wip: rename to authentik (#361)

* root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * *: new sentry dsn * tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject
2020-12-05 22:08:42 +01:00
parent 810a7ab50b
commit 1cfe1aff13
989 changed files with 6425 additions and 4412 deletions
--- a/proxy/Dockerfile
+++ b/proxy/Dockerfile
@ -11,6 +11,6 @@ FROM gcr.io/distroless/base-debian10:debug

 COPY --from=builder /work/proxy /

-HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:4180/pbprox/ping" ]
+HEALTHCHECK CMD [ "wget", "--spider", "http://localhost:4180/akprox/ping" ]

 ENTRYPOINT ["/proxy"]
--- a/proxy/Makefile
+++ b/proxy/Makefile
@ -2,7 +2,7 @@ all: clean generate build

 generate:
 	go get -u github.com/go-swagger/go-swagger/cmd/swagger
-	swagger generate client -f ../swagger.yaml -A passbook -t pkg/
+	swagger generate client -f ../swagger.yaml -A authentik -t pkg/

 run:
 	go run -v .
--- a/proxy/README.md
+++ b/proxy/README.md
@ -1,24 +1,24 @@
-# passbook Proxy
+# authentik Proxy

-[![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/passbook/3?style=flat-square)](https://dev.azure.com/beryjuorg/passbook/_build?definitionId=3)
-![Docker pulls (proxy)](https://img.shields.io/docker/pulls/beryju/passbook-proxy.svg?style=flat-square)
+[![CI Build status](https://img.shields.io/azure-devops/build/beryjuorg/authentik/3?style=flat-square)](https://dev.azure.com/beryjuorg/authentik/_build?definitionId=3)
+![Docker pulls (proxy)](https://img.shields.io/docker/pulls/beryju/authentik-proxy.svg?style=flat-square)

-Reverse Proxy based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), completely managed and monitored by passbook.
+Reverse Proxy based on [oauth2_proxy](https://github.com/oauth2-proxy/oauth2-proxy), completely managed and monitored by authentik.

 ## Usage

-passbook Proxy is built to be configured by passbook itself, hence the only options you can directly give it are connection params.
+authentik Proxy is built to be configured by authentik itself, hence the only options you can directly give it are connection params.

 The following environment variable are implemented:

-`PASSBOOK_HOST`: Full URL to the passbook instance with protocol, i.e. "https://passbook.company.tld"
+`AUTHENTIK_HOST`: Full URL to the authentik instance with protocol, i.e. "https://authentik.company.tld"

-`PASSBOOK_TOKEN`: Token used to authenticate against passbook. This is generated after an Outpost instance is created.
+`AUTHENTIK_TOKEN`: Token used to authenticate against authentik. This is generated after an Outpost instance is created.

-`PASSBOOK_INSECURE`: This environment variable can optionally be set to ignore the SSL Certificate of the passbook instance. Applies to both HTTP and WS connections.
+`AUTHENTIK_INSECURE`: This environment variable can optionally be set to ignore the SSL Certificate of the authentik instance. Applies to both HTTP and WS connections.

 ## Development

-passbook Proxy uses an auto-generated API Client to communicate with passbook. This client is not kept in git. To generate the client locally, run `make generate`.
+authentik Proxy uses an auto-generated API Client to communicate with authentik. This client is not kept in git. To generate the client locally, run `make generate`.

 Afterwards you can build the proxy like any other Go project, using `go build`.
--- a/proxy/azure-pipelines.yml
+++ b/proxy/azure-pipelines.yml
@ -26,7 +26,7 @@ stages:
                sudo apt update
                sudo apt install swagger
                mkdir -p $(go env GOPATH)
-                swagger generate client -f ../swagger.yaml -A passbook -t pkg/
+                swagger generate client -f ../swagger.yaml -A authentik -t pkg/
              workingDirectory: 'proxy/'
          - task: PublishPipelineArtifact@1
            inputs:
@ -91,7 +91,7 @@ stages:
          - task: Docker@2
            inputs:
              containerRegistry: 'dockerhub'
-              repository: 'beryju/passbook-proxy'
+              repository: 'beryju/authentik-proxy'
              command: 'buildAndPush'
              Dockerfile: 'proxy/Dockerfile'
              buildContext: 'proxy/'
--- a/proxy/cmd/server.go
+++ b/proxy/cmd/server.go
@ -8,27 +8,27 @@ import (
 	"os/signal"
 	"time"

-	"github.com/BeryJu/passbook/proxy/pkg/server"
+	"github.com/BeryJu/authentik/proxy/pkg/server"
 )

