habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

events: migrate SystemTasks to DB (#8159)

Browse Source 
* events: migrate system tasks to save in DB

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* prefill in app startup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update web

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use string for status

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix enum

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* save start and end directly in timestamp from default_timer()

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve metrics

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* rename globally to system task

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* recreate migrations, better denote anonymous user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* events: lookup actual django app instead of using module path, fallback to module path

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix logger call

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2024-01-24 17:23:03 +01:00
committed by GitHub
parent c0562bf860
commit 96b2a1a9ba
65 changed files with 11564 additions and 12080 deletions
Download Patch File Download Diff File Expand all files Collapse all files

800
blueprints/schema.json
View File

@ -707,43 +707,6 @@
}
}
},
{
"type": "object",
"required": [
"model",
"identifiers"
],
"properties": {
"model": {
"const": "authentik_policies_reputation.reputation"
},
"id": {
"type": "string"
},
"state": {
"type": "string",
"enum": [
"absent",
"present",
"created",
"must_created"
],
"default": "present"
},
"conditions": {
"type": "array",
"items": {
"type": "boolean"
}
},
"attrs": {
"$ref": "#/$defs/model_authentik_policies_reputation.reputation"
},
"identifiers": {
"$ref": "#/$defs/model_authentik_policies_reputation.reputation"
}
}
},
{
"type": "object",
"required": [
@ -892,117 +855,6 @@
}
}
},
{
"type": "object",
"required": [
"model",
"identifiers"
],
"properties": {
"model": {
"const": "authentik_providers_oauth2.authorizationcode"
},
"id": {
"type": "string"
},
"state": {
"type": "string",
"enum": [
"absent",
"present",
"created",
"must_created"
],
"default": "present"
},
"conditions": {
"type": "array",
"items": {
"type": "boolean"
}
},
"attrs": {
"$ref": "#/$defs/model_authentik_providers_oauth2.authorizationcode"
},
"identifiers": {
"$ref": "#/$defs/model_authentik_providers_oauth2.authorizationcode"
}
}
},
{
"type": "object",
"required": [
"model",
"identifiers"
],
"properties": {
"model": {
"const": "authentik_providers_oauth2.accesstoken"
},
"id": {
"type": "string"
},
"state": {
"type": "string",
"enum": [
"absent",
"present",
"created",
"must_created"
],
"default": "present"
},
"conditions": {
"type": "array",
"items": {
"type": "boolean"
}
},
"attrs": {
"$ref": "#/$defs/model_authentik_providers_oauth2.accesstoken"
},
"identifiers": {
"$ref": "#/$defs/model_authentik_providers_oauth2.accesstoken"
}
}
},
{
"type": "object",
"required": [
"model",
"identifiers"
],
"properties": {
"model": {
"const": "authentik_providers_oauth2.refreshtoken"
},
"id": {
"type": "string"
},
"state": {
"type": "string",
"enum": [
"absent",
"present",
"created",
"must_created"
],
"default": "present"
},
"conditions": {
"type": "array",
"items": {
"type": "boolean"
}
},
"attrs": {
"$ref": "#/$defs/model_authentik_providers_oauth2.refreshtoken"
},
"identifiers": {
"$ref": "#/$defs/model_authentik_providers_oauth2.refreshtoken"
}
}
},
{
"type": "object",
"required": [
@ -3678,14 +3530,10 @@
"authentik_policies_expression.expressionpolicy",
"authentik_policies_password.passwordpolicy",
"authentik_policies_reputation.reputationpolicy",
"authentik_policies_reputation.reputation",
"authentik_policies.policybinding",
"authentik_providers_ldap.ldapprovider",
"authentik_providers_oauth2.scopemapping",
"authentik_providers_oauth2.oauth2provider",
"authentik_providers_oauth2.authorizationcode",
"authentik_providers_oauth2.accesstoken",
"authentik_providers_oauth2.refreshtoken",
"authentik_providers_proxy.proxyprovider",
"authentik_providers_radius.radiusprovider",
"authentik_providers_saml.samlprovider",
@ -3909,43 +3757,6 @@
},
"required": []
},
"model_authentik_policies_reputation.reputation": {
"type": "object",
"properties": {
"pk": {
"type": "string",
"format": "uuid",
"title": "Reputation uuid"
},
"identifier": {
"type": "string",
"minLength": 1,
"title": "Identifier"
},
"ip": {
"type": "string",
"minLength": 1,
"title": "Ip"
},
"ip_geo_data": {
"type": "object",
"additionalProperties": true,
"title": "Ip geo data"
},
"ip_asn_data": {
"type": "object",
"additionalProperties": true,
"title": "Ip asn data"
},
"score": {
"type": "integer",
"minimum": -9223372036854775808,
"maximum": 9223372036854775807,
"title": "Score"
}
},
"required": []
},
"model_authentik_policies.policybinding": {
"type": "object",
"properties": {
@ -4224,617 +4035,6 @@
},
"required": []
},
"model_authentik_providers_oauth2.authorizationcode": {
"type": "object",
"properties": {
"provider": {
"type": "object",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"title": "Name"
},
"authentication_flow": {
"type": "integer",
"title": "Authentication flow",
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
},
