awx icon indicating copy to clipboard operation
awx copied to clipboard

Remove oauth provider

Open gravesm opened this issue 1 year ago • 1 comments

SUMMARY

This removes the oauth provider functionality from awx. The oauth2_provider app and all references to it have been removed. Migrations to delete the two tables that locally overwrote oauth2_provider tables are included. This change does not include migrations to delete the tables provided by the oauth2_provider app.

ISSUE TYPE
  • Breaking Change
COMPONENT NAME
  • API
  • Docs
AWX VERSION

ADDITIONAL INFORMATION

gravesm avatar Oct 17 '24 14:10 gravesm

Shouldn't we also modify references of OAuth usage inside the awx_collection directory? The default login method for the collections right now seems to be OAuth. cc @tvo318 https://github.com/ansible/awx/blob/devel/awx_collection/README.md#running https://github.com/ansible/awx/blob/devel/awx_collection/TESTING.md

adrisala avatar Oct 21 '24 10:10 adrisala

Shouldn't we also modify references of OAuth usage inside the awx_collection directory? The default login method for the collections right now seems to be OAuth.

Docs will definitely need to be changed. https://github.com/ansible/awx/pull/15554 should have fixed the collection to allow basic auth. I'm still working through test failures, though, so there may be further changes needed.

gravesm avatar Oct 21 '24 11:10 gravesm

@adrisala @gravesm Yes I agree, the docs in the awx_collection need to be updated as well. Thanks for working on this!

tvo318 avatar Oct 21 '24 12:10 tvo318

I reviewed with an eye towards migrations. If we missed some code to delete or deleted too much we can fix that easily. An error is in the data is harder to retroactivity fix.

I found changes in the activity stream entries. I don't think I care.

Activity Stream

Steps to Recreate

  • docker volume rm tools_awx_db_15 <-- blow away your db and start the dev env from the devel branch
  • Make an application via the API
  • Make a token for the application ^^
  • Edit the token
  • Edit the application
  • now swap to this branch and start the dev env (this will run the migrations)
  • You now have some activity stream entries

I'll note how those activity stream entries change because of this PR.

App Creation - Before
{
    "id": 21,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/21/](http://localhost:8013/api/v2/activity_stream/21/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)",
        "o_auth2_application": [
            "[/api/v2/applications/1/](http://localhost:8013/api/v2/applications/1/)"
        ]
    },
    "summary_fields": {
        "o_auth2_application": [
            {
                "id": 1,
                "name": "cmeyers app",
                "description": ""
            }
        ],
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:17:56.321841Z",
    "operation": "create",
    "changes": {
        "name": "cmeyers app",
        "description": "",
        "client_type": "public",
        "redirect_uris": "",
        "authorization_grant_type": "password",
        "skip_authorization": false,
        "organization": "Default-1",
        "id": 1
    },
    "object1": "o_auth2_application",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
App Creation - After
{
    "id": 21,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/21/](http://localhost:8013/api/v2/activity_stream/21/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)"
    },
    "summary_fields": {
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:17:56.321841Z",
    "operation": "create",
    "changes": {
        "name": "cmeyers app",
        "description": "",
        "client_type": "public",
        "redirect_uris": "",
        "authorization_grant_type": "password",
        "skip_authorization": false,
        "organization": "Default-1",
        "id": 1
    },
    "object1": "o_auth2_application",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
Token Creation - Before
{
    "id": 22,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/22/](http://localhost:8013/api/v2/activity_stream/22/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)",
        "o_auth2_access_token": [
            "[/api/v2/tokens/1/](http://localhost:8013/api/v2/tokens/1/)"
        ]
    },
    "summary_fields": {
        "o_auth2_access_token": [
            {
                "id": 1,
                "user_id": 1,
                "description": "hello world 2",
                "application_id": 1,
                "scope": "read"
            }
        ],
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:18:22.438100Z",
    "operation": "create",
    "changes": {
        "description": "hello world",
        "application": "cmeyers app",
        "scope": "write",
        "id": 1,
        "token": "************"
    },
    "object1": "o_auth2_access_token",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
Token Creation - After
{
    "id": 22,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/22/](http://localhost:8013/api/v2/activity_stream/22/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)"
    },
    "summary_fields": {
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:18:22.438100Z",
    "operation": "create",
    "changes": {
        "description": "hello world",
        "application": "cmeyers app",
        "scope": "write",
        "id": 1,
        "token": "************"
    },
    "object1": "o_auth2_access_token",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
Application Edit - Before
{
    "id": 23,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/23/](http://localhost:8013/api/v2/activity_stream/23/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)",
        "o_auth2_access_token": [
            "[/api/v2/tokens/1/](http://localhost:8013/api/v2/tokens/1/)"
        ]
    },
    "summary_fields": {
        "o_auth2_access_token": [
            {
                "id": 1,
                "user_id": 1,
                "description": "hello world 2",
                "application_id": 1,
                "scope": "read"
            }
        ],
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:18:32.145751Z",
    "operation": "update",
    "changes": {
        "description": [
            "hello world",
            "hello world 2"
        ],
        "scope": [
            "write",
            "read"
        ]
    },
    "object1": "o_auth2_access_token",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}
Application Edit - After
{
    "id": 23,
    "type": "activity_stream",
    "url": "[/api/v2/activity_stream/23/](http://localhost:8013/api/v2/activity_stream/23/)",
    "related": {
        "actor": "[/api/v2/users/1/](http://localhost:8013/api/v2/users/1/)"
    },
    "summary_fields": {
        "actor": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        }
    },
    "timestamp": "2024-11-18T13:18:32.145751Z",
    "operation": "update",
    "changes": {
        "description": [
            "hello world",
            "hello world 2"
        ],
        "scope": [
            "write",
            "read"
        ]
    },
    "object1": "o_auth2_access_token",
    "object2": "",
    "object_association": "",
    "action_node": "awx-1",
    "object_type": ""
}

Token edit before/after is also effected in the same way.

Thoughts

The migrations in this PR change the activity stream entries. Specifically, the deletion of the application and/or token can cause the summary_fields section to change.

We recommend that customers and users hook up external logging to their splunk/grafana-thing/elk to track these sorts of things long-term, so I guess it's OK that our activity stream entries change.

chrismeyersfsu avatar Nov 18 '24 13:11 chrismeyersfsu

Unblocked now, because https://github.com/ansible/awx/pull/15647 is merged

AlanCoding avatar Nov 20 '24 16:11 AlanCoding

Closing this one as a duplicate with conflicts resolved + small patches has been merged already here: https://github.com/ansible/awx/pull/15666

PabloHiro avatar Nov 28 '24 07:11 PabloHiro

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 75.31%. Comparing base (3ba6e2e) to head (0341aba). Report is 106 commits behind head on devel.

:white_check_mark: All tests successful. No failed tests found.

codecov[bot] avatar Feb 26 '25 08:02 codecov[bot]