|
|
98a56c77e3
|
providers/proxy: update ingress controller to work with k8s 1.22
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-18 10:00:24 +02:00 |
|
|
|
2b09d97522
|
core: fix squash migrations error when AK_ADMIN_TOKEN is set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-12 17:45:10 +02:00 |
|
|
|
83150d9920
|
outposts: fix circular import in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-03 19:25:18 +02:00 |
|
|
|
d30dcda814
|
providers/proxy: always check ingress secret in kubernetes controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-03 19:14:27 +02:00 |
|
|
|
3c1ac4c7ec
|
outposts/proxy: add new headers with unified naming
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-10-02 22:00:23 +02:00 |
|
|
|
aea1736f70
|
outposts/proxy: Fix failing traefik healtcheck (#1470)
|
2021-09-26 11:33:18 +02:00 |
|
|
|
4f3583cd7e
|
providers/proxy: make token_validity float and optional for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-25 15:54:32 +02:00 |
|
|
|
f7408626a8
|
providers/proxy: return token_validity as total seconds instead of expression
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-25 15:44:16 +02:00 |
|
|
|
28eeb4798e
|
providers/proxy: add token_validity field for outpost configuration
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1462
|
2021-09-25 15:00:06 +02:00 |
|
|
|
79b92e764e
|
*: fix typos in code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-25 00:01:11 +02:00 |
|
|
|
ae07f13a87
|
outposts: don't map port 9300 on docker, only expose port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-21 21:40:08 +02:00 |
|
|
|
4448145aa9
|
providers/proxy: use auth/traefik subpath
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-10 13:53:04 +02:00 |
|
|
|
7158c9d2ea
|
core: metrics v2 (#1370)
* outposts: add ldap metrics, move ping to 9100
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add flow_executor metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use port 9300 for metrics, add core metrics port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/controllers/k8s: add service monitor creation support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 15:52:24 +02:00 |
|
|
|
da58796768
|
providers/proxy: fix defaults for old proxy providers (load providers directly)
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 13:54:24 +02:00 |
|
|
|
d98499a3fa
|
providers/proxy: fix defaults for old proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-09 13:26:36 +02:00 |
|
|
|
f3ff398a44
|
providers/proxy: add metrics port to controllers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 23:01:22 +02:00 |
|
|
|
3c1b70c355
|
outposts/proxyv2 (#1365)
* outposts/proxyv2: initial commit
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add rs256
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
more stuff
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add forward auth an sign_out
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
match cookie name
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
re-add support for rs256 for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add error handler
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
ensure unique user-agent is used
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
set cookie duration based on id_token expiry
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
build proxy v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add ssl
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add basic auth and custom header support
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add application cert loading
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
implement whitelist
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add redis
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
migrate embedded outpost to v2
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
remove old proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
providers/proxy: make token expiration configurable
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
add metrics
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
fix tests
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only allow one redirect URI
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix docker build for proxy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove default port offset
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* add AUTHENTIK_HOST_BROWSER
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests: fix e2e/integration tests not using proper tags
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* remove references of old port
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix user_attributes not being loaded correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup dependencies
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-08 18:04:56 +00:00 |
|
|
|
d92d8e6dbb
|
api: add additional filters for ldap and proxy providers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-09-03 10:43:09 +02:00 |
|
|
|
3e9f5ec5ef
|
providers/proxy: improve error handling for non-tls ingresses
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-30 14:43:57 +02:00 |
|
|
|
0c6e781e5b
|
providers/proxy: fix traefik middleware being generated with wrong ports for embedded outposts
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-29 20:49:11 +02:00 |
|
|
|
2d8b4f543b
|
providers/proxy: fix url parsing for traefik labels on docker containers
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-27 22:21:16 +02:00 |
|
|
|
8542dc10ab
|
providers/proxy: fix docker container labels not being inherited correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-27 20:20:34 +02:00 |
|
|
|
665c1aa81b
|
providers/proxy: don't create ingress when no hosts are defined
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-08 21:46:05 +02:00 |
|
|
|
9c9addb0ce
|
*: ensure all resources can be filtered
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-07 16:34:14 +02:00 |
|
|
|
77ed25ae34
|
root: reformat to 100 line width
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-08-03 17:45:16 +02:00 |
|
|
|
75ff2480e2
|
providers/proxy: fix hosts for ingress not being compared correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-28 16:08:06 +02:00 |
|
|
|
0a3fade1fd
|
providers/proxy: remove deprecated field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-22 16:20:26 +02:00 |
|
|
|
66bfa6879d
|
outposts/proxy: add X-Auth-Groups header to pass groups
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-07-22 10:47:58 +02:00 |
|
|
|
831b32c279
|
core: fix PropertyMapping's globals not matching Expression policy
