lifecycle: fix kdc5-config missing (cherry-pick #11826) (#11829)

lifecycle: fix kdc5-config missing (#11826)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 2024.8.3
+current_version = 2024.10.0-rc1
 tag = True
 commit = True
 parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)(?:-(?P<rc_t>[a-zA-Z-]+)(?P<rc_n>[1-9]\\d*))?

authentik/__init__.py

@@ -2,7 +2,7 @@
 
 from os import environ
 
-__version__ = "2024.8.3"
+__version__ = "2024.10.0"
 ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
 
 

blueprints/schema.json

@@ -2,7 +2,7 @@
     "$schema": "http://json-schema.org/draft-07/schema",
     "$id": "https://goauthentik.io/blueprints/schema.json",
     "type": "object",
-    "title": "authentik 2024.8.3 Blueprint schema",
+    "title": "authentik 2024.10.0 Blueprint schema",
     "required": [
         "version",
         "entries"

docker-compose.yml

@@ -31,7 +31,7 @@ services:
     volumes:
       - redis:/data
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.0}
     restart: unless-stopped
     command: server
     environment:
@@ -52,7 +52,7 @@ services:
       - postgresql
       - redis
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.8.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.10.0}
     restart: unless-stopped
     command: worker
     environment:

internal/constants/constants.go

@@ -29,4 +29,4 @@ func UserAgent() string {
 	return fmt.Sprintf("authentik@%s", FullVersion())
 }
 
-const VERSION = "2024.8.3"
+const VERSION = "2024.10.0"

lifecycle/ak

@@ -54,7 +54,9 @@ function cleanup {
 }
 
 function prepare_debug {
-    apt-get install -y --no-install-recommends krb5-kdc krb5-user krb5-admin-server
+    export DEBIAN_FRONTEND=noninteractive
+    apt-get update
+    apt-get install -y --no-install-recommends krb5-kdc krb5-user krb5-admin-server libkrb5-dev gcc
     VIRTUAL_ENV=/ak-root/venv poetry install --no-ansi --no-interaction
     touch /unittest.xml
     chown authentik:authentik /unittest.xml

package.json

@@ -1,5 +1,5 @@
 {
     "name": "@goauthentik/authentik",
-    "version": "2024.8.3",
+    "version": "2024.10.0",
     "private": true
 }

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "authentik"
-version = "2024.8.3"
+version = "2024.10.0"
 description = ""
 authors = ["authentik Team <hello@goauthentik.io>"]
 

schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: authentik
-  version: 2024.8.3
+  version: 2024.10.0
   description: Making authentication simple.
   contact:
     email: hello@goauthentik.io

web/src/admin/providers/rac/RACProviderViewPage.ts

@@ -129,11 +129,7 @@ export class RACProviderViewPage extends AKElement {
         if (!this.provider) {
             return html``;
         }
-        return html`<div slot="header" class="pf-c-banner pf-m-info">
+        return html`${this.provider?.assignedApplicationName
-                ${msg("RAC is in preview.")}
-                <a href="mailto:hello+feature/rac@goauthentik.io">${msg("Send us feedback!")}</a>
-            </div>
-            ${this.provider?.assignedApplicationName
                 ? html``
                 : html`<div slot="header" class="pf-c-banner pf-m-warning">
                       ${msg("Warning: Provider is not used by an Application.")}

web/src/admin/rbac/ObjectPermissionModal.ts

@@ -7,7 +7,6 @@ import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
-import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
 import PFButton from "@patternfly/patternfly/components/Button/button.css";
 import PFBase from "@patternfly/patternfly/patternfly-base.css";
 
