enterprise/providers/rac: add alert that enterprise is required for RAC (#8057)

add alert that enterprise is required for RAC Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2024-01-04 16:18:12 +01:00
parent b93ad8615c
commit 116ac30c72
24 changed files with 211 additions and 84 deletions
--- a/authentik/core/api/propertymappings.py
+++ b/authentik/core/api/propertymappings.py
@ -19,6 +19,7 @@ from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import MetaNameSerializer, PassiveSerializer, TypeCreateSerializer
 from authentik.core.expression.evaluator import PropertyMappingEvaluator
 from authentik.core.models import PropertyMapping
+from authentik.enterprise.apps import EnterpriseConfig
 from authentik.events.utils import sanitize_item
 from authentik.lib.utils.reflection import all_subclasses
 from authentik.policies.api.exec import PolicyTestSerializer
@ -95,6 +96,7 @@ class PropertyMappingViewSet(
                    "description": subclass.__doc__,
                    "component": subclass().component,
                    "model_name": subclass._meta.model_name,
+                    "requires_enterprise": isinstance(subclass._meta.app_config, EnterpriseConfig),
                }
            )
        return Response(TypeCreateSerializer(data, many=True).data)
--- a/authentik/core/api/providers.py
+++ b/authentik/core/api/providers.py
@ -16,6 +16,7 @@ from rest_framework.viewsets import GenericViewSet
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import MetaNameSerializer, TypeCreateSerializer
 from authentik.core.models import Provider
+from authentik.enterprise.apps import EnterpriseConfig
 from authentik.lib.utils.reflection import all_subclasses


@ -113,6 +114,7 @@ class ProviderViewSet(
                    "description": subclass.__doc__,
                    "component": subclass().component,
                    "model_name": subclass._meta.model_name,
+                    "requires_enterprise": isinstance(subclass._meta.app_config, EnterpriseConfig),
                }
            )
        data.append(
--- a/authentik/core/api/utils.py
+++ b/authentik/core/api/utils.py
@ -5,7 +5,7 @@ from django.db.models import Model
 from drf_spectacular.extensions import OpenApiSerializerFieldExtension
 from drf_spectacular.plumbing import build_basic_type
 from drf_spectacular.types import OpenApiTypes
-from rest_framework.fields import CharField, IntegerField, JSONField
+from rest_framework.fields import BooleanField, CharField, IntegerField, JSONField
 from rest_framework.serializers import Serializer, SerializerMethodField, ValidationError


@ -74,6 +74,7 @@ class TypeCreateSerializer(PassiveSerializer):
    description = CharField(required=True)
    component = CharField(required=True)
    model_name = CharField(required=True)
+    requires_enterprise = BooleanField(default=False)


 class CacheSerializer(PassiveSerializer):
--- a/authentik/enterprise/api.py
+++ b/authentik/enterprise/api.py
@ -2,9 +2,11 @@
 from datetime import datetime, timedelta

 from django.utils.timezone import now
+from django.utils.translation import gettext as _
 from drf_spectacular.types import OpenApiTypes
 from drf_spectacular.utils import extend_schema, inline_serializer
 from rest_framework.decorators import action
+from rest_framework.exceptions import ValidationError
 from rest_framework.fields import BooleanField, CharField, DateTimeField, IntegerField
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.request import Request
@ -20,6 +22,18 @@ from authentik.enterprise.models import License, LicenseKey
 from authentik.root.install_id import get_install_id


+class EnterpriseRequiredMixin:
+    """Mixin to validate that a valid enterprise license
+    exists before allowing to safe the object"""
+
+    def validate(self, attrs: dict) -> dict:
+        """Check that a valid license exists"""
+        total = LicenseKey.get_total()
+        if not total.is_valid():
+            raise ValidationError(_("Enterprise is required to create/update this object."))
+        return super().validate(attrs)
+
+
 class LicenseSerializer(ModelSerializer):
    """License Serializer"""