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-21 15:54:43 +02:00 |
|
|
|
31d2ea65fd
|
provider/proxy: mark forward_auth flag as deprecated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-13 12:39:25 +02:00 |
|
|
|
34ae9e6dab
|
API: add endpoint to show by what objects an object is used (#995)
* core: add used_by API to show what objects are affected before deletion
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/elements: add support for used_by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add authentik_used_by_shadows to shadow other models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: implement used_by API
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: fix duplicate imports
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add action field to used_by api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add UI for used_by action
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: add notice to tenant form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: fix naming in used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: check length for used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: fix used_by for non-pk models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* *: improve __str__ on models
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* core: add support for many to many in used_by
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-10 11:58:12 +02:00 |
|
|
|
dad24c03ff
|
outposts: set cookies for a domain to authenticate an entire domain (#971)
* outposts: initial cookie domain implementation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add cookie domain setting
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: replace forward_auth_mode with general mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: rebuild proxy provider form
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: re-add forward_auth_mode for backwards compat
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix data.mode not being set
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* root: always set log level to debug when testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: use new mode attribute
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: only ingress /akprox on forward_domain
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/proxy: fix lint error
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix error on ProxyProviderForm when not using proxy mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: fix default for outpost form's type missing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/admin: add additional desc for proxy modes
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts: fix service account permissions not always being updated
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost/proxy: fix redirecting to incorrect host for domain mode
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: improve error handling for network errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: fix image naming not matching main imaeg
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/proxy: fix redirects for domain mode and traefik
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web: fix colour for paragraphs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix consent stage not showing permissions correctly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: add domain-level docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* website/docs: fix broken links
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/proxy: remove dead code
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* web/flows: fix missing id for #header-text
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-06-08 23:10:17 +02:00 |
|
|
|
9b57f0b81d
|
Merge branch 'version-2021.5' into next
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
# Conflicts:
# web/src/locales/en.po
# web/src/locales/pseudo-LOCALE.po
|
2021-05-22 20:01:16 +02:00 |
|
|
|
2c816e6162
|
providers/proxy: don't use https to communicate with outpost
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-22 18:56:38 +02:00 |
|
|
|
dcf074650e
|
providers/proxy: fix redirect_uris not always being set on save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-20 01:10:04 +02:00 |
|
|
|
a74419214c
|
providers/proxy: fix redirect_uris not always being set on save
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-19 23:10:00 +02:00 |
|
|
|
1324d03815
|
*: initial migration to openapi v3
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-15 23:57:28 +02:00 |
|
|
|
a4278833d8
|
providers/proxy: fix ingress not being created with full https
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-15 13:45:41 +02:00 |
|
|
|
942905b9b1
|
providers/proxy: fix formatting issue
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-14 16:24:35 +02:00 |
|
|
|
8d7bb7da17
|
providers/proxy: connect ingress to https instead of http
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#882
|
2021-05-14 11:42:03 +02:00 |
|
|
|
84dfbcaaae
|
providers/api: return redirect_uris for proxy provider
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-11 20:02:17 +02:00 |
|
|
|
932b19999e
|
providers/proxy: missing @property for noop
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-11 01:26:01 +02:00 |
|
|
|
788fd00390
|
outposts: use noop flag in each reconciler instead of raising Disabled and force use of get_referecen_object
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-11 00:27:29 +02:00 |
|
|
|
a6a8eddf7c
|
providers/proxy: create ingress for forward_auth /akprox path
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-09 12:40:44 +02:00 |
|
|
|
8c0a87b710
|
outposts: improve logging for outpost controller
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-09 12:34:44 +02:00 |
|
|
|
5cad59a9f8
|
providers/proxy: fix being able to set empty internal_host
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-09 00:07:34 +02:00 |
|
|
|
e6dfa8294e
|
providers/proxy: use name.namespace for middleware service
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-07 10:07:30 +02:00 |
|
|
|
ea7f9f291f
|
outposts: create traefikmiddleware if forwardAuth is enabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-07 00:01:35 +02:00 |
|
|
|
701c140cfd
|
providers/proxy: fix logic error for ingress lookup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-05 20:28:13 +02:00 |
|
|
|
be8b2bf6f6
|
providers/proxy: don't create ingress for domains which use forwardAuth, don't create ingress at all if all providers are forward auth
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
|
2021-05-05 17:53:12 +02:00 |
|