@@ -53,17 +52,13 @@ export class ObjectPermissionModal extends AKElement {
     objectPk?: string | number;
 
     static get styles(): CSSResult[] {
-        return [PFBase, PFButton, PFBanner];
+        return [PFBase, PFButton];
     }
 
     render(): TemplateResult {
         return html`
             <ak-forms-modal .showSubmitButton=${false} cancelText=${msg("Close")}>
                 <span slot="header"> ${msg("Update Permissions")} </span>
-                <div class="pf-c-banner pf-m-info" slot="above-form">
-                    ${msg("RBAC is in preview.")}
-                    <a href="mailto:hello@goauthentik.io">${msg("Send us feedback!")}</a>
-                </div>
                 <ak-rbac-object-permission-modal-form
                     slot="form"
                     .model=${this.model}

web/src/admin/rbac/ObjectPermissionsPage.ts

@@ -11,7 +11,6 @@ import { msg } from "@lit/localize";
 import { html, nothing } from "lit";
 import { customElement, property } from "lit/decorators.js";
 
-import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
 import PFCard from "@patternfly/patternfly/components/Card/card.css";
 import PFPage from "@patternfly/patternfly/components/Page/page.css";
 import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
@@ -31,66 +30,60 @@ export class ObjectPermissionPage extends AKElement {
     embedded = false;
 
     static get styles() {
-        return [PFBase, PFGrid, PFPage, PFCard, PFBanner];
+        return [PFBase, PFGrid, PFPage, PFCard];
     }
 
     render() {
-        return html`${!this.embedded
+        return html` <ak-tabs pageIdentifier="permissionPage" ?vertical=${!this.embedded}>
-                ? html`<div class="pf-c-banner pf-m-info">
+            ${this.model === RbacPermissionsAssignedByUsersListModelEnum.CoreUser
-                      ${msg("RBAC is in preview.")}
+                ? this.renderCoreUser()
-                      <a href="mailto:hello@goauthentik.io">${msg("Send us feedback!")}</a>
-                  </div>`
                 : nothing}
-            <ak-tabs pageIdentifier="permissionPage" ?vertical=${!this.embedded}>
+            ${this.model === RbacPermissionsAssignedByUsersListModelEnum.RbacRole
-                ${this.model === RbacPermissionsAssignedByUsersListModelEnum.CoreUser
+                ? this.renderRbacRole()
-                    ? this.renderCoreUser()
+                : nothing}
-                    : nothing}
+            <section
-                ${this.model === RbacPermissionsAssignedByUsersListModelEnum.RbacRole
+                slot="page-object-user"
-                    ? this.renderRbacRole()
+                data-tab-title="${msg("User Object Permissions")}"
-                    : nothing}
+                class="pf-c-page__main-section pf-m-no-padding-mobile"
-                <section
+            >
-                    slot="page-object-user"
+                <div class="pf-l-grid pf-m-gutter">
-                    data-tab-title="${msg("User Object Permissions")}"
+                    <div class="pf-c-card pf-l-grid__item pf-m-12-col">
-                    class="pf-c-page__main-section pf-m-no-padding-mobile"
+                        <div class="pf-c-card__title">${msg("User Object Permissions")}</div>
-                >
+                        <div class="pf-c-card__body">
-                    <div class="pf-l-grid pf-m-gutter">
+                            ${msg("Permissions set on users which affect this object.")}
-                        <div class="pf-c-card pf-l-grid__item pf-m-12-col">
+                        </div>
-                            <div class="pf-c-card__title">${msg("User Object Permissions")}</div>
+                        <div class="pf-c-card__body">
-                            <div class="pf-c-card__body">
+                            <ak-rbac-user-object-permission-table
-                                ${msg("Permissions set on users which affect this object.")}
+                                .model=${this.model}
-                            </div>
+                                .objectPk=${this.objectPk}
-                            <div class="pf-c-card__body">
+                            >
-                                <ak-rbac-user-object-permission-table
+                            </ak-rbac-user-object-permission-table>
-                                    .model=${this.model}
-                                    .objectPk=${this.objectPk}
-                                >
-                                </ak-rbac-user-object-permission-table>
-                            </div>
                         </div>
                     </div>
-                </section>
+                </div>
-                <section
+            </section>
-                    slot="page-object-role"
+            <section
-                    data-tab-title="${msg("Role Object Permissions")}"
+                slot="page-object-role"
-                    class="pf-c-page__main-section pf-m-no-padding-mobile"
+                data-tab-title="${msg("Role Object Permissions")}"
-                >
+                class="pf-c-page__main-section pf-m-no-padding-mobile"
-                    <div class="pf-l-grid pf-m-gutter">
+            >
-                        <div class="pf-c-card pf-l-grid__item pf-m-12-col">
+                <div class="pf-l-grid pf-m-gutter">
-                            <div class="pf-c-card__title">${msg("Role Object Permissions")}</div>
+                    <div class="pf-c-card pf-l-grid__item pf-m-12-col">
-                            <div class="pf-c-card__body">
+                        <div class="pf-c-card__title">${msg("Role Object Permissions")}</div>
-                                ${msg("Permissions set on roles which affect this object.")}
+                        <div class="pf-c-card__body">
-                            </div>
+                            ${msg("Permissions set on roles which affect this object.")}
-                            <div class="pf-c-card__body">
+                        </div>
-                                <ak-rbac-role-object-permission-table
+                        <div class="pf-c-card__body">
-                                    .model=${this.model}
+                            <ak-rbac-role-object-permission-table
-                                    .objectPk=${this.objectPk}
+                                .model=${this.model}
-                                >
+                                .objectPk=${this.objectPk}
-                                </ak-rbac-role-object-permission-table>
+                            >
-                            </div>
+                            </ak-rbac-role-object-permission-table>
                         </div>
                     </div>
-                </section>
+                </div>
-            </ak-tabs>`;
+            </section>
+        </ak-tabs>`;
     }
 
