root: partial Live-updating config (#5959)

* stages/email: directly use email credentials from config Signed-off-by: Jens Langhammer <jens@goauthentik.io> * use custom database backend that supports dynamic credentials Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add crude config reloader Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make method names for CONFIG clearer Signed-off-by: Jens Langhammer <jens@goauthentik.io> * replace config.set with environ Not sure if this is the cleanest way, but it persists through a config reload Signed-off-by: Jens Langhammer <jens@goauthentik.io> * re-add set for @patch Signed-off-by: Jens Langhammer <jens@goauthentik.io> * even more crudeness Signed-off-by: Jens Langhammer <jens@goauthentik.io> * clean up some old stuff? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it Signed-off-by: Jens Langhammer <jens@goauthentik.io> * cleanup old things Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix flow e2e Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-19 23:13:22 +02:00
parent fb4e4dc8db
commit 2f469d2709
44 changed files with 260 additions and 184 deletions
--- a/lifecycle/wait_for_db.py
+++ b/lifecycle/wait_for_db.py
@ -14,7 +14,7 @@ from authentik.lib.config import CONFIG
 CONFIG.log("info", "Starting authentik bootstrap")

 # Sanity check, ensure SECRET_KEY is set before we even check for database connectivity
-if CONFIG.y("secret_key") is None or len(CONFIG.y("secret_key")) == 0:
+if CONFIG.get("secret_key") is None or len(CONFIG.get("secret_key")) == 0:
    CONFIG.log("info", "----------------------------------------------------------------------")
    CONFIG.log("info", "Secret key missing, check https://goauthentik.io/docs/installation/.")
    CONFIG.log("info", "----------------------------------------------------------------------")
@ -24,15 +24,15 @@ if CONFIG.y("secret_key") is None or len(CONFIG.y("secret_key")) == 0:
 while True:
    try:
        conn = connect(
-            dbname=CONFIG.y("postgresql.name"),
-            user=CONFIG.y("postgresql.user"),
-            password=CONFIG.y("postgresql.password"),
-            host=CONFIG.y("postgresql.host"),
-            port=int(CONFIG.y("postgresql.port")),
-            sslmode=CONFIG.y("postgresql.sslmode"),
-            sslrootcert=CONFIG.y("postgresql.sslrootcert"),
-            sslcert=CONFIG.y("postgresql.sslcert"),
-            sslkey=CONFIG.y("postgresql.sslkey"),
+            dbname=CONFIG.get("postgresql.name"),
+            user=CONFIG.get("postgresql.user"),
+            password=CONFIG.get("postgresql.password"),
+            host=CONFIG.get("postgresql.host"),
+            port=int(CONFIG.get("postgresql.port")),
+            sslmode=CONFIG.get("postgresql.sslmode"),
+            sslrootcert=CONFIG.get("postgresql.sslrootcert"),
+            sslcert=CONFIG.get("postgresql.sslcert"),
+            sslkey=CONFIG.get("postgresql.sslkey"),
        )
        conn.cursor()
        break
@ -42,12 +42,12 @@ while True:
 CONFIG.log("info", "PostgreSQL connection successful")

 REDIS_PROTOCOL_PREFIX = "redis://"
-if CONFIG.y_bool("redis.tls", False):
+if CONFIG.get_bool("redis.tls", False):
    REDIS_PROTOCOL_PREFIX = "rediss://"
 REDIS_URL = (
    f"{REDIS_PROTOCOL_PREFIX}:"
-    f"{quote_plus(CONFIG.y('redis.password'))}@{quote_plus(CONFIG.y('redis.host'))}:"
-    f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.db')}"
+    f"{quote_plus(CONFIG.get('redis.password'))}@{quote_plus(CONFIG.get('redis.host'))}:"
+    f"{int(CONFIG.get('redis.port'))}/{CONFIG.get('redis.db')}"
 )
 while True:
    try: