habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

root: temporarily deactivate database pool option (#14443)

Browse Source 
* root: temporarily deactivate database pool option

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* deactivate tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L.
2025-05-12 14:48:01 +02:00
committed by GitHub
parent 86a7f98ff6
commit ae2af6e58e
4 changed files with 92 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
authentik/lib/config.py
View File

@ -363,6 +363,9 @@ def django_db_config(config: ConfigLoader | None = None) -> dict:
pool_options = config.get_dict_from_b64_json("postgresql.pool_options", True) pool_options = config.get_dict_from_b64_json("postgresql.pool_options", True)
if not pool_options: if not pool_options:
pool_options = True pool_options = True
# FIXME: Temporarily force pool to be deactivated.
# See https://github.com/goauthentik/authentik/issues/14320
pool_options = False
db = { db = {
"default": { "default": {

166
authentik/lib/tests/test_config.py
View File

@ -494,86 +494,88 @@ class TestConfig(TestCase):
}, },
) )
def test_db_pool(self): # FIXME: Temporarily force pool to be deactivated.
"""Test DB Config with pool""" # See https://github.com/goauthentik/authentik/issues/14320
config = ConfigLoader() # def test_db_pool(self):
config.set("postgresql.host", "foo") # """Test DB Config with pool"""
config.set("postgresql.name", "foo") # config = ConfigLoader()
config.set("postgresql.user", "foo") # config.set("postgresql.host", "foo")
config.set("postgresql.password", "foo") # config.set("postgresql.name", "foo")
config.set("postgresql.port", "foo") # config.set("postgresql.user", "foo")
config.set("postgresql.test.name", "foo") # config.set("postgresql.password", "foo")
config.set("postgresql.use_pool", True) # config.set("postgresql.port", "foo")
conf = django_db_config(config) # config.set("postgresql.test.name", "foo")
self.assertEqual( # config.set("postgresql.use_pool", True)
conf, # conf = django_db_config(config)
{ # self.assertEqual(
"default": { # conf,
"ENGINE": "authentik.root.db", # {
"HOST": "foo", # "default": {
"NAME": "foo", # "ENGINE": "authentik.root.db",
"OPTIONS": { # "HOST": "foo",
"pool": True, # "NAME": "foo",
"sslcert": None, # "OPTIONS": {
"sslkey": None, # "pool": True,
"sslmode": None, # "sslcert": None,
"sslrootcert": None, # "sslkey": None,
}, # "sslmode": None,
"PASSWORD": "foo", # "sslrootcert": None,
"PORT": "foo", # },
"TEST": {"NAME": "foo"}, # "PASSWORD": "foo",
"USER": "foo", # "PORT": "foo",
"CONN_MAX_AGE": 0, # "TEST": {"NAME": "foo"},
"CONN_HEALTH_CHECKS": False, # "USER": "foo",
"DISABLE_SERVER_SIDE_CURSORS": False, # "CONN_MAX_AGE": 0,
} # "CONN_HEALTH_CHECKS": False,
}, # "DISABLE_SERVER_SIDE_CURSORS": False,
) # }
# },
# )
def test_db_pool_options(self): # def test_db_pool_options(self):
"""Test DB Config with pool""" # """Test DB Config with pool"""
config = ConfigLoader() # config = ConfigLoader()
config.set("postgresql.host", "foo") # config.set("postgresql.host", "foo")
config.set("postgresql.name", "foo") # config.set("postgresql.name", "foo")
config.set("postgresql.user", "foo") # config.set("postgresql.user", "foo")
config.set("postgresql.password", "foo") # config.set("postgresql.password", "foo")
config.set("postgresql.port", "foo") # config.set("postgresql.port", "foo")
config.set("postgresql.test.name", "foo") # config.set("postgresql.test.name", "foo")
config.set("postgresql.use_pool", True) # config.set("postgresql.use_pool", True)
config.set( # config.set(
"postgresql.pool_options", # "postgresql.pool_options",
base64.b64encode( # base64.b64encode(
dumps( # dumps(
{ # {
"max_size": 15, # "max_size": 15,
} # }
).encode() # ).encode()
).decode(), # ).decode(),
) # )
conf = django_db_config(config) # conf = django_db_config(config)
self.assertEqual( # self.assertEqual(
conf, # conf,
{ # {
"default": { # "default": {
"ENGINE": "authentik.root.db", # "ENGINE": "authentik.root.db",
"HOST": "foo", # "HOST": "foo",
"NAME": "foo", # "NAME": "foo",
"OPTIONS": { # "OPTIONS": {
"pool": { # "pool": {
"max_size": 15, # "max_size": 15,
}, # },
"sslcert": None, # "sslcert": None,
"sslkey": None, # "sslkey": None,
"sslmode": None, # "sslmode": None,
"sslrootcert": None, # "sslrootcert": None,
}, # },
"PASSWORD": "foo", # "PASSWORD": "foo",
"PORT": "foo", # "PORT": "foo",
"TEST": {"NAME": "foo"}, # "TEST": {"NAME": "foo"},
"USER": "foo", # "USER": "foo",
"CONN_MAX_AGE": 0, # "CONN_MAX_AGE": 0,
"CONN_HEALTH_CHECKS": False, # "CONN_HEALTH_CHECKS": False,
"DISABLE_SERVER_SIDE_CURSORS": False, # "DISABLE_SERVER_SIDE_CURSORS": False,
} # }
}, # },
) # )

