habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

blueprints/cleanup (#3369)

Browse Source
This commit is contained in:
Jens L
2022-08-05 08:39:00 +02:00
committed by GitHub
parent 2a5a975d9a
commit ec42d378ab
38 changed files with 679 additions and 1121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
blueprints/default/40-events-default.yaml Normal file
View File

@ -0,0 +1,117 @@
version: 1
metadata:
name: Default - Events Transport & Rules
entries:
- model: authentik_events.notificationtransport
id: default-email-transport
attrs:
mode: email
identifiers:
name: default-email-transport
- model: authentik_events.notificationtransport
id: default-local-transport
attrs:
mode: local
identifiers:
name: default-local-transport
- model: authentik_core.group
id: group
identifiers:
name: authentik Admins
attrs:
is_superuser: true
users: []
parent: null
- model: authentik_policies_event_matcher.eventmatcherpolicy
id: default-match-configuration-error
attrs:
action: configuration_error
identifiers:
name: default-match-configuration-error
- model: authentik_events.notificationrule
id: default-notify-configuration-error
identifiers:
name: default-notify-configuration-error
attrs:
severity: alert
group: !KeyOf group
transports:
- !KeyOf default-email-transport
- !KeyOf default-local-transport
- model: authentik_policies.policybinding
attrs:
enabled: true
negate: false
timeout: 30
identifiers:
order: 0
policy: !KeyOf default-match-configuration-error
target: !KeyOf default-notify-configuration-error
- model: authentik_policies_event_matcher.eventmatcherpolicy
id: default-match-update
attrs:
action: update_available
identifiers:
name: default-match-update
- model: authentik_events.notificationrule
id: default-notify-update
identifiers:
name: default-notify-update
attrs:
severity: alert
group: !KeyOf group
transports:
- !KeyOf default-email-transport
- !KeyOf default-local-transport
- model: authentik_policies.policybinding
attrs:
enabled: true
negate: false
timeout: 30
identifiers:
order: 0
policy: !KeyOf default-match-update
target: !KeyOf default-notify-update
- model: authentik_policies_event_matcher.eventmatcherpolicy
id: default-match-policy-exception
attrs:
action: policy_exception
identifiers:
name: default-match-policy-exception
- model: authentik_policies_event_matcher.eventmatcherpolicy
id: default-match-property-mapping-exception
attrs:
action: property_mapping_exception
identifiers:
name: default-match-property-mapping-exception
- model: authentik_events.notificationrule
id: default-notify-exception
identifiers:
name: default-notify-exception
attrs:
severity: alert
group: !KeyOf group
transports:
- !KeyOf default-email-transport
- !KeyOf default-local-transport
- model: authentik_policies.policybinding
attrs:
enabled: true
negate: false
timeout: 30
identifiers:
order: 0
policy: !KeyOf default-match-policy-exception
target: !KeyOf default-notify-exception
- model: authentik_policies.policybinding
attrs:
enabled: true
negate: false
timeout: 30
identifiers:
order: 1
policy: !KeyOf default-match-property-mapping-exception
target: !KeyOf default-notify-exception

1
blueprints/default/90-default-tenant.yaml
View File

@ -5,6 +5,7 @@ entries:
- attrs:
flow_authentication: !Find [authentik_flows.flow, [slug, default-authentication-flow]]
flow_invalidation: !Find [authentik_flows.flow, [slug, default-invalidation-flow]]
flow_user_settings: !Find [authentik_flows.flow, [slug, default-user-settings-flow]]
identifiers:
domain: authentik-default
default: True