-const helpMessage = `passbook proxy
+const helpMessage = `authentik proxy

 Required environment variables:
- - PASSBOOK_HOST: URL to connect to (format "http://passbook.company")
- - PASSBOOK_TOKEN: Token to authenticate with
- - PASSBOOK_INSECURE: Skip SSL Certificate verification`
+ - AUTHENTIK_HOST: URL to connect to (format "http://authentik.company")
+ - AUTHENTIK_TOKEN: Token to authenticate with
+ - AUTHENTIK_INSECURE: Skip SSL Certificate verification`

 // RunServer main entrypoint, runs the full server
 func RunServer() {
-	pbURL, found := os.LookupEnv("PASSBOOK_HOST")
+	pbURL, found := os.LookupEnv("AUTHENTIK_HOST")
 	if !found {
-		fmt.Println("env PASSBOOK_HOST not set!")
+		fmt.Println("env AUTHENTIK_HOST not set!")
 		fmt.Println(helpMessage)
 		os.Exit(1)
 	}
-	pbToken, found := os.LookupEnv("PASSBOOK_TOKEN")
+	pbToken, found := os.LookupEnv("AUTHENTIK_TOKEN")
 	if !found {
-		fmt.Println("env PASSBOOK_TOKEN not set!")
+		fmt.Println("env AUTHENTIK_TOKEN not set!")
 		fmt.Println(helpMessage)
 		os.Exit(1)
 	}
--- a/proxy/go.mod
+++ b/proxy/go.mod
@ -1,4 +1,4 @@
-module github.com/BeryJu/passbook/proxy
+module github.com/BeryJu/authentik/proxy

 go 1.14

--- a/proxy/main.go
+++ b/proxy/main.go
@ -1,7 +1,7 @@
 package main

 import (
-	"github.com/BeryJu/passbook/proxy/cmd"
+	"github.com/BeryJu/authentik/proxy/cmd"
 	log "github.com/sirupsen/logrus"
 )

--- a/proxy/pkg/proxy/claims.go
+++ b/proxy/pkg/proxy/claims.go
@ -9,7 +9,7 @@ import (
 type Claims struct {
 	Proxy struct {
 		UserAttributes map[string]interface{} `json:"user_attributes"`
-	} `json:"pb_proxy"`
+	} `json:"ak_proxy"`
 }

 func (c *Claims) FromIDToken(idToken string) error {
--- a/proxy/pkg/server/api.go
+++ b/proxy/pkg/server/api.go
@ -11,9 +11,9 @@ import (
 	"strings"
 	"time"

-	"github.com/BeryJu/passbook/proxy/pkg"
-	"github.com/BeryJu/passbook/proxy/pkg/client"
-	"github.com/BeryJu/passbook/proxy/pkg/client/outposts"
+	"github.com/BeryJu/authentik/proxy/pkg"
+	"github.com/BeryJu/authentik/proxy/pkg/client"
+	"github.com/BeryJu/authentik/proxy/pkg/client/outposts"
 	"github.com/getsentry/sentry-go"
 	"github.com/go-openapi/runtime"
 	"github.com/recws-org/recws"
@ -28,9 +28,9 @@ const ConfigLogLevel = "log_level"
 const ConfigErrorReportingEnabled = "error_reporting_enabled"
 const ConfigErrorReportingEnvironment = "error_reporting_environment"

-// APIController main controller which connects to the passbook api via http and ws
+// APIController main controller which connects to the authentik api via http and ws
 type APIController struct {
-	client *client.Passbook
+	client *client.Authentik
 	auth   runtime.ClientAuthInfoWriter
 	token  string

@ -48,13 +48,13 @@ type APIController struct {

 func getCommonOptions() *options.Options {
 	commonOpts := options.NewOptions()
-	commonOpts.Cookie.Name = "passbook_proxy"
+	commonOpts.Cookie.Name = "authentik_proxy"
 	commonOpts.EmailDomains = []string{"*"}
 	commonOpts.ProviderType = "oidc"
-	commonOpts.ProxyPrefix = "/pbprox"
+	commonOpts.ProxyPrefix = "/akprox"
 	commonOpts.Logging.SilencePing = true
 	commonOpts.SetAuthorization = false
-	commonOpts.Scope = "openid email profile pb_proxy"
+	commonOpts.Scope = "openid email profile ak_proxy"
 	return commonOpts
 }

@ -71,11 +71,11 @@ func doGlobalSetup(config map[string]interface{}) {
 	default:
 		log.SetLevel(log.DebugLevel)
 	}
-	log.WithField("version", pkg.VERSION).Info("Starting passbook proxy")
+	log.WithField("version", pkg.VERSION).Info("Starting authentik proxy")

 	var dsn string
 	if config[ConfigErrorReportingEnabled].(bool) {
-		dsn = "https://33cdbcb23f8b436dbe0ee06847410b67@sentry.beryju.org/3"
+		dsn = "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8"
 		log.Debug("Error reporting enabled")
 	}

