outposts: make refresh interval configurable (#10138)

* outposts: make refresh interval configurable Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * frontend Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * black again Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * switch to using config attribute Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2024-07-05 13:14:28 +02:00
parent a824fda339
commit 0fe751269e
5 changed files with 20 additions and 2 deletions
--- a/authentik/outposts/api/outposts.py
+++ b/authentik/outposts/api/outposts.py
@ -20,6 +20,7 @@ from authentik.core.api.utils import JSONDictField, ModelSerializer, PassiveSeri
 from authentik.core.models import Provider
 from authentik.enterprise.license import LicenseKey
 from authentik.enterprise.providers.rac.models import RACProvider
+from authentik.lib.utils.time import timedelta_from_string, timedelta_string_validator
 from authentik.outposts.api.service_connections import ServiceConnectionSerializer
 from authentik.outposts.apps import MANAGED_OUTPOST, MANAGED_OUTPOST_NAME
 from authentik.outposts.models import (
@ -49,6 +50,10 @@ class OutpostSerializer(ModelSerializer):
    service_connection_obj = ServiceConnectionSerializer(
        source="service_connection", read_only=True
    )
+    refresh_interval_s = SerializerMethodField()
+
+    def get_refresh_interval_s(self, obj: Outpost) -> int:
+        return int(timedelta_from_string(obj.config.refresh_interval).total_seconds())

    def validate_name(self, name: str) -> str:
        """Validate name (especially for embedded outpost)"""
@ -84,7 +89,8 @@ class OutpostSerializer(ModelSerializer):
    def validate_config(self, config) -> dict:
        """Check that the config has all required fields"""
        try:
-            from_dict(OutpostConfig, config)
+            parsed = from_dict(OutpostConfig, config)
+            timedelta_string_validator(parsed.refresh_interval)
        except DaciteError as exc:
            raise ValidationError(f"Failed to validate config: {str(exc)}") from exc
        return config
@ -99,6 +105,7 @@ class OutpostSerializer(ModelSerializer):
            "providers_obj",
            "service_connection",
            "service_connection_obj",
+            "refresh_interval_s",
            "token_identifier",
            "config",
            "managed",
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@ -61,6 +61,7 @@ class OutpostConfig:

    log_level: str = CONFIG.get("log_level")
    object_naming_template: str = field(default="ak-outpost-%(name)s")
+    refresh_interval: str = "minutes=5"

    container_image: str | None = field(default=None)

--- a/internal/outpost/ak/api_ws.go
+++ b/internal/outpost/ak/api_ws.go
@ -183,7 +183,7 @@ func (ac *APIController) startWSHealth() {

 func (ac *APIController) startIntervalUpdater() {
 	logger := ac.logger.WithField("loop", "interval-updater")
-	ticker := time.NewTicker(5 * time.Minute)
+	ticker := time.NewTicker(time.Duration(ac.Outpost.RefreshIntervalS) * time.Second)
 	for ; true; <-ticker.C {
 		logger.Debug("Running interval update")
 		err := ac.OnRefresh()
@ -198,6 +198,7 @@ func (ac *APIController) startIntervalUpdater() {
 				"build":        constants.BUILD("tagged"),
 			}).SetToCurrentTime()
 		}
+		ticker.Reset(time.Duration(ac.Outpost.RefreshIntervalS) * time.Second)
 	}
 }

--- a/schema.yml
+++ b/schema.yml
@ -39497,6 +39497,9 @@ components:
          allOf:
          - $ref: '#/components/schemas/ServiceConnection'
          readOnly: true
+        refresh_interval_s:
+          type: integer
+          readOnly: true
        token_identifier:
          type: string
          description: Get Token identifier
@ -39518,6 +39521,7 @@ components:
      - pk
      - providers
      - providers_obj
+      - refresh_interval_s
      - service_connection_obj
      - token_identifier
      - type
--- a/website/docs/outposts/_config.md
+++ b/website/docs/outposts/_config.md
@ -3,6 +3,11 @@
 # Allowed levels: trace, debug, info, warning, error
 # Applies to: non-embedded
 log_level: debug
+# Interval at which the outpost will refresh the providers
+# from authentik. For caching outposts (such as LDAP), the
+# cache will also be invalidated at that interval.
+# (Format: hours=1;minutes=2;seconds=3).
+refresh_interval: minutes=5
 ########################################
 # The settings below are only relevant when using a managed outpost
 ########################################