sources: introduce new property mappings per user and group (#8750)

* sources: introduce new property mappings per-user and group Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * sources/ldap: migrate to new property mappings Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint-fix and make gen Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * web changes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * remove flatten for generic implem Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * rework migration Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint-fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix migrations Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * re-add field migration to property mappings Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix migrations Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * more migrations fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * easy fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrate to propertymappingmanager Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * ruff and small fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * move mapping things into a separate class Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrations: use using(db_alias) Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrations: use built-in variable Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add docs Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add release notes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2024-07-22 15:26:22 +02:00
parent 919d5fce39
commit 1a6ac4740d
31 changed files with 814 additions and 298 deletions
--- a/blueprints/system/sources-ldap.yaml
+++ b/blueprints/system/sources-ldap.yaml
@ -9,7 +9,6 @@ entries:
    model: authentik_sources_ldap.ldappropertymapping
    attrs:
      name: "authentik default LDAP Mapping: DN to User Path"
-      object_field: "path"
      expression: |
        path_elements = []
        for pair in dn.split(","):
@ -23,32 +22,37 @@ entries:
        path = source.get_user_path()
        if len(path_elements) > 0:
            path = f"{path}/{'/'.join(path_elements)}"
-        return path
+        return {
+            "path": path
+        }
  - identifiers:
      managed: goauthentik.io/sources/ldap/default-name
    model: authentik_sources_ldap.ldappropertymapping
    attrs:
      name: "authentik default LDAP Mapping: Name"
-      object_field: "name"
      expression: |
-        return ldap.get('name')
+        return {
+            "name": ldap.get('name'),
+        }
  - identifiers:
      managed: goauthentik.io/sources/ldap/default-mail
    model: authentik_sources_ldap.ldappropertymapping
    attrs:
      name: "authentik default LDAP Mapping: mail"
-      object_field: "email"
      expression: |
-        return ldap.get('mail')
+        return {
+            "email": ldap.get('mail'),
+        }
  # ActiveDirectory-specific mappings
  - identifiers:
      managed: goauthentik.io/sources/ldap/ms-samaccountname
    model: authentik_sources_ldap.ldappropertymapping
    attrs:
      name: "authentik default Active Directory Mapping: sAMAccountName"
-      object_field: "username"
      expression: |
-        return ldap.get('sAMAccountName')
+        return {
+            "username": ldap.get('sAMAccountName'),
+        }
  - identifiers:
      managed: goauthentik.io/sources/ldap/ms-userprincipalname
    model: authentik_sources_ldap.ldappropertymapping
@ -56,37 +60,49 @@ entries:
      name: "authentik default Active Directory Mapping: userPrincipalName"
      object_field: "attributes.upn"
      expression: |
-        return list_flatten(ldap.get('userPrincipalName'))
+        return {
+            "attributes": {
+                "upn": list_flatten(ldap.get('userPrincipalName')),
+            },
+        }
  - identifiers:
      managed: goauthentik.io/sources/ldap/ms-givenName
    model: authentik_sources_ldap.ldappropertymapping
    attrs:
      name: "authentik default Active Directory Mapping: givenName"
-      object_field: "attributes.givenName"
      expression: |
-        return list_flatten(ldap.get('givenName'))
+        return {
+            "attributes": {
+                "givenName": list_flatten(ldap.get('givenName')),
+            },
+        }
  - identifiers:
      managed: goauthentik.io/sources/ldap/ms-sn
    model: authentik_sources_ldap.ldappropertymapping
    attrs:
      name: "authentik default Active Directory Mapping: sn"
-      object_field: "attributes.sn"
      expression: |
-        return list_flatten(ldap.get('sn'))
+        return {
+            "attributes": {
+                "sn": list_flatten(ldap.get('sn')),
+            },
+        }
  # OpenLDAP specific mappings
  - identifiers:
      managed: goauthentik.io/sources/ldap/openldap-uid
    model: authentik_sources_ldap.ldappropertymapping
    attrs:
      name: "authentik default OpenLDAP Mapping: uid"
-      object_field: "username"
      expression: |
-        return ldap.get('uid')
+        return {
+            "username": ldap.get('uid'),
+        }
  - identifiers:
      managed: goauthentik.io/sources/ldap/openldap-cn
    model: authentik_sources_ldap.ldappropertymapping
    attrs:
      name: "authentik default OpenLDAP Mapping: cn"
-      object_field: "name"
      expression: |
-        return ldap.get('cn')
+        return {
+            "name": ldap.get('cn'),
+        }