--- a/authentik/enterprise/apps.py
+++ b/authentik/enterprise/apps.py
@ -2,7 +2,11 @@
 from authentik.blueprints.apps import ManagedAppConfig


-class AuthentikEnterpriseConfig(ManagedAppConfig):
+class EnterpriseConfig(ManagedAppConfig):
+    """Base app config for all enterprise apps"""
+
+
+class AuthentikEnterpriseConfig(EnterpriseConfig):
    """Enterprise app config"""

    name = "authentik.enterprise"
--- a/authentik/enterprise/providers/rac/api/endpoints.py
+++ b/authentik/enterprise/providers/rac/api/endpoints.py
@ -15,6 +15,7 @@ from structlog.stdlib import get_logger

 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.models import Provider
+from authentik.enterprise.api import EnterpriseRequiredMixin
 from authentik.enterprise.providers.rac.api.providers import RACProviderSerializer
 from authentik.enterprise.providers.rac.models import Endpoint
 from authentik.policies.engine import PolicyEngine
@ -28,7 +29,7 @@ def user_endpoint_cache_key(user_pk: str) -> str:
    return f"goauthentik.io/providers/rac/endpoint_access/{user_pk}"


-class EndpointSerializer(ModelSerializer):
+class EndpointSerializer(EnterpriseRequiredMixin, ModelSerializer):
    """Endpoint Serializer"""

    provider_obj = RACProviderSerializer(source="provider", read_only=True)
--- a/authentik/enterprise/providers/rac/api/property_mappings.py
+++ b/authentik/enterprise/providers/rac/api/property_mappings.py
@ -5,10 +5,11 @@ from rest_framework.viewsets import ModelViewSet
 from authentik.core.api.propertymappings import PropertyMappingSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import JSONDictField
+from authentik.enterprise.api import EnterpriseRequiredMixin
 from authentik.enterprise.providers.rac.models import RACPropertyMapping


-class RACPropertyMappingSerializer(PropertyMappingSerializer):
+class RACPropertyMappingSerializer(EnterpriseRequiredMixin, PropertyMappingSerializer):
    """RACPropertyMapping Serializer"""

    static_settings = JSONDictField()
--- a/authentik/enterprise/providers/rac/api/providers.py
+++ b/authentik/enterprise/providers/rac/api/providers.py
@ -4,10 +4,11 @@ from rest_framework.viewsets import ModelViewSet

 from authentik.core.api.providers import ProviderSerializer
 from authentik.core.api.used_by import UsedByMixin
+from authentik.enterprise.api import EnterpriseRequiredMixin
 from authentik.enterprise.providers.rac.models import RACProvider


-class RACProviderSerializer(ProviderSerializer):
+class RACProviderSerializer(EnterpriseRequiredMixin, ProviderSerializer):
    """RACProvider Serializer"""

    outpost_set = ListField(child=CharField(), read_only=True, source="outpost_set.all")
--- a/authentik/enterprise/providers/rac/apps.py
+++ b/authentik/enterprise/providers/rac/apps.py
@ -1,8 +1,8 @@
 """RAC app config"""
-from authentik.blueprints.apps import ManagedAppConfig
+from authentik.enterprise.apps import EnterpriseConfig


-class AuthentikEnterpriseProviderRAC(ManagedAppConfig):
+class AuthentikEnterpriseProviderRAC(EnterpriseConfig):
    """authentik enterprise rac app config"""

    name = "authentik.enterprise.providers.rac"
--- a/authentik/enterprise/providers/rac/models.py
+++ b/authentik/enterprise/providers/rac/models.py
@ -35,7 +35,7 @@ class AuthenticationMode(models.TextChoices):


 class RACProvider(Provider):
-    """Remotely access computers/servers"""
+    """Remotely access computers/servers via RDP/SSH/VNC."""

    settings = models.JSONField(default=dict)
    auth_mode = models.TextField(