Merge branch 'master' into inbuilt-proxy

2021-06-29 16:20:24 +02:00
parent 1554dc9feb b2a832175e
commit 8429dd19b2
82 changed files with 1224 additions and 464 deletions
--- a/authentik/outposts/controllers/docker.py
+++ b/authentik/outposts/controllers/docker.py
@ -53,6 +53,27 @@ class DockerController(BaseController):
                return True
        return False

+    def _comp_ports(self, container: Container) -> bool:
+        """Check that the container has the correct ports exposed. Return true if container needs
+        to be rebuilt."""
+        # with TEST enabled, we use host-network
+        if settings.TEST:
+            return False
+        # When the container isn't running, the API doesn't report any port mappings
+        if container.status != "running":
+            return False
+        # {'6379/tcp': [{'HostIp': '127.0.0.1', 'HostPort': '6379'}]}
+        for port in self.deployment_ports:
+            key = f"{port.inner_port or port.port}/{port.protocol.lower()}"
+            if key not in container.ports:
+                return True
+            host_matching = False
+            for host_port in container.ports[key]:
+                host_matching = host_port.get("HostPort") == port.port
+            if not host_matching:
+                return True
+        return False
+
    def _get_container(self) -> tuple[Container, bool]:
        container_name = f"authentik-proxy-{self.outpost.uuid.hex}"
        try:
@ -98,6 +119,11 @@ class DockerController(BaseController):
                    )
                    self.down()
                    return self.up()
+            # Check container's ports
+            if self._comp_ports(container):
+                self.logger.info("Container has mis-matched ports, re-creating...")
+                self.down()
+                return self.up()
            # Check that container values match our values
            if self._comp_env(container):
                self.logger.info("Container has outdated config, re-creating...")
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@ -406,7 +406,10 @@ class Outpost(ManagedModel):

    def get_required_objects(self) -> Iterable[Union[models.Model, str]]:
        """Get an iterator of all objects the user needs read access to"""
-        objects: list[Union[models.Model, str]] = [self]
+        objects: list[Union[models.Model, str]] = [
+            self,
+            "authentik_events.add_event",
+        ]
        for provider in (
            Provider.objects.filter(outpost=self).select_related().select_subclasses()
        ):