LDAPDNField,
|
||||
field_class=LDAPDNField,
|
||||
allow_blank=True,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
@ -353,7 +364,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_USER_FLAGS_BY_GROUP'.format(append_str),
|
||||
field_class=fields.LDAPUserFlagsField,
|
||||
field_class=LDAPUserFlagsField,
|
||||
default={},
|
||||
label=_('LDAP User Flags By Group'),
|
||||
help_text=_('Retrieve users from a given group. At this time, superuser and system'
|
||||
@ -370,7 +381,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_ORGANIZATION_MAP'.format(append_str),
|
||||
field_class=fields.LDAPOrganizationMapField,
|
||||
field_class=LDAPOrganizationMapField,
|
||||
default={},
|
||||
label=_('LDAP Organization Map'),
|
||||
help_text=_('Mapping between organization admins/users and LDAP groups. This '
|
||||
@ -398,7 +409,7 @@ def _register_ldap(append=None):
|
||||
|
||||
register(
|
||||
'AUTH_LDAP{}_TEAM_MAP'.format(append_str),
|
||||
field_class=fields.LDAPTeamMapField,
|
||||
field_class=LDAPTeamMapField,
|
||||
default={},
|
||||
label=_('LDAP Team Map'),
|
||||
help_text=_('Mapping between team members (users) and LDAP groups. Configuration'
|
||||
@ -610,7 +621,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_GOOGLE_OAUTH2_ORGANIZATION_MAP',
|
||||
field_class=fields.SocialOrganizationMapField,
|
||||
field_class=SocialOrganizationMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('Google OAuth2 Organization Map'),
|
||||
@ -622,7 +633,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_GOOGLE_OAUTH2_TEAM_MAP',
|
||||
field_class=fields.SocialTeamMapField,
|
||||
field_class=SocialTeamMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('Google OAuth2 Team Map'),
|
||||
@ -675,7 +686,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_GITHUB_ORGANIZATION_MAP',
|
||||
field_class=fields.SocialOrganizationMapField,
|
||||
field_class=SocialOrganizationMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('GitHub OAuth2 Organization Map'),
|
||||
@ -687,7 +698,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_GITHUB_TEAM_MAP',
|
||||
field_class=fields.SocialTeamMapField,
|
||||
field_class=SocialTeamMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('GitHub OAuth2 Team Map'),
|
||||
@ -752,7 +763,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_GITHUB_ORG_ORGANIZATION_MAP',
|
||||
field_class=fields.SocialOrganizationMapField,
|
||||
field_class=SocialOrganizationMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('GitHub Organization OAuth2 Organization Map'),
|
||||
@ -764,7 +775,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP',
|
||||
field_class=fields.SocialTeamMapField,
|
||||
field_class=SocialTeamMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('GitHub Organization OAuth2 Team Map'),
|
||||
@ -830,7 +841,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_GITHUB_TEAM_ORGANIZATION_MAP',
|
||||
field_class=fields.SocialOrganizationMapField,
|
||||
field_class=SocialOrganizationMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('GitHub Team OAuth2 Organization Map'),
|
||||
@ -842,7 +853,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP',
|
||||
field_class=fields.SocialTeamMapField,
|
||||
field_class=SocialTeamMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('GitHub Team OAuth2 Team Map'),
|
||||
@ -895,7 +906,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_AZUREAD_OAUTH2_ORGANIZATION_MAP',
|
||||
field_class=fields.SocialOrganizationMapField,
|
||||
field_class=SocialOrganizationMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('Azure AD OAuth2 Organization Map'),
|
||||
@ -907,7 +918,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_AZUREAD_OAUTH2_TEAM_MAP',
|
||||
field_class=fields.SocialTeamMapField,
|
||||
field_class=SocialTeamMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('Azure AD OAuth2 Team Map'),
|
||||
@ -1004,7 +1015,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_ORG_INFO',
|
||||
field_class=fields.SAMLOrgInfoField,
|
||||
field_class=SAMLOrgInfoField,
|
||||
required=True,
|
||||
label=_('SAML Service Provider Organization Info'),
|
||||
help_text=_('Provide the URL, display name, and the name of your app. Refer to'
|
||||
@ -1023,7 +1034,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_TECHNICAL_CONTACT',
|
||||
field_class=fields.SAMLContactField,
|
||||
field_class=SAMLContactField,
|
||||
allow_blank=True,
|
||||
required=True,
|
||||
label=_('SAML Service Provider Technical Contact'),
|
||||
@ -1041,7 +1052,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_SUPPORT_CONTACT',
|
||||
field_class=fields.SAMLContactField,
|
||||
field_class=SAMLContactField,
|
||||
allow_blank=True,
|
||||
required=True,
|
||||
label=_('SAML Service Provider Support Contact'),
|
||||
@ -1059,7 +1070,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_ENABLED_IDPS',
|
||||
field_class=fields.SAMLEnabledIdPsField,
|
||||
field_class=SAMLEnabledIdPsField,
|
||||
default={},
|
||||
label=_('SAML Enabled Identity Providers'),
|
||||
help_text=_('Configure the Entity ID, SSO URL and certificate for each identity'
|
||||
@ -1096,7 +1107,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_SECURITY_CONFIG',
|
||||
field_class=fields.SAMLSecurityField,
|
||||
field_class=SAMLSecurityField,
|
||||
allow_null=True,
|
||||
default={'requestedAuthnContext': False},
|
||||
label=_('SAML Security Config'),
|
||||
@ -1161,7 +1172,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_ORGANIZATION_MAP',
|
||||
field_class=fields.SocialOrganizationMapField,
|
||||
field_class=SocialOrganizationMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('SAML Organization Map'),
|
||||
@ -1174,7 +1185,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_TEAM_MAP',
|
||||
field_class=fields.SocialTeamMapField,
|
||||
field_class=SocialTeamMapField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('SAML Team Map'),
|
||||
@ -1187,7 +1198,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_ORGANIZATION_ATTR',
|
||||
field_class=fields.SAMLOrgAttrField,
|
||||
field_class=SAMLOrgAttrField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('SAML Organization Attribute Mapping'),
|
||||
@ -1205,7 +1216,7 @@ register(
|
||||
|
||||
register(
|
||||
'SOCIAL_AUTH_SAML_TEAM_ATTR',
|
||||
field_class=fields.SAMLTeamAttrField,
|
||||
field_class=SAMLTeamAttrField,
|
||||
allow_null=True,
|
||||
default=None,
|
||||
label=_('SAML Team Attribute Mapping'),
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
import collections
|
||||
import inspect
|
||||
import json
|
||||
import re
|
||||
|
||||
# Python LDAP
|
||||
import ldap
|
||||
import awx
|
||||
@ -13,15 +18,23 @@ from django_auth_ldap.config import (
|
||||
LDAPSearchUnion,
|
||||
)
|
||||
|
||||
from rest_framework.fields import empty
|
||||
|
||||
# This must be imported so get_subclasses picks it up
|
||||
from awx.sso.ldap_group_types import PosixUIDGroupType # noqa
|
||||
|
||||
# Tower
|
||||
from awx.conf import fields
|
||||
from awx.conf.fields import * # noqa
|
||||
from awx.conf.license import feature_enabled
|
||||
from awx.main.validators import validate_certificate
|
||||
from awx.sso.validators import * # noqa
|
||||
from awx.sso.validators import ( # noqa
|
||||
validate_ldap_dn,
|
||||
validate_ldap_bind_dn,
|
||||
validate_ldap_dn_with_user,
|
||||
validate_ldap_filter,
|
||||
validate_ldap_filter_with_user,
|
||||
validate_tacacsplus_disallow_nonascii,
|
||||
)
|
||||
|
||||
|
||||
def get_subclasses(cls):
|
||||
|
||||
@ -6,7 +6,7 @@ from django.utils.translation import ugettext_lazy as _
|
||||
|
||||
# Tower
|
||||
from awx.conf import register, fields
|
||||
from awx.ui.fields import * # noqa
|
||||
from awx.ui.fields import PendoTrackingStateField, CustomLogoField # noqa
|
||||
|
||||
|
||||
register(
|
||||
|
||||
@ -17,5 +17,5 @@ exclude=.tox,venv,awx/lib/site-packages,awx/plugins/inventory/ec2.py,awx/plugins
|
||||
|
||||
[flake8]
|
||||
max-line-length=160
|
||||
ignore=E201,E203,E221,E225,E231,E241,E251,E261,E265,E303,W291,W391,W293,E731,F405,W504
|
||||
ignore=E201,E203,E221,E225,E231,E241,E251,E261,E265,E303,W291,W391,W293,E731,W504
|
||||
exclude=.tox,venv,awx/lib/site-packages,awx/plugins/inventory,awx/ui,awx/api/urls.py,awx/main/migrations,awx/main/tests/data,node_modules/,awx/projects/,tools/docker,awx/settings/local_*.py,installer/openshift/settings.py,build/,installer/
|
||||
|
||||
@ -38,7 +38,12 @@ django.setup() # noqa
|
||||
from django.db import transaction # noqa
|
||||
|
||||
# awx
|
||||
from awx.main.models import * # noqa
|
||||
from awx.main.models import ( # noqa
|
||||
Credential, CredentialType, Group, Host, Inventory, Job, JobEvent,
|
||||
JobHostSummary, JobTemplate, Label, Organization, PrimordialModel, Project,
|
||||
Team, User, WorkflowJobTemplate, WorkflowJobTemplateNode,
|
||||
batch_role_ancestor_rebuilding,
|
||||
)
|
||||
from awx.main.signals import ( # noqa
|
||||
disable_activity_stream,
|
||||
disable_computed_fields
|
||||
|
||||
Loading…
Reference in New Issue
Block a user