3
website/docs/install-config/configuration/configuration.mdx
View File

@ -70,7 +70,8 @@ To check if your config has been applied correctly, you can run the following co
- `AUTHENTIK_POSTGRESQL__USER`: Database user - `AUTHENTIK_POSTGRESQL__USER`: Database user
- `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432 - `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432
- `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD` - `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD`
- `AUTHENTIK_POSTGRESQL__USE_POOL`: Use a [connection pool](https://docs.djangoproject.com/en/stable/ref/databases/#connection-pool) for PostgreSQL connections. Defaults to `false`. :ak-version[2025.4] {/* TODO: Temporarily deactivated feature, see https://github.com/goauthentik/authentik/issues/14320 */}
{/* - `AUTHENTIK_POSTGRESQL__USE_POOL`: Use a [connection pool](https://docs.djangoproject.com/en/stable/ref/databases/#connection-pool) for PostgreSQL connections. Defaults to `false`. :ak-version[2025.4] */}
- `AUTHENTIK_POSTGRESQL__POOL_OPTIONS`: Extra configuration to pass to the [ConnectionPool object](https://www.psycopg.org/psycopg3/docs/api/pool.html#psycopg_pool.ConnectionPool) when it is created. Must be a base64-encoded JSON dictionary. Ignored when `USE_POOL` is set to `false`. :ak-version[2025.4] - `AUTHENTIK_POSTGRESQL__POOL_OPTIONS`: Extra configuration to pass to the [ConnectionPool object](https://www.psycopg.org/psycopg3/docs/api/pool.html#psycopg_pool.ConnectionPool) when it is created. Must be a base64-encoded JSON dictionary. Ignored when `USE_POOL` is set to `false`. :ak-version[2025.4]
- `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer. Deprecated, see below - `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer. Deprecated, see below
- `AUTHENTIK_POSTGRESQL__USE_PGPOOL`: Adjust configuration to support connection to Pgpool. Deprecated, see below - `AUTHENTIK_POSTGRESQL__USE_PGPOOL`: Adjust configuration to support connection to Pgpool. Deprecated, see below

5
website/docs/releases/2025/v2025.4.md
View File

@ -7,7 +7,8 @@ slug: "/releases/2025.4"
- **Improve membership resolution for the LDAP Source** Allow lookups of LDAP group memberships from user attributes as an alternative to lookups from group attributes. This also allows for nested group lookups in Active Directory. - **Improve membership resolution for the LDAP Source** Allow lookups of LDAP group memberships from user attributes as an alternative to lookups from group attributes. This also allows for nested group lookups in Active Directory.
- **Support for PostgreSQL Connection Pools** PostgreSQL Connection Pools provides a set of open connections in order to reduce latency. <!-- TODO: Temporarily deactivated feature, see https://github.com/goauthentik/authentik/issues/14320 -->
<!-- - **Support for PostgreSQL Connection Pools** PostgreSQL Connection Pools provides a set of open connections in order to reduce latency. -->
- **RBAC: Initial Permissions** :ak-preview Provides more flexible access control by assigning permissions to the user/role creating a new object in authentik. Use **Initial Permissions** as a pragmatic way to implement the principle of least privilege. - **RBAC: Initial Permissions** :ak-preview Provides more flexible access control by assigning permissions to the user/role creating a new object in authentik. Use **Initial Permissions** as a pragmatic way to implement the principle of least privilege.
@ -64,7 +65,7 @@ Previously, sessions were stored by default in the cache. Now, they are stored i
Reputation scores now have a configurable numerical limit in addition to the [already existing temporal limit](https://docs.goauthentik.io/docs/install-config/configuration/#authentik_reputation_expiry). Reputation scores now have a configurable numerical limit in addition to the [already existing temporal limit](https://docs.goauthentik.io/docs/install-config/configuration/#authentik_reputation_expiry).
- **Support for PostgreSQL Connection Pools**: See [description](#highlights) under Highlights. Refer to our [documentation](../../install-config/configuration/configuration.mdx). <!-- - **Support for PostgreSQL Connection Pools**: See [description](#highlights) under Highlights. Refer to our [documentation](../../install-config/configuration/configuration.mdx). -->
- **Password History Policy**: See [description](#highlights) under Highlights. Refer to our [documentation](../../customize/policies/unique_password.md). - **Password History Policy**: See [description](#highlights) under Highlights. Refer to our [documentation](../../customize/policies/unique_password.md).