blueprints: migrate from managed (#3338)

* test all bundled blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix empty title Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix default blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add script to generate dev config Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate managed to blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add more to blueprint instance Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrated away from ObjectManager Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix lint errors Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate things Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix some tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix a bit more Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * whops Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix missing name Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * *sigh* Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix more tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add tasks Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * scheduled Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * run discovery on start Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * oops this test should stay Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-01 23:05:58 +02:00
parent 7a05c6faef
commit a023eee9bf
88 changed files with 1094 additions and 871 deletions
--- a/authentik/outposts/api/outposts.py
+++ b/authentik/outposts/api/outposts.py
@ -18,7 +18,7 @@ from authentik.core.api.used_by import UsedByMixin
 from authentik.core.api.utils import PassiveSerializer, is_dict
 from authentik.core.models import Provider
 from authentik.outposts.api.service_connections import ServiceConnectionSerializer
-from authentik.outposts.managed import MANAGED_OUTPOST
+from authentik.outposts.apps import MANAGED_OUTPOST
 from authentik.outposts.models import Outpost, OutpostConfig, OutpostType, default_outpost_config
 from authentik.providers.ldap.models import LDAPProvider
 from authentik.providers.proxy.models import ProxyProvider
--- a/authentik/outposts/apps.py
+++ b/authentik/outposts/apps.py
@ -1,10 +1,9 @@
 """authentik outposts app config"""
-from importlib import import_module
-
-from django.apps import AppConfig
 from prometheus_client import Gauge
 from structlog.stdlib import get_logger

+from authentik.blueprints.manager import ManagedAppConfig
+
 LOGGER = get_logger()

 GAUGE_OUTPOSTS_CONNECTED = Gauge(
@ -15,15 +14,47 @@ GAUGE_OUTPOSTS_LAST_UPDATE = Gauge(
    "Last update from any outpost",
    ["outpost", "uid", "version"],
 )
+MANAGED_OUTPOST = "goauthentik.io/outposts/embedded"


-class AuthentikOutpostConfig(AppConfig):
+class AuthentikOutpostConfig(ManagedAppConfig):
    """authentik outposts app config"""

    name = "authentik.outposts"
    label = "authentik_outposts"
    verbose_name = "authentik Outpost"
+    default = True

-    def ready(self):
-        import_module("authentik.outposts.signals")
-        import_module("authentik.outposts.managed")
+    def reconcile_load_outposts_signals(self):
+        """Load outposts signals"""
+        self.import_module("authentik.outposts.signals")
+
+    def reconcile_embedded_outpost(self):
+        """Ensure embedded outpost"""
+        from authentik.outposts.models import (
+            DockerServiceConnection,
+            KubernetesServiceConnection,
+            Outpost,
+            OutpostConfig,
+            OutpostType,
+        )
+
+        outpost, updated = Outpost.objects.update_or_create(
+            defaults={
+                "name": "authentik Embedded Outpost",
+                "type": OutpostType.PROXY,
+            },
+            managed=MANAGED_OUTPOST,
+        )
+        if updated:
+            if KubernetesServiceConnection.objects.exists():
+                outpost.service_connection = KubernetesServiceConnection.objects.first()
+            elif DockerServiceConnection.objects.exists():
+                outpost.service_connection = DockerServiceConnection.objects.first()
+            outpost.config = OutpostConfig(
+                kubernetes_disabled_components=[
+                    "deployment",
+                    "secret",
+                ]
+            )
+            outpost.save()
--- a/authentik/outposts/controllers/docker.py
+++ b/authentik/outposts/controllers/docker.py
@ -14,10 +14,10 @@ from structlog.stdlib import get_logger
 from yaml import safe_dump

 from authentik import __version__
+from authentik.outposts.apps import MANAGED_OUTPOST
 from authentik.outposts.controllers.base import BaseClient, BaseController, ControllerException
 from authentik.outposts.docker_ssh import DockerInlineSSH, SSHManagedExternallyException
 from authentik.outposts.docker_tls import DockerInlineTLS
-from authentik.outposts.managed import MANAGED_OUTPOST
 from authentik.outposts.models import (
    DockerServiceConnection,
    Outpost,
--- a/authentik/outposts/controllers/k8s/base.py
+++ b/authentik/outposts/controllers/k8s/base.py
@ -10,8 +10,8 @@ from structlog.stdlib import get_logger
 from urllib3.exceptions import HTTPError

