diff options
| author | Ryan Petrello <rpetrell@redhat.com> | 2021-03-03 15:03:04 +0100 |
|---|---|---|
| committer | Ryan Petrello <rpetrell@redhat.com> | 2021-03-17 15:19:03 +0100 |
| commit | 764322b87b7e928389c2c239db7a5ba54a8b1f6b (patch) | |
| tree | 05bb7f4b78b71664a5f19c3c205126642cfa0a82 | |
| parent | Bugs identified during flake8 testing (diff) | |
| download | awx-764322b87b7e928389c2c239db7a5ba54a8b1f6b.tar.xz awx-764322b87b7e928389c2c239db7a5ba54a8b1f6b.zip | |
more centrify fixes
| -rw-r--r-- | awx/main/credential_plugins/centrify_vault.py | 24 | ||||
| -rw-r--r-- | awx/main/migrations/0124_centrify_vault_credtype.py | 20 | ||||
| -rwxr-xr-x | setup.py | 2 |
3 files changed, 42 insertions, 4 deletions
diff --git a/awx/main/credential_plugins/centrify_vault.py b/awx/main/credential_plugins/centrify_vault.py index 5e71b23d4d..02be552634 100644 --- a/awx/main/credential_plugins/centrify_vault.py +++ b/awx/main/credential_plugins/centrify_vault.py @@ -21,6 +21,18 @@ pas_inputs = { 'type':'string',
'help_text': _('Password of Centrify API User with necessary permissions'),
'secret':True,
+ },{
+ 'id':'oauth_application_id',
+ 'label':_('OAuth2 Application ID'),
+ 'type':'string',
+ 'help_text': _('Application ID of the configured OAuth2 Client (defaults to \'awx\')'),
+ 'default': 'awx',
+ },{
+ 'id':'oauth_scope',
+ 'label':_('OAuth2 Scope'),
+ 'type':'string',
+ 'help_text': _('Scope of the configured OAuth2 Client (defaults to \'awx\')'),
+ 'default': 'awx',
}],
'metadata': [{
'id': 'account-name',
@@ -41,7 +53,7 @@ pas_inputs = { def handle_auth(**kwargs):
post_data = {
"grant_type": "client_credentials",
- "scope":"siem"
+ "scope": kwargs['oauth_scope']
}
response = requests.post(
kwargs['endpoint'],
@@ -106,8 +118,14 @@ def centrify_backend(**kwargs): system_name = kwargs.get('system-name')
client_id = kwargs.get('client_id')
client_password = kwargs.get('client_password')
- endpoint = urljoin(url,'/oauth2/token/oauthsiem')
- endpoint = {'endpoint':endpoint,'client_id':client_id,'client_password':client_password}
+ app_id = kwargs.get('oauth_application_id', 'awx')
+ endpoint = urljoin(url, f'/oauth2/token/{app_id}')
+ endpoint = {
+ 'endpoint': endpoint,
+ 'client_id': client_id,
+ 'client_password': client_password
+ 'oauth_scope': kwargs.get('oauth_scope', 'awx')
+ }
token = handle_auth(**endpoint)
get_id_args = {'system_name':system_name,'acc_name':acc_name,'url':url,'access_token':token}
acc_id = get_ID(**get_id_args)
diff --git a/awx/main/migrations/0124_centrify_vault_credtype.py b/awx/main/migrations/0124_centrify_vault_credtype.py new file mode 100644 index 0000000000..ff65ad9b75 --- /dev/null +++ b/awx/main/migrations/0124_centrify_vault_credtype.py @@ -0,0 +1,20 @@ +from django.db import migrations + +from awx.main.models import CredentialType +from awx.main.utils.common import set_current_apps + + +def setup_tower_managed_defaults(apps, schema_editor): + set_current_apps(apps) + CredentialType.setup_tower_managed_defaults() + + +class Migration(migrations.Migration): + + dependencies = [ + ('main', '0123_drop_hg_support'), + ] + + operations = [ + migrations.RunPython(setup_tower_managed_defaults), + ] @@ -131,7 +131,7 @@ setup( 'hashivault_ssh = awx.main.credential_plugins.hashivault:hashivault_ssh_plugin', 'azure_kv = awx.main.credential_plugins.azure_kv:azure_keyvault_plugin', 'aim = awx.main.credential_plugins.aim:aim_plugin', - 'centrify_vault_kv=awx.main.credential_plugins.centrify_vault:centrify_plugin' + 'centrify_vault_kv = awx.main.credential_plugins.centrify_vault:centrify_plugin' ] }, data_files = proc_data_files([ |