"authorization_flow": {
"type": "integer",
"title": "Authorization flow",
"description": "Flow used when authorizing this provider."
},
"property_mappings": {
"type": "array",
"items": {
"type": "integer"
},
"title": "Property mappings"
},
"client_type": {
"type": "string",
"enum": [
"confidential",
"public"
],
"title": "Client Type",
"description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable"
},
"client_id": {
"type": "string",
"maxLength": 255,
"minLength": 1,
"title": "Client ID"
},
"client_secret": {
"type": "string",
"maxLength": 255,
"title": "Client Secret"
},
"access_code_validity": {
"type": "string",
"minLength": 1,
"title": "Access code validity",
"description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"access_token_validity": {
"type": "string",
"minLength": 1,
"title": "Access token validity",
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"refresh_token_validity": {
"type": "string",
"minLength": 1,
"title": "Refresh token validity",
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"include_claims_in_id_token": {
"type": "boolean",
"title": "Include claims in id_token",
"description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
},
"signing_key": {
"type": "integer",
"title": "Signing Key",
"description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
},
"redirect_uris": {
"type": "string",
"title": "Redirect URIs",
"description": "Enter each URI on a new line."
},
"sub_mode": {
"type": "string",
"enum": [
"hashed_user_id",
"user_id",
"user_uuid",
"user_username",
"user_email",
"user_upn"
],
"title": "Sub mode",
"description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
},
"issuer_mode": {
"type": "string",
"enum": [
"global",
"per_provider"
],
"title": "Issuer mode",
"description": "Configure how the issuer field of the ID Token should be filled."
},
"jwks_sources": {
"type": "array",
"items": {
"type": "integer",
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
},
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
}
},
"required": [
"name",
"authorization_flow"
],
"title": "Provider"
},
"user": {
"type": "object",
"properties": {
"username": {
"type": "string",
"maxLength": 150,
"minLength": 1,
"title": "Username"
},
"name": {
"type": "string",
"title": "Name",
"description": "User's display name."
},
"is_active": {
"type": "boolean",
"title": "Active",
"description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts."
},
"last_login": {
"type": [
"string",
"null"
],
"format": "date-time",
"title": "Last login"
},
"groups": {
"type": "array",
"items": {
"type": "integer"
},
"title": "Groups"
},
"email": {
"type": "string",
"format": "email",
"maxLength": 254,
"title": "Email address"
},
"attributes": {
"type": "object",
"additionalProperties": true,
"title": "Attributes"
},
"path": {
"type": "string",
"minLength": 1,
"title": "Path"
},
"type": {
"type": "string",
"enum": [
"internal",
"external",
"service_account",
"internal_service_account"
],
"title": "Type"
}
},
"required": [
"username",
"name"
],
"title": "User"
},
"expires": {
"type": "string",
"format": "date-time",
"title": "Expires"
},
"scope": {
"type": "array",
"items": {
"type": "string",
"minLength": 1
},
"title": "Scope"
}
},
"required": []
},
"model_authentik_providers_oauth2.accesstoken": {
"type": "object",
"properties": {
"provider": {
"type": "object",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"title": "Name"
},
"authentication_flow": {
"type": "integer",
"title": "Authentication flow",
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
},
"authorization_flow": {
"type": "integer",
"title": "Authorization flow",
"description": "Flow used when authorizing this provider."
},
"property_mappings": {
"type": "array",
"items": {
"type": "integer"
},
"title": "Property mappings"
},
"client_type": {
"type": "string",
"enum": [
"confidential",
"public"
],
"title": "Client Type",
"description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable"
},
"client_id": {
"type": "string",
"maxLength": 255,
"minLength": 1,
"title": "Client ID"
},
"client_secret": {
"type": "string",
"maxLength": 255,
"title": "Client Secret"
},
"access_code_validity": {
"type": "string",
"minLength": 1,
"title": "Access code validity",
"description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"access_token_validity": {
"type": "string",
"minLength": 1,
"title": "Access token validity",
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"refresh_token_validity": {
"type": "string",
"minLength": 1,
"title": "Refresh token validity",
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"include_claims_in_id_token": {
"type": "boolean",
"title": "Include claims in id_token",
"description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
},
"signing_key": {
"type": "integer",
"title": "Signing Key",
"description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
},
"redirect_uris": {
"type": "string",
"title": "Redirect URIs",
"description": "Enter each URI on a new line."
},
"sub_mode": {
"type": "string",
"enum": [
"hashed_user_id",
"user_id",
"user_uuid",
"user_username",
"user_email",
"user_upn"
],
"title": "Sub mode",
"description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
},
"issuer_mode": {
"type": "string",
"enum": [
"global",
"per_provider"
],
