Compare commits

...

32 Commits

Author SHA1 Message Date
a1bd6bfe17 release: 0.14.1-stable 2020-12-29 21:25:29 +01:00
ebe0f84460 Merge branch 'master' into version-0.14 2020-12-29 21:25:19 +01:00
765ae80698 providers/oauth2: fix error when creating RefreshToken 2020-12-29 21:22:49 +01:00
bbd0ff24d8 docs: add grafana integration docs 2020-12-29 20:43:27 +01:00
7a403613b2 Suggested changes (#434)
L112 - L115 is a suggestion I'm unsure of, but wanted to somehow improve it. Feel free to discard, but I still recommend signup>sign-up on L114 of origin.

On L124, the resulting webpage shows "Active- Directory" (note the space after the hyphen). Not sure how to fix this though.
2020-12-29 20:17:35 +01:00
4ad184a3fb build(deps-dev): bump @typescript-eslint/parser in /web (#439)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 4.11.0 to 4.11.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.11.1/packages/parser)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-29 14:53:40 +01:00
48d5f28e7a build(deps-dev): bump @typescript-eslint/eslint-plugin in /web (#438)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 4.11.0 to 4.11.1.
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/master/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v4.11.1/packages/eslint-plugin)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-29 14:43:30 +01:00
0cb48121b2 build(deps): bump boto3 from 1.16.43 to 1.16.44 (#436)
Bumps [boto3](https://github.com/boto/boto3) from 1.16.43 to 1.16.44.
- [Release notes](https://github.com/boto/boto3/releases)
- [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/boto/boto3/compare/1.16.43...1.16.44)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-29 13:41:19 +01:00
4194ffe2d4 build(deps): bump channels from 3.0.2 to 3.0.3 (#437)
Bumps [channels](https://github.com/django/channels) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/django/channels/releases)
- [Changelog](https://github.com/django/channels/blob/master/CHANGELOG.txt)
- [Commits](https://github.com/django/channels/compare/3.0.2...3.0.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-29 13:34:10 +01:00
4636fe7e64 Add migrate command to 0.14 docs. (#435) 2020-12-28 21:51:22 +01:00
182d714b16 docs: fix typo 2020-12-28 18:15:32 +01:00
540c22ce15 release: 0.14.0-stable 2020-12-28 17:49:45 +01:00
8c3008abce release: 0.14.0-rc2 2020-12-28 17:49:39 +01:00
8a22c86aaa release: 0.14.0-rc1 2020-12-28 17:49:35 +01:00
c8805cc082 release: 0.14.0-stable 2020-12-28 17:45:57 +01:00
db92178d0f Merge branch 'master' into version-0.14 2020-12-28 17:45:49 +01:00
22ce142cb8 outposts: include protocol in outpost deployment ports 2020-12-28 17:21:02 +01:00
1a292feebb outposts: always check metadata on reconcile 2020-12-28 17:11:37 +01:00
09f4d812b3 outposts: set field_manager 2020-12-28 17:11:33 +01:00
ad029d3e0a release: 0.14.0-rc2 2020-12-28 16:03:21 +01:00
b0bd68232d Merge branch 'master' into version-0.14 2020-12-28 16:02:46 +01:00
2bab4ebfe8 core: fix library url pattern not matching SPA 2020-12-28 15:06:25 +01:00
65355372ce Merge branch 'master' into version-0.14 2020-12-28 14:33:28 +01:00
a8647caca9 build(deps): bump @types/codemirror from 0.0.102 to 0.0.103 in /web (#433)
Bumps [@types/codemirror](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/codemirror) from 0.0.102 to 0.0.103.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/codemirror)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-28 14:32:57 +01:00
590597caf6 events: replace list view with SPA Page 2020-12-28 14:32:34 +01:00
7b43777b22 web: reset expanded rows on fetch 2020-12-28 14:04:07 +01:00
77861b52e3 web: fix search loading old results when using enter 2020-12-28 13:56:33 +01:00
5f9c1e229c root: return API dates as timestamp 2020-12-28 13:07:49 +01:00
119adb3e7b web: fix old default URL 2020-12-28 13:07:35 +01:00
5db38bd0b7 web: lazy-render expanded table 2020-12-28 13:07:20 +01:00
0e1587bc1a providers/oauth2: don't write authorization code to event log 2020-12-28 01:07:18 +01:00
dc16a8a4c9 providers/proxy: set proxy-size for nginx for larger response 2020-12-28 00:45:58 +01:00
51 changed files with 567 additions and 287 deletions

View File

@ -1,5 +1,5 @@
[bumpversion]
current_version = 0.14.0-rc1
current_version = 0.14.1-stable
tag = True
commit = True
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)

View File

@ -18,11 +18,11 @@ jobs:
- name: Building Docker Image
run: docker build
--no-cache
-t beryju/authentik:0.14.0-rc1
-t beryju/authentik:0.14.1-stable
-t beryju/authentik:latest
-f Dockerfile .
- name: Push Docker Container to Registry (versioned)
run: docker push beryju/authentik:0.14.0-rc1
run: docker push beryju/authentik:0.14.1-stable
- name: Push Docker Container to Registry (latest)
run: docker push beryju/authentik:latest
build-proxy:
@ -48,11 +48,11 @@ jobs:
cd proxy/
docker build \
--no-cache \
-t beryju/authentik-proxy:0.14.0-rc1 \
-t beryju/authentik-proxy:0.14.1-stable \
-t beryju/authentik-proxy:latest \
-f Dockerfile .
- name: Push Docker Container to Registry (versioned)
run: docker push beryju/authentik-proxy:0.14.0-rc1
run: docker push beryju/authentik-proxy:0.14.1-stable
- name: Push Docker Container to Registry (latest)
run: docker push beryju/authentik-proxy:latest
build-static:
@ -69,11 +69,11 @@ jobs:
cd web/
docker build \
--no-cache \
-t beryju/authentik-static:0.14.0-rc1 \
-t beryju/authentik-static:0.14.1-stable \
-t beryju/authentik-static:latest \
-f Dockerfile .
- name: Push Docker Container to Registry (versioned)
run: docker push beryju/authentik-static:0.14.0-rc1
run: docker push beryju/authentik-static:0.14.1-stable
- name: Push Docker Container to Registry (latest)
run: docker push beryju/authentik-static:latest
test-release:
@ -107,5 +107,5 @@ jobs:
SENTRY_PROJECT: authentik
SENTRY_URL: https://sentry.beryju.org
with:
tagName: 0.14.0-rc1
tagName: 0.14.1-stable
environment: beryjuorg-prod

30
Pipfile.lock generated
View File

@ -74,18 +74,18 @@
},
"boto3": {
"hashes": [
"sha256:0bb2c3159b9f5e0df50430bf06a155bd7f27f480825b6374dde807d42360a668",
"sha256:a49b3ab4bfa2f6394ba60165cfc468410797dd410f32eed47e22f61451ee986e"
"sha256:ba8de10d3ede338d51ae47e428b97dcc1d1b507741aa98697e63e879a147f4aa",
"sha256:e3f10ed6d9ca98415fdec15c85e50a89ec38d6229bce3fafd5e7965b16c4ebc5"
],
"index": "pypi",
"version": "==1.16.43"
"version": "==1.16.44"
},
"botocore": {
"hashes": [
"sha256:7398c900dbd4e3d61647269215396ea3e8082f494f3e7b65d9b6aca049c1d463",
"sha256:795a67338cadb0c3a45014a6c81659da6af623a4e973812f87a6f9d9fb7712e9"
"sha256:4ff05bc089ba78a5996f06dcfddf8ca51583e30ce779ed95e9952e90c1907420",
"sha256:7725e08c95ae96c4dbd955cb4ae44a0c06d3e41f76a7feb0a941c27a44c63113"
],
"version": "==1.19.43"
"version": "==1.19.44"
},
"cachetools": {
"hashes": [
@ -152,11 +152,11 @@
},
"channels": {
"hashes": [
"sha256:74db79c9eca616be69d38013b22083ab5d3f9ccda1ab5e69096b1bb7da2d9b18",
"sha256:f50a6e79757a64c1e45e95e144a2ac5f1e99ee44a0718ab182c501f5e5abd268"
"sha256:056b72e51080a517a0f33a0a30003e03833b551d75394d6636c885d4edb8188f",
"sha256:3f15bdd2138bb4796e76ea588a0a344b12a7964ea9b2e456f992fddb988a4317"
],
"index": "pypi",
"version": "==3.0.2"
"version": "==3.0.3"
},
"channels-redis": {
"hashes": [
@ -899,10 +899,10 @@
},
"pytz": {
"hashes": [
"sha256:3e6b7dd2d1e0a59084bcee14a17af60c5c562cdc16d828e8eba2e683d3a7e268",
"sha256:5c55e189b682d420be27c6995ba6edce0c0a77dd67bfbe2ae6607134d5851ffd"
"sha256:16962c5fb8db4a8f63a26646d8886e9d769b6c511543557bc84e9569fb9a9cb4",
"sha256:180befebb1927b16f6b57101720075a984c019ac16b1b7575673bea42c6c3da5"
],
"version": "==2020.4"
"version": "==2020.5"
},
"pyyaml": {
"hashes": [
@ -1607,10 +1607,10 @@
},
"pytz": {
"hashes": [
"sha256:3e6b7dd2d1e0a59084bcee14a17af60c5c562cdc16d828e8eba2e683d3a7e268",
"sha256:5c55e189b682d420be27c6995ba6edce0c0a77dd67bfbe2ae6607134d5851ffd"
"sha256:16962c5fb8db4a8f63a26646d8886e9d769b6c511543557bc84e9569fb9a9cb4",
"sha256:180befebb1927b16f6b57101720075a984c019ac16b1b7575673bea42c6c3da5"
],
"version": "==2020.4"
"version": "==2020.5"
},
"pyyaml": {
"hashes": [