161
blueprints/default/91-flow-oobe.yaml Normal file
View File

@ -0,0 +1,161 @@
metadata:
name: Default - Out-of-box-experience flow
version: 1
entries:
- attrs:
compatibility_mode: false
denied_action: message_continue
designation: stage_configuration
name: default-oobe-setup
policy_engine_mode: all
title: Welcome to authentik!
id: flow
identifiers:
slug: initial-setup
model: authentik_flows.flow
- attrs:
order: 100
placeholder: Welcome to authentik! Please set a password for the default admin
user, akadmin.
placeholder_expression: false
required: true
sub_text: ''
type: static
id: prompt-field-header
identifiers:
field_key: oobe-header-text
label: oobe-header-text
model: authentik_stages_prompt.prompt
- attrs:
order: 101
placeholder: Admin email
placeholder_expression: false
required: true
sub_text: ''
type: email
id: prompt-field-email
identifiers:
field_key: email
label: Email
model: authentik_stages_prompt.prompt
- attrs:
order: 300
placeholder: Password
placeholder_expression: false
required: true
sub_text: ''
type: password
id: prompt-field-password
identifiers:
field_key: password
label: Password
model: authentik_stages_prompt.prompt
- attrs:
order: 301
placeholder: Password (repeat)
placeholder_expression: false
required: true
sub_text: ''
type: password
id: prompt-field-password-repeat
identifiers:
field_key: password_repeat
label: Password (repeat)
model: authentik_stages_prompt.prompt
- attrs:
execution_logging: false
expression: |
# This policy sets the user for the currently running flow
# by injecting "pending_user"
akadmin = ak_user_by(username="akadmin")
context["flow_plan"].context["pending_user"] = akadmin
return True
id: policy-default-oobe-prefill-user
identifiers:
name: default-oobe-prefill-user
model: authentik_policies_expression.expressionpolicy
- attrs:
execution_logging: false
expression: |
# This policy ensures that the setup flow can only be
# executed when the admin user doesn''t have a password set
akadmin = ak_user_by(username="akadmin")
return not akadmin.has_usable_password()
id: policy-default-oobe-password-usable
identifiers:
name: default-oobe-password-usable
model: authentik_policies_expression.expressionpolicy
- attrs:
fields:
- !KeyOf prompt-field-header
- !KeyOf prompt-field-email
- !KeyOf prompt-field-password
- !KeyOf prompt-field-password-repeat
validation_policies: []
id: stage-default-oobe-password
identifiers:
name: stage-default-oobe-password
model: authentik_stages_prompt.promptstage
- attrs:
session_duration: seconds=0
id: stage-default-authentication-login
identifiers:
name: default-authentication-login
model: authentik_stages_user_login.userloginstage
- attrs:
create_users_as_inactive: false
create_users_group: null
user_path_template: ''
id: stage-default-password-change-write
identifiers:
name: default-password-change-write
model: authentik_stages_user_write.userwritestage
- attrs:
evaluate_on_plan: true
invalid_response_action: retry
policy_engine_mode: all
re_evaluate_policies: false
identifiers:
order: 10
stage: !KeyOf stage-default-oobe-password
target: !KeyOf flow
model: authentik_flows.flowstagebinding
- attrs:
evaluate_on_plan: false
invalid_response_action: retry
policy_engine_mode: all
re_evaluate_policies: true
id: binding-password-write
identifiers:
order: 20
stage: !KeyOf stage-default-password-change-write
target: !KeyOf flow
model: authentik_flows.flowstagebinding
- attrs:
evaluate_on_plan: true
invalid_response_action: retry
policy_engine_mode: all
re_evaluate_policies: false
identifiers:
order: 100
stage: !KeyOf stage-default-authentication-login
target: !KeyOf flow
model: authentik_flows.flowstagebinding
- attrs:
enabled: true
negate: false
timeout: 30
identifiers:
order: 0
policy: !KeyOf policy-default-oobe-password-usable
target: !KeyOf flow
model: authentik_policies.policybinding
- attrs:
enabled: true
negate: false
timeout: 30
identifiers:
order: 0
policy: !KeyOf policy-default-oobe-prefill-user
target: !KeyOf binding-password-write
model: authentik_policies.policybinding