Update LDAP/SAML config dump command (ansible#15106)

* update LDAP config dump

* return missing fields if any

* update test, remove unused import

* return bool and fields. check for missing_fields

Author: jessicamack

awx/main/management/commands/dump_auth_config.py

@@ -2,10 +2,11 @@
 import os
 import sys
 import re
-
 from typing import Any
+
 from django.core.management.base import BaseCommand
 from django.conf import settings
+
 from awx.conf import settings_registry
 
 
@@ -40,6 +41,15 @@ class Command(BaseCommand):
         "USER_SEARCH": False,
     }
 
+    def is_enabled(self, settings, keys):
+        missing_fields = []
+        for key, required in keys.items():
+            if required and not settings.get(key):
+                missing_fields.append(key)
+        if missing_fields:
+            return False, missing_fields
+        return True, None
+
     def get_awx_ldap_settings(self) -> dict[str, dict[str, Any]]:
         awx_ldap_settings = {}
 
@@ -64,14 +74,16 @@ def get_awx_ldap_settings(self) -> dict[str, dict[str, Any]]:
 
             if new_key == "SERVER_URI" and value:
                 value = value.split(", ")
+                grouped_settings[index][new_key] = value
 
-        return grouped_settings
+            if type(value).__name__ == "LDAPSearch":
+                data = []
+                data.append(value.base_dn)
+                data.append("SCOPE_SUBTREE")
+                data.append(value.filterstr)
+                grouped_settings[index][new_key] = data
 
-    def is_enabled(self, settings, keys):
-        for key, required in keys.items():
-            if required and not settings.get(key):
-                return False
-        return True
+        return grouped_settings
 
     def get_awx_saml_settings(self) -> dict[str, Any]:
         awx_saml_settings = {}
@@ -82,7 +94,7 @@ def get_awx_saml_settings(self) -> dict[str, Any]:
 
     def format_config_data(self, enabled, awx_settings, type, keys, name):
         config = {
-            "type": f"awx.authentication.authenticator_plugins.{type}",
+            "type": f"ansible_base.authentication.authenticator_plugins.{type}",
             "name": name,
             "enabled": enabled,
             "create_objects": True,
@@ -130,7 +142,7 @@ def handle(self, *args, **options):
 
             # dump SAML settings
             awx_saml_settings = self.get_awx_saml_settings()
-            awx_saml_enabled = self.is_enabled(awx_saml_settings, self.DAB_SAML_AUTHENTICATOR_KEYS)
+            awx_saml_enabled, saml_missing_fields = self.is_enabled(awx_saml_settings, self.DAB_SAML_AUTHENTICATOR_KEYS)
             if awx_saml_enabled:
                 awx_saml_name = awx_saml_settings["ENABLED_IDPS"]
                 data.append(
@@ -142,21 +154,25 @@ def handle(self, *args, **options):
                         awx_saml_name,
                     )
                 )
+            else:
+                data.append({"SAML_missing_fields": saml_missing_fields})
 
             # dump LDAP settings
             awx_ldap_group_settings = self.get_awx_ldap_settings()
-            for awx_ldap_name, awx_ldap_settings in enumerate(awx_ldap_group_settings.values()):
-                enabled = self.is_enabled(awx_ldap_settings, self.DAB_LDAP_AUTHENTICATOR_KEYS)
-                if enabled:
+            for awx_ldap_name, awx_ldap_settings in awx_ldap_group_settings.items():
+                awx_ldap_enabled, ldap_missing_fields = self.is_enabled(awx_ldap_settings, self.DAB_LDAP_AUTHENTICATOR_KEYS)
+                if awx_ldap_enabled:
                     data.append(
                         self.format_config_data(
-                            enabled,
+                            awx_ldap_enabled,
                             awx_ldap_settings,
                             "ldap",
                             self.DAB_LDAP_AUTHENTICATOR_KEYS,
-                            str(awx_ldap_name),
+                            f"LDAP_{awx_ldap_name}",
                         )
                     )
+                else:
+                    data.append({f"LDAP_{awx_ldap_name}_missing_fields": ldap_missing_fields})
 
             # write to file if requested
             if options["output_file"]:

awx/main/tests/unit/commands/test_dump_auth_config.py

@@ -52,7 +52,7 @@ def setUp(self):
         super().setUp()
         self.expected_config = [
             {
-                "type": "awx.authentication.authenticator_plugins.saml",
+                "type": "ansible_base.authentication.authenticator_plugins.saml",
                 "name": "Keycloak",
                 "enabled": True,
                 "create_objects": True,
@@ -94,14 +94,14 @@ def setUp(self):
                 },
             },
             {
-                "type": "awx.authentication.authenticator_plugins.ldap",
-                "name": "1",
+                "type": "ansible_base.authentication.authenticator_plugins.ldap",
+                "name": "LDAP_1",
                 "enabled": True,
                 "create_objects": True,
                 "users_unique": False,
                 "remove_users": True,
                 "configuration": {
-                    "SERVER_URI": "SERVER_URI",
+                    "SERVER_URI": ["SERVER_URI"],
                     "BIND_DN": "BIND_DN",
                     "BIND_PASSWORD": "BIND_PASSWORD",
                     "CONNECTION_OPTIONS": {},
@@ -119,4 +119,14 @@ def setUp(self):
     def test_json_returned_from_cmd(self):
         output = StringIO()
         call_command("dump_auth_config", stdout=output)
-        assert json.loads(output.getvalue()) == self.expected_config
+        cmmd_output = json.loads(output.getvalue())
+
+        # check configured SAML return
+        assert cmmd_output[0] == self.expected_config[0]
+
+        # check configured LDAP return
+        assert cmmd_output[2] == self.expected_config[1]
+
+        # check unconfigured LDAP return
+        assert "LDAP_0_missing_fields" in cmmd_output[1]
+        assert cmmd_output[1]["LDAP_0_missing_fields"] == ['SERVER_URI', 'GROUP_TYPE', 'GROUP_TYPE_PARAMS', 'USER_DN_TEMPLATE', 'USER_ATTR_MAP']