     renderCoreUser() {

web/src/admin/roles/RoleListPage.ts

@@ -9,12 +9,10 @@ import { TablePage } from "@goauthentik/elements/table/TablePage";
 import "@patternfly/elements/pf-tooltip/pf-tooltip.js";
 
 import { msg } from "@lit/localize";
-import { CSSResult, TemplateResult, html } from "lit";
+import { TemplateResult, html } from "lit";
 import { customElement, property } from "lit/decorators.js";
 import { ifDefined } from "lit/directives/if-defined.js";
 
-import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
-
 import { RbacApi, Role } from "@goauthentik/api";
 
 @customElement("ak-role-list")
@@ -37,10 +35,6 @@ export class RoleListPage extends TablePage<Role> {
     @property()
     order = "name";
 
-    static get styles(): CSSResult[] {
-        return [...super.styles, PFBanner];
-    }
-
     async apiEndpoint(): Promise<PaginatedResponse<Role>> {
         return new RbacApi(DEFAULT_CONFIG).rbacRolesList(await this.defaultEndpointConfig());
     }
@@ -78,10 +72,6 @@ export class RoleListPage extends TablePage<Role> {
                 description=${ifDefined(this.pageDescription())}
             >
             </ak-page-header>
-            <div class="pf-c-banner pf-m-info">
-                ${msg("RBAC is in preview.")}
-                <a href="mailto:hello@goauthentik.io">${msg("Send us feedback!")}</a>
-            </div>
             <section class="pf-c-page__main-section pf-m-no-padding-mobile">
                 <div class="pf-c-card">${this.renderTable()}</div>
             </section>`;

web/src/admin/sources/kerberos/KerberosSourceViewPage.ts

@@ -18,6 +18,7 @@ import { msg } from "@lit/localize";
 import { CSSResult, TemplateResult, html } from "lit";
 import { customElement, property, state } from "lit/decorators.js";
 
