From bd69dbc0e16f5a594e0b33110e063a03f08251ca Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Wed, 12 Feb 2025 23:57:47 +0100 Subject: [PATCH] root: make default postgres schema configurable (#12949) Signed-off-by: Jens Langhammer --- authentik/lib/default.yml | 1 + authentik/root/settings.py | 1 + .../docs/install-config/configuration/configuration.mdx | 8 ++++++++ 3 files changed, 10 insertions(+) diff --git a/authentik/lib/default.yml b/authentik/lib/default.yml index 683c06ac45..e112f8a1d0 100644 --- a/authentik/lib/default.yml +++ b/authentik/lib/default.yml @@ -8,6 +8,7 @@ postgresql: password: "env://POSTGRES_PASSWORD" test: name: test_authentik + default_schema: public read_replicas: {} # For example # 0: diff --git a/authentik/root/settings.py b/authentik/root/settings.py index 8a8438b19b..b2afa554ed 100644 --- a/authentik/root/settings.py +++ b/authentik/root/settings.py @@ -129,6 +129,7 @@ TENANT_DOMAIN_MODEL = "authentik_tenants.Domain" TENANT_CREATION_FAKES_MIGRATIONS = True TENANT_BASE_SCHEMA = "template" +PUBLIC_SCHEMA_NAME = CONFIG.get("postgresql.default_schema") GUARDIAN_MONKEY_PATCH = False diff --git a/website/docs/install-config/configuration/configuration.mdx b/website/docs/install-config/configuration/configuration.mdx index 323867ea8d..f8cef7a69f 100644 --- a/website/docs/install-config/configuration/configuration.mdx +++ b/website/docs/install-config/configuration/configuration.mdx @@ -82,6 +82,14 @@ To check if your config has been applied correctly, you can run the following co The PostgreSQL settings `HOST`, `PORT`, `USER`, and `PASSWORD` support hot-reloading. Adding and removing read replicas doesn't support hot-reloading. +- `AUTHENTIK_POSTGRESQL__DEFAULT_SCHEMA` authentik 2024.12+ + + The name of the schema used by default in the database. Defaults to `public`. + + It is only supported to change this value before the initial start of authentik. + + When setting this value to any non-standard value, the schema must already exist in the database, and the user authentik connects with must have access to it. Additionally the `search_path` of the authentik database must be set to include this schema. + ### Read replicas You can configure additional read replica databases that are used only for read operations. To configure authentik to use replicas, add the settings below to your [configuration file](./configuration.mdx#set-your-environment-variables). If you have multiple replicas, add additional settings for each replica, replacing the default `0` with a unique value for each additional replica.