@ -91,7 +91,7 @@ func doGlobalSetup(config map[string]interface{}) {
 }

 func getTLSTransport() http.RoundTripper {
-	value, set := os.LookupEnv("PASSBOOK_INSECURE")
+	value, set := os.LookupEnv("AUTHENTIK_INSECURE")
 	if !set {
 		value = "false"
 	}
@ -107,7 +107,7 @@ func getTLSTransport() http.RoundTripper {
 // NewAPIController initialise new API Controller instance from URL and API token
 func NewAPIController(pbURL url.URL, token string) *APIController {
 	transport := httptransport.New(pbURL.Host, client.DefaultBasePath, []string{pbURL.Scheme})
-	transport.Transport = SetUserAgent(getTLSTransport(), fmt.Sprintf("passbook-proxy@%s", pkg.VERSION))
+	transport.Transport = SetUserAgent(getTLSTransport(), fmt.Sprintf("authentik-proxy@%s", pkg.VERSION))

 	// create the transport
 	auth := httptransport.BasicAuth("", token)
--- a/proxy/pkg/server/api_bundle.go
+++ b/proxy/pkg/server/api_bundle.go
@ -9,9 +9,9 @@ import (
 	"os"
 	"strings"

-	"github.com/BeryJu/passbook/proxy/pkg/client/crypto"
-	"github.com/BeryJu/passbook/proxy/pkg/models"
-	"github.com/BeryJu/passbook/proxy/pkg/proxy"
+	"github.com/BeryJu/authentik/proxy/pkg/client/crypto"
+	"github.com/BeryJu/authentik/proxy/pkg/models"
+	"github.com/BeryJu/authentik/proxy/pkg/proxy"
 	"github.com/jinzhu/copier"
 	"github.com/justinas/alice"
 	"github.com/oauth2-proxy/oauth2-proxy/pkg/apis/options"
--- a/proxy/pkg/server/api_ws.go
+++ b/proxy/pkg/server/api_ws.go
@ -10,7 +10,7 @@ import (
 	"strings"
 	"time"

-	"github.com/BeryJu/passbook/proxy/pkg"
+	"github.com/BeryJu/authentik/proxy/pkg"
 	"github.com/go-openapi/strfmt"
 	"github.com/gorilla/websocket"
 	"github.com/recws-org/recws"
@ -24,10 +24,10 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {

 	header := http.Header{
 		"Authorization": []string{authHeader},
-		"User-Agent":    []string{fmt.Sprintf("passbook-proxy@%s", pkg.VERSION)},
+		"User-Agent":    []string{fmt.Sprintf("authentik-proxy@%s", pkg.VERSION)},
 	}

-	value, set := os.LookupEnv("PASSBOOK_INSECURE")
+	value, set := os.LookupEnv("AUTHENTIK_INSECURE")
 	if !set {
 		value = "false"
 	}
@ -40,7 +40,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
 	}
 	ws.Dial(fmt.Sprintf(pathTemplate, scheme, pbURL.Host, outpostUUID.String()), header)

-	ac.logger.WithField("component", "ws").WithField("outpost", outpostUUID.String()).Debug("connecting to passbook")
+	ac.logger.WithField("component", "ws").WithField("outpost", outpostUUID.String()).Debug("connecting to authentik")

 	ac.wsConn = ws
 	// Send hello message with our version
@ -52,7 +52,7 @@ func (ac *APIController) initWS(pbURL url.URL, outpostUUID strfmt.UUID) {
 	}
 	err := ws.WriteJSON(msg)
 	if err != nil {
-		ac.logger.WithField("component", "ws").WithError(err).Warning("Failed to hello to passbook")
+		ac.logger.WithField("component", "ws").WithError(err).Warning("Failed to hello to authentik")
 	}
 }

--- a/proxy/pkg/server/cert.go
+++ b/proxy/pkg/server/cert.go
@ -36,8 +36,8 @@ func generateSelfSignedCert() (tls.Certificate, error) {
 	template := x509.Certificate{
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
-			Organization: []string{"passbook"},
-			CommonName:   "passbook Proxy default certificate",
+			Organization: []string{"authentik"},
+			CommonName:   "authentik Proxy default certificate",
 		},
 		NotBefore: notBefore,
 		NotAfter:  notAfter,
--- a/proxy/pkg/server/server.go
+++ b/proxy/pkg/server/server.go
@ -80,7 +80,7 @@ func (s *Server) ServeHTTPS() {
 }

 func (s *Server) handler(w http.ResponseWriter, r *http.Request) {
-	if r.URL.Path == "/pbprox/ping" {
+	if r.URL.Path == "/akprox/ping" {
 		w.WriteHeader(204)
 		return
 	}