 from authentik import __version__
+from authentik.outposts.apps import MANAGED_OUTPOST
 from authentik.outposts.controllers.k8s.triggers import NeedsRecreate, NeedsUpdate
-from authentik.outposts.managed import MANAGED_OUTPOST

 if TYPE_CHECKING:
    from authentik.outposts.controllers.kubernetes import KubernetesController
--- a/authentik/outposts/docker_ssh.py
+++ b/authentik/outposts/docker_ssh.py
@ -78,7 +78,7 @@ class DockerInlineSSH:
        """Cleanup when we're done"""
        try:
            os.unlink(self.key_path)
-            with open(self.config_path, "r+", encoding="utf-8") as ssh_config:
+            with open(self.config_path, "r", encoding="utf-8") as ssh_config:
                start = 0
                end = 0
                lines = ssh_config.readlines()
--- a/authentik/outposts/managed.py
+++ b/authentik/outposts/managed.py
@ -1,41 +0,0 @@
-"""Outpost managed objects"""
-from authentik.blueprints.manager import EnsureExists, ObjectManager
-from authentik.outposts.models import (
-    DockerServiceConnection,
-    KubernetesServiceConnection,
-    Outpost,
-    OutpostConfig,
-    OutpostType,
-)
-
-MANAGED_OUTPOST = "goauthentik.io/outposts/embedded"
-
-
-class OutpostManager(ObjectManager):
-    """Outpost managed objects"""
-
-    def reconcile(self):
-        def outpost_created(outpost: Outpost):
-            """When outpost is initially created, and we already have a service connection,
-            auto-assign it."""
-            if KubernetesServiceConnection.objects.exists():
-                outpost.service_connection = KubernetesServiceConnection.objects.first()
-            elif DockerServiceConnection.objects.exists():
-                outpost.service_connection = DockerServiceConnection.objects.first()
-            outpost.config = OutpostConfig(
-                kubernetes_disabled_components=[
-                    "deployment",
-                    "secret",
-                ]
-            )
-            outpost.save()
-
-        return [
-            EnsureExists(
-                Outpost,
-                MANAGED_OUTPOST,
-                created_callback=outpost_created,
-                name="authentik Embedded Outpost",
-                type=OutpostType.PROXY,
-            ),
-        ]
--- a/authentik/outposts/tasks.py
+++ b/authentik/outposts/tasks.py
@ -233,7 +233,7 @@ def _outpost_single_update(outpost: Outpost, layer=None):
 def outpost_local_connection():
    """Checks the local environment and create Service connections."""
    if not CONFIG.y_bool("outposts.discover"):
-        LOGGER.debug("outpost integration discovery is disabled")
+        LOGGER.debug("Outpost integration discovery is disabled")
        return
    # Explicitly check against token filename, as that's
    # only present when the integration is enabled
--- a/authentik/outposts/tests/test_controller_docker.py
+++ b/authentik/outposts/tests/test_controller_docker.py
@ -1,11 +1,11 @@
 """Docker controller tests"""
+from django.apps import apps
 from django.test import TestCase
 from docker.models.containers import Container

-from authentik.blueprints.manager import ObjectManager
+from authentik.outposts.apps import MANAGED_OUTPOST
 from authentik.outposts.controllers.base import ControllerException
 from authentik.outposts.controllers.docker import DockerController
-from authentik.outposts.managed import MANAGED_OUTPOST
 from authentik.outposts.models import DockerServiceConnection, Outpost, OutpostType
 from authentik.providers.proxy.controllers.docker import ProxyDockerController

@ -19,7 +19,7 @@ class DockerControllerTests(TestCase):
            type=OutpostType.PROXY,
        )
        self.integration = DockerServiceConnection(name="test")
-        ObjectManager().run()
+        apps.get_app_config("authentik_outposts").reconcile()

    def test_init_managed(self):
        """Docker controller shouldn't do anything for managed outpost"""