"title": "Issuer mode",
"description": "Configure how the issuer field of the ID Token should be filled."
},
"jwks_sources": {
"type": "array",
"items": {
"type": "integer",
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
},
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
}
},
"required": [
"name",
"authorization_flow"
],
"title": "Provider"
},
"user": {
"type": "object",
"properties": {
"username": {
"type": "string",
"maxLength": 150,
"minLength": 1,
"title": "Username"
},
"name": {
"type": "string",
"title": "Name",
"description": "User's display name."
},
"is_active": {
"type": "boolean",
"title": "Active",
"description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts."
},
"last_login": {
"type": [
"string",
"null"
],
"format": "date-time",
"title": "Last login"
},
"groups": {
"type": "array",
"items": {
"type": "integer"
},
"title": "Groups"
},
"email": {
"type": "string",
"format": "email",
"maxLength": 254,
"title": "Email address"
},
"attributes": {
"type": "object",
"additionalProperties": true,
"title": "Attributes"
},
"path": {
"type": "string",
"minLength": 1,
"title": "Path"
},
"type": {
"type": "string",
"enum": [
"internal",
"external",
"service_account",
"internal_service_account"
],
"title": "Type"
}
},
"required": [
"username",
"name"
],
"title": "User"
},
"expires": {
"type": "string",
"format": "date-time",
"title": "Expires"
},
"scope": {
"type": "array",
"items": {
"type": "string",
"minLength": 1
},
"title": "Scope"
},
"revoked": {
"type": "boolean",
"title": "Revoked"
}
},
"required": []
},
"model_authentik_providers_oauth2.refreshtoken": {
"type": "object",
"properties": {
"provider": {
"type": "object",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"title": "Name"
},
"authentication_flow": {
"type": "integer",
"title": "Authentication flow",
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
},
"authorization_flow": {
"type": "integer",
"title": "Authorization flow",
"description": "Flow used when authorizing this provider."
},
"property_mappings": {
"type": "array",
"items": {
"type": "integer"
},
"title": "Property mappings"
},
"client_type": {
"type": "string",
"enum": [
"confidential",
"public"
],
"title": "Client Type",
"description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable"
},
"client_id": {
"type": "string",
"maxLength": 255,
"minLength": 1,
"title": "Client ID"
},
"client_secret": {
"type": "string",
"maxLength": 255,
"title": "Client Secret"
},
"access_code_validity": {
"type": "string",
"minLength": 1,
"title": "Access code validity",
"description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"access_token_validity": {
"type": "string",
"minLength": 1,
"title": "Access token validity",
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"refresh_token_validity": {
"type": "string",
"minLength": 1,
"title": "Refresh token validity",
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
},
"include_claims_in_id_token": {
"type": "boolean",
"title": "Include claims in id_token",
"description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
},
"signing_key": {
"type": "integer",
"title": "Signing Key",
"description": "Key used to sign the tokens. Only required when JWT Algorithm is set to RS256."
},
"redirect_uris": {
"type": "string",
"title": "Redirect URIs",
"description": "Enter each URI on a new line."
},
"sub_mode": {
"type": "string",
"enum": [
"hashed_user_id",
"user_id",
"user_uuid",
"user_username",
"user_email",
"user_upn"
],
"title": "Sub mode",
"description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
},
"issuer_mode": {
"type": "string",
"enum": [
"global",
"per_provider"
],
"title": "Issuer mode",
"description": "Configure how the issuer field of the ID Token should be filled."
},
"jwks_sources": {
"type": "array",
"items": {
"type": "integer",
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
},
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
}
},
"required": [
"name",
"authorization_flow"
],
"title": "Provider"
},
"user": {
"type": "object",
"properties": {
"username": {
"type": "string",
"maxLength": 150,
"minLength": 1,
"title": "Username"
},
"name": {
"type": "string",
"title": "Name",
"description": "User's display name."
},
"is_active": {
"type": "boolean",
"title": "Active",
"description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts."
},
"last_login": {
"type": [
"string",
"null"
],
"format": "date-time",
"title": "Last login"
},
"groups": {
"type": "array",
"items": {
"type": "integer"
},
"title": "Groups"
},
"email": {
"type": "string",
"format": "email",
"maxLength": 254,
"title": "Email address"
},
"attributes": {
"type": "object",
"additionalProperties": true,
"title": "Attributes"
},
"path": {
"type": "string",
"minLength": 1,
"title": "Path"
},
"type": {
"type": "string",
"enum": [
"internal",
"external",
"service_account",
"internal_service_account"
],
"title": "Type"
}
},
"required": [
"username",
"name"
],
"title": "User"
},
"expires": {
"type": "string",
"format": "date-time",
"title": "Expires"
},
"scope": {
"type": "array",
"items": {
"type": "string",
"minLength": 1
},
"title": "Scope"
},
"revoked": {
"type": "boolean",
"title": "Revoked"
}
},
"required": []
},
"model_authentik_providers_proxy.proxyprovider": {
"type": "object",
"properties": {