blueprints: v1 (#1573)

* managed: move flowexporter to managed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: implement SerializerModel in all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: add initial api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: start blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: spec

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* version blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* yep

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove v2, improve v1

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start custom tag, more rebrand

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move blueprints out of website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* try new things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add !lookup, fix web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update and cleanup default

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tags in lists

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save field if its set to default value

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more flow cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* format web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing serializer for sms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ignore _set fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove custom file extension

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate default flow to tenant

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/core/api/propertymappings.py

@@ -14,12 +14,12 @@ from rest_framework.serializers import ModelSerializer, SerializerMethodField
 from rest_framework.viewsets import GenericViewSet
 
 from authentik.api.decorators import permission_required
+from authentik.blueprints.api import ManagedSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import MetaNameSerializer, PassiveSerializer, TypeCreateSerializer
 from authentik.core.expression import PropertyMappingEvaluator
 from authentik.core.models import PropertyMapping
 from authentik.lib.utils.reflection import all_subclasses
-from authentik.managed.api import ManagedSerializer
 from authentik.policies.api.exec import PolicyTestSerializer
 
 

authentik/core/api/tokens.py

@@ -15,13 +15,13 @@ from rest_framework.viewsets import ModelViewSet
 
 from authentik.api.authorization import OwnerSuperuserPermissions
 from authentik.api.decorators import permission_required
+from authentik.blueprints.api import ManagedSerializer
 from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.users import UserSerializer
 from authentik.core.api.utils import PassiveSerializer
 from authentik.core.models import USER_ATTRIBUTE_TOKEN_EXPIRING, Token, TokenIntents
 from authentik.events.models import Event, EventAction
 from authentik.events.utils import model_to_dict
-from authentik.managed.api import ManagedSerializer
 
 
 class TokenSerializer(ManagedSerializer, ModelSerializer):

authentik/core/managed.py

@@ -1,6 +1,6 @@
 """Core managed objects"""
+from authentik.blueprints.manager import EnsureExists, ObjectManager
 from authentik.core.models import Source
-from authentik.managed.manager import EnsureExists, ObjectManager
 
 
 class CoreManager(ObjectManager):

authentik/core/models.py

@@ -20,9 +20,10 @@ from django.utils.timezone import now
 from django.utils.translation import gettext_lazy as _
 from guardian.mixins import GuardianUserMixin
 from model_utils.managers import InheritanceManager
-from rest_framework.serializers import Serializer
+from rest_framework.serializers import BaseSerializer, Serializer
 from structlog.stdlib import get_logger
 
+from authentik.blueprints.models import ManagedModel
 from authentik.core.exceptions import PropertyMappingExpressionException
 from authentik.core.signals import password_changed
 from authentik.core.types import UILoginButton, UserSettingSerializer
@@ -30,7 +31,6 @@ from authentik.lib.config import CONFIG, get_path_from_dict
 from authentik.lib.generators import generate_id
 from authentik.lib.models import CreatedUpdatedModel, DomainlessURLValidator, SerializerModel
 from authentik.lib.utils.http import get_client_ip
-from authentik.managed.models import ManagedModel
 from authentik.policies.models import PolicyBindingModel
 
 LOGGER = get_logger()
@@ -68,7 +68,7 @@ def default_token_key():
     return generate_id(int(CONFIG.y("default_token_length")))
 
 
-class Group(models.Model):
+class Group(SerializerModel):
     """Custom Group model which supports a basic hierarchy"""
 
     group_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
@@ -87,6 +87,12 @@ class Group(models.Model):
     )
     attributes = models.JSONField(default=dict, blank=True)
 
+    @property
+    def serializer(self) -> Serializer:
+        from authentik.core.api.groups import GroupSerializer
+
+        return GroupSerializer
+
     @property
     def num_pk(self) -> int:
         """Get a numerical, int32 ID for the group"""
@@ -139,7 +145,7 @@ class UserManager(DjangoUserManager):
         return self._create_user(username, email, password, **extra_fields)
 
 
-class User(GuardianUserMixin, AbstractUser):
+class User(SerializerModel, GuardianUserMixin, AbstractUser):
     """Custom User model to allow easier adding of user-based settings"""
 
     uuid = models.UUIDField(default=uuid4, editable=False)
@@ -170,6 +176,12 @@ class User(GuardianUserMixin, AbstractUser):
         always_merger.merge(final_attributes, self.attributes)
         return final_attributes
 
+    @property
+    def serializer(self) -> Serializer:
+        from authentik.core.api.users import UserSerializer
+
+        return UserSerializer
+
     @cached_property
     def is_superuser(self) -> bool:
         """Get supseruser status based on membership in a group with superuser status"""
@@ -276,7 +288,7 @@ class Provider(SerializerModel):
         return self.name
 
 
-class Application(PolicyBindingModel):
+class Application(SerializerModel, PolicyBindingModel):
     """Every Application which uses authentik for authentication/identification/authorization
     needs an Application record. Other authentication types can subclass this Model to
     add custom fields and other properties"""
@@ -307,6 +319,12 @@ class Application(PolicyBindingModel):
     meta_description = models.TextField(default="", blank=True)
     meta_publisher = models.TextField(default="", blank=True)
 
+    @property
+    def serializer(self) -> Serializer:
+        from authentik.core.api.applications import ApplicationSerializer
+
+        return ApplicationSerializer
+
     @property
     def get_meta_icon(self) -> Optional[str]:
         """Get the URL to the App Icon image. If the name is /static or starts with http
@@ -454,7 +472,7 @@ class Source(ManagedModel, SerializerModel, PolicyBindingModel):
         return self.name
 
 
-class UserSourceConnection(CreatedUpdatedModel):
+class UserSourceConnection(SerializerModel, CreatedUpdatedModel):
     """Connection between User and Source."""
 
     user = models.ForeignKey(User, on_delete=models.CASCADE)
@@ -462,6 +480,11 @@ class UserSourceConnection(CreatedUpdatedModel):
 
     objects = InheritanceManager()
 
+    @property
+    def serializer(self) -> BaseSerializer:
+        """Get serializer for this model"""
+        raise NotImplementedError
+
     class Meta:
 
         unique_together = (("user", "source"),)
@@ -516,7 +539,7 @@ class TokenIntents(models.TextChoices):
     INTENT_APP_PASSWORD = "app_password"  # nosec
 
 
-class Token(ManagedModel, ExpiringModel):
+class Token(SerializerModel, ManagedModel, ExpiringModel):
     """Token used to authenticate the User for API Access or confirm another Stage like Email."""
 
     token_uuid = models.UUIDField(primary_key=True, editable=False, default=uuid4)
@@ -528,6 +551,12 @@ class Token(ManagedModel, ExpiringModel):
     user = models.ForeignKey("User", on_delete=models.CASCADE, related_name="+")
     description = models.TextField(default="", blank=True)
 
+    @property
+    def serializer(self) -> Serializer:
+        from authentik.core.api.tokens import TokenSerializer
+
+        return TokenSerializer
+
     def expire_action(self, *args, **kwargs):
         """Handler which is called when this object is expired."""
         from authentik.events.models import Event, EventAction