+import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
 import PFButton from "@patternfly/patternfly/components/Button/button.css";
 import PFCard from "@patternfly/patternfly/components/Card/card.css";
 import PFContent from "@patternfly/patternfly/components/Content/content.css";
@@ -54,7 +55,17 @@ export class KerberosSourceViewPage extends AKElement {
     syncState?: SyncStatus;
 
     static get styles(): CSSResult[] {
-        return [PFBase, PFPage, PFButton, PFGrid, PFContent, PFCard, PFDescriptionList, PFList];
+        return [
+            PFBase,
+            PFPage,
+            PFButton,
+            PFGrid,
+            PFContent,
+            PFCard,
+            PFDescriptionList,
+            PFBanner,
+            PFList,
+        ];
     }
 
     constructor() {
@@ -121,6 +132,12 @@ export class KerberosSourceViewPage extends AKElement {
                     this.load();
                 }}
             >
+                <div slot="header" class="pf-c-banner pf-m-info">
+                    ${msg("Kerberos Source is in preview.")}
+                    <a href="mailto:hello+feature/kerberos-source@goauthentik.io"
+                        >${msg("Send us feedback!")}</a
+                    >
+                </div>
                 <div class="pf-l-grid pf-m-gutter">
                     <div class="pf-c-card pf-l-grid__item pf-m-12-col">
                         <div class="pf-c-card__body">

web/src/admin/stages/authenticator_endpoint_gdtc/AuthenticatorEndpointGDTCStageForm.ts

@@ -10,6 +10,8 @@ import { msg } from "@lit/localize";
 import { TemplateResult, html } from "lit";
 import { customElement } from "lit/decorators.js";
 
+import PFBanner from "@patternfly/patternfly/components/Banner/banner.css";
+
 import { AuthenticatorEndpointGDTCStage, StagesApi } from "@goauthentik/api";
 
 @customElement("ak-stage-authenticator-endpoint-gdtc-form")
@@ -33,8 +35,16 @@ export class AuthenticatorEndpointGDTCStageForm extends BaseStageForm<Authentica
         }
     }
 
+    static get styles() {
+        return super.styles.concat(PFBanner);
+    }
+
     renderForm(): TemplateResult {
-        return html` <span>
+        return html`<div class="pf-c-banner pf-m-info">
+                ${msg("Endpoint Google Chrome Device Trust is in preview.")}
+                <a href="mailto:hello+feature/gdtc@goauthentik.io">${msg("Send us feedback!")}</a>
+            </div>
+            <span>
                 ${msg(
                     "Stage used to verify users' browsers using Google Chrome Device Trust. This stage can be used in authentication/authorization flows.",
                 )}

web/src/common/constants.ts

@@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
 export const ERROR_CLASS = "pf-m-danger";
 export const PROGRESS_CLASS = "pf-m-in-progress";
 export const CURRENT_CLASS = "pf-m-current";
-export const VERSION = "2024.8.3";
+export const VERSION = "2024.10.0";
 export const TITLE_DEFAULT = "authentik";
 export const ROUTE_SEPARATOR = ";";
 

website/docs/add-secure-apps/flows-stages/stages/authenticator_endpoint_gdtc/index.md

@@ -3,6 +3,7 @@ title: Endpoint Authenticator Google Device Trust Connector Stage
 ---
 
 <span class="badge badge--primary">Enterprise</span>
+<span class="badge badge--preview">Preview</span>
 <span class="badge badge--version">authentik 2024.10+</span>
 
 ---

website/docs/add-secure-apps/providers/entra/add-entra-provider.md

@@ -3,15 +3,12 @@ title: Add an Entra ID provider
 ---
 
 <span class="badge badge--primary">Enterprise</span>
+<span class="badge badge--preview">Preview</span>
 
 ---
 
 For more information about using an Entra ID provider, see the [Overview](./index.md) documentation.
 
-:::info
-This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
-:::
-
 ## Prerequisites
 
 To create an Entra ID provider provider in authentik, you must have already [configured Entra ID](./setup-entra.md) to integrate with authentik. You will need to obtain from Entra three values: the Application (client) ID, the Directory (tenant) ID, and the Client secret. When adding an Entra ID provider in authentik, you must provide these values.

website/docs/add-secure-apps/providers/entra/index.md

@@ -3,13 +3,10 @@ title: Microsoft Entra ID provider
 ---
 
 <span class="badge badge--primary">Enterprise</span>
+<span class="badge badge--preview">Preview</span>
 
 ---
 
-:::info
-This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
-:::
-
 With the Microsoft Entra ID provider, authentik serves as the single source of truth for all users and groups. Configuring Entra ID as a provider allows for auto-discovery of user and group accounts, on-going synchronization of user data such as email address, name, and status, and integrated data mapping of field names and values.
 
