Managed objects (#519)

* managed: add base manager and Ops

* core: use ManagedModel for Token and PropertyMapping

* providers/saml: implement managed objects for SAML Provider

* sources/ldap: migrate to managed

* providers/oauth2: migrate to managed

* providers/proxy: migrate to managed

* *: load .managed in apps

* managed: add reconcile task, run on startup

* providers/oauth2: fix import path for managed

* providers/saml: don't set FriendlyName when mapping is none

* *: use ObjectManager in tests to ensure objects exist

* ci: use vmImage ubuntu-latest

* providers/saml: add new mapping for username and user id

* tests: remove docker proxy

* tests/e2e: use updated attribute names

* docs: update SAML docs

* tests/e2e: fix remaining saml cases

* outposts: make tokens as managed

* *: make PropertyMapping SerializerModel

* web: add page for property-mappings

* web: add codemirror to common_styles because codemirror

* docs: fix member-of in nextcloud

* docs: nextcloud add admin

* web: fix refresh reloading data two times

* web: add loading lock to table to prevent double loads

* web: add ability to use null in QueryArgs (value will be skipped)

* web: add hide option to property mappings

* web: fix linting

authentik/providers/proxy/apps.py

@@ -1,4 +1,6 @@
 """authentik Proxy app"""
+from importlib import import_module
+
 from django.apps import AppConfig
 
 
@@ -8,3 +10,6 @@ class AuthentikProviderProxyConfig(AppConfig):
     name = "authentik.providers.proxy"
     label = "authentik_providers_proxy"
     verbose_name = "authentik Providers.Proxy"
+
+    def ready(self) -> None:
+        import_module("authentik.providers.proxy.managed")

authentik/providers/proxy/managed.py

@@ -0,0 +1,28 @@
+"""OAuth2 Provider managed objects"""
+from authentik.managed.manager import EnsureExists, ObjectManager
+from authentik.providers.oauth2.models import ScopeMapping
+from authentik.providers.proxy.models import SCOPE_AK_PROXY
+
+SCOPE_AK_PROXY_EXPRESSION = """
+# This mapping is used by the authentik proxy. It passes extra user attributes,
+# which are used for example for the HTTP-Basic Authentication mapping.
+return {
+    "ak_proxy": {
+        "user_attributes": user.group_attributes()
+    }
+}"""
+
+
+class ProxyScopeMappingManager(ObjectManager):
+    """OAuth2 Provider managed objects"""
+
+    def reconcile(self):
+        return [
+            EnsureExists(
+                ScopeMapping,
+                "scope_name",
+                name="authentik default OAuth Mapping: proxy outpost",
+                scope_name=SCOPE_AK_PROXY,
+                expression=SCOPE_AK_PROXY_EXPRESSION,
+            ),
+        ]

authentik/providers/proxy/migrations/0010_auto_20201214_0942.py

@@ -1,35 +1,5 @@
 # Generated by Django 3.1.4 on 2020-12-14 09:42
-from django.apps.registry import Apps
 from django.db import migrations
-from django.db.backends.base.schema import BaseDatabaseSchemaEditor
-
-SCOPE_AK_PROXY_EXPRESSION = """return {
-    "ak_proxy": {
-        "user_attributes": user.group_attributes()
-    }
-}"""
-
-
-def create_proxy_scope(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
-    from authentik.providers.proxy.models import SCOPE_AK_PROXY, ProxyProvider
-
-    ScopeMapping = apps.get_model("authentik_providers_oauth2", "ScopeMapping")
-
-    ScopeMapping.objects.filter(scope_name="pb_proxy").delete()
-
-    ScopeMapping.objects.update_or_create(
-        scope_name=SCOPE_AK_PROXY,
-        defaults={
-            "name": "Autogenerated OAuth2 Mapping: authentik Proxy",
-            "scope_name": SCOPE_AK_PROXY,
-            "description": "",
-            "expression": SCOPE_AK_PROXY_EXPRESSION,
-        },
-    )
-
-    for provider in ProxyProvider.objects.all():
-        provider.set_oauth_defaults()
-        provider.save()
 
 
 class Migration(migrations.Migration):
@@ -38,4 +8,4 @@ class Migration(migrations.Migration):
         ("authentik_providers_proxy", "0009_auto_20201007_1721"),
     ]
 
-    operations = [migrations.RunPython(create_proxy_scope)]
+    operations = []