Hide certain plugins from /authenticator_plugins/

Be able to have some authenticator plugins be marked as "internal" and
thus not shown in the UI as an option when configuring an
authenticator.

Signed-off-by: Rick Elrod <[email protected]>

ansible_base/authentication/views/authenticator_plugins.py

@@ -12,6 +12,9 @@ def get(self, request, format=None):
         for p in plugins:
             try:
                 klass = get_authenticator_class(p)
+                if getattr(klass, "type", "") == "internal":
+                    # Allow for 'hiding' some plugins from this list so the UI doesn't show them as a choice.
+                    continue
                 config = klass.configuration_class()
                 config_schema = config.get_configuration_schema()
                 resp['authenticators'].append(

test_app/tests/authentication/views/test_authenticator_plugins.py

@@ -2,11 +2,17 @@
 from ansible_base.lib.utils.response import get_relative_url
 
 
-def test_plugin_authenticator_view(admin_api_client):
+def test_plugin_authenticator_view(admin_api_client, settings):
     """
     Test the authenticator plugin view. It should show all available plugins
     (which exist on the system as python files, not database entries).
     """
+    fixture_module = "test_app.tests.fixtures.authenticator_plugins"
+    settings.ANSIBLE_BASE_AUTHENTICATOR_CLASS_PREFIXES = [
+        "ansible_base.authentication.authenticator_plugins",
+        fixture_module,
+    ]
+
     url = get_relative_url("authenticator_plugin-view")
     response = admin_api_client.get(url)
     assert response.status_code == 200
@@ -16,6 +22,9 @@ def test_plugin_authenticator_view(admin_api_client):
     assert 'ansible_base.authentication.authenticator_plugins.ldap' in auth_types
     assert 'ansible_base.authentication.authenticator_plugins.local' in auth_types
 
+    # ones defined with type == 'internal' are not shown on this endpoint
+    assert f"{fixture_module}.definitely_not_public" not in auth_types
+
 
 def test_plugin_authenticator_view_import_error(admin_api_client, shut_up_logging, settings):
     """

test_app/tests/fixtures/authenticator_plugins/custom.py

@@ -8,12 +8,13 @@
 
 
 class AuthenticatorPlugin(AbstractAuthenticatorPlugin):
+    configuration_encrypted_fields = []
+    type = "custom"
+    category = "password"
+
     def __init__(self, database_instance=None, *args, **kwargs):
         super().__init__(database_instance, *args, **kwargs)
-        self.configuration_encrypted_fields = []
-        self.type = "custom"
         self.set_logger(logger)
-        self.category = "password"
 
     def authenticate(self, request, username=None, password=None, **kwargs):
         if username == "admin" and password == "hello123":

test_app/tests/fixtures/authenticator_plugins/definitely_not_public.py

@@ -0,0 +1,24 @@
+import logging
+
+from django.contrib.auth import get_user_model
+
+from ansible_base.authentication.authenticator_plugins.base import AbstractAuthenticatorPlugin
+
+logger = logging.getLogger('test_app.tests.fixtures.authenticator_plugins.definitely_not_public')
+
+
+class AuthenticatorPlugin(AbstractAuthenticatorPlugin):
+    configuration_encrypted_fields = []
+    type = "internal"
+    category = "password"
+
+    def __init__(self, database_instance=None, *args, **kwargs):
+        super().__init__(database_instance, *args, **kwargs)
+        self.set_logger(logger)
+
+    def authenticate(self, request, username=None, password=None, **kwargs):
+        if username == "admin" and password == "hello123":
+            user = get_user_model().objects.get(username=username)
+            return user
+
+        return None