 -   For instructions to configure your Entra ID tenant to integrate with authentik, refer to [Configure Entra ID](./setup-entra.md).

website/docs/add-secure-apps/providers/gws/add-gws-provider.md

@@ -3,13 +3,10 @@ title: Create a Google Workspace provider
 ---
 
 <span class="badge badge--primary">Enterprise</span>
+<span class="badge badge--preview">Preview</span>
 
 ---
 
-:::info
-This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
-:::
-
 For more information about using a Google Workspace provider, see the [Overview](./index.md) documentation.
 
 ## Prerequisites

website/docs/add-secure-apps/providers/gws/index.md

@@ -3,13 +3,10 @@ title: Google Workspace provider
 ---
 
 <span class="badge badge--primary">Enterprise</span>
+<span class="badge badge--preview">Preview</span>
 
 ---
 
-:::info
-This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
-:::
-
 With the Google Workspace provider, authentik serves as the single source of truth for all users and groups, when using Google products like Gmail.
 
 -   For instructions to configure your Google Workspace to integrate with authentik, refer to [Configure Google Workspace](./setup-gws.md).

website/docs/add-secure-apps/providers/rac/how-to-rac.md

@@ -2,17 +2,13 @@
 title: Create a Remote Access Control (RAC) provider
 ---
 
-:::info
-This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
-:::
-
 The RAC provider is a highly flexible feature for accessing remote machines. This document provides instructions for the basic creation and configuration of a RAC provider within a defined scenario.
 
 Fow more information about using a RAC provider, see the [Overview](./index.md) documentation. You can also view our video on YouTube for setting up RAC.
 
 <iframe width="560" height="315" src="https://www.youtube.com/embed/9wahIBRV6Ts;start=22" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
 
-## Prereqisites
+## Prerequisites
 
 The RAC provider requires the deployment of the [RAC Outpost](../../outposts/index.mdx).
 

website/docs/add-secure-apps/providers/rac/index.md

@@ -6,10 +6,6 @@ title: Remote Access Control (RAC) Provider
 
 ---
 
-:::info
-This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
-:::
-
 :::info
 This provider requires the deployment of the [RAC Outpost](../../outposts/index.mdx).
 :::

website/docs/users-sources/sources/protocols/kerberos/index.md

@@ -2,6 +2,11 @@
 title: Kerberos
 ---
 
+<span class="badge badge--preview">Preview</span>
+<span class="badge badge--version">authentik 2024.10+</span>
+
+---
+
 This source allows users to enroll themselves with an existing Kerberos identity.
 
 ## Preparation

website/docs/users-sources/sources/protocols/scim/index.md

@@ -2,9 +2,9 @@
 title: SCIM Source
 ---
 
-:::info
+<span class="badge badge--preview">Preview</span>
-This feature is in technical preview, so please report any bugs on [GitHub](https://github.com/goauthentik/authentik/issues).
+
-:::
+---
 
 The SCIM source allows other applications to directly create users and groups within authentik. SCIM provides predefined schema for users and groups, with a RESTful API, to enable automatic user provisioning and deprovisioning, SCIM is supported by applications such as Microsoft Entra ID, Google Workspace, and Okta.
 

website/src/css/custom.css

@@ -125,3 +125,11 @@ body {
     font-size: 0.75rem;
     vertical-align: middle;
 }
+
+.badge--preview {
+    --ifm-badge-background-color: rgb(115, 188, 247);
+    color: var(--ifm-color-primary-contrast-foreground);
+    --ifm-badge-border-color: var(--ifm-badge-background-color);
+    font-size: 0.75rem;
+    vertical-align: middle;
+}