View File

@ -1,2 +1,2 @@
"""authentik"""
__version__ = "0.14.0-rc1"
__version__ = "0.14.1-stable"

View File

@ -25,7 +25,7 @@ urlpatterns = [
name="user-tokens-delete",
),
# Libray
path("library/", library.LibraryView.as_view(), name="overview"),
path("library", library.LibraryView.as_view(), name="overview"),
# Impersonation
path(
"-/impersonation/<int:user_id>/",

View File

@ -48,6 +48,15 @@ class EventViewSet(ReadOnlyModelViewSet):
queryset = Event.objects.all()
serializer_class = EventSerializer
ordering = ["-created"]
search_fields = [
"user",
"action",
"app",
"context",
"client_ip",
]
filterset_fields = ["action"]
@swagger_auto_schema(
method="GET", responses={200: EventTopPerUserSerialier(many=True)}

View File

@ -10,7 +10,6 @@ class AuthentikEventsConfig(AppConfig):
name = "authentik.events"
label = "authentik_events"
verbose_name = "authentik Events"
mountpoint = "events/"
def ready(self):
import_module("authentik.events.signals")

View File

@ -1,90 +0,0 @@
{% extends "base/page.html" %}
{% load i18n %}
{% load authentik_utils %}
{% block page_content %}
<main role="main" class="pf-c-page__main" tabindex="-1" id="main-content">
<section class="pf-c-page__main-section pf-m-light">
<div class="pf-c-content">
<h1>
<i class="pf-icon pf-icon-catalog"></i>
{% trans 'Event Log' %}
</h1>
</div>
</section>
<section class="pf-c-page__main-section pf-m-no-padding-mobile">
<div class="pf-c-card">
<div class="pf-c-toolbar">
<div class="pf-c-toolbar__content">
{% include 'partials/toolbar_search.html' %}
<button role="ak-refresh" class="pf-c-button pf-m-primary">
{% trans 'Refresh' %}
</button>
{% include 'partials/pagination.html' %}
</div>
</div>
<table class="pf-c-table pf-m-compact pf-m-grid-xl" role="grid">
<thead>
<tr role="row">
<th role="columnheader" scope="col">{% trans 'Action' %}</th>
<th role="columnheader" scope="col">{% trans 'Context' %}</th>
<th role="columnheader" scope="col">{% trans 'User' %}</th>
<th role="columnheader" scope="col">{% trans 'Creation Date' %}</th>
<th role="columnheader" scope="col">{% trans 'Client IP' %}</th>
</tr>
</thead>
<tbody role="rowgroup">
{% for entry in object_list %}
<tr role="row">
<th role="columnheader">
<div>
<div>{{ entry.action }}</div>
<small>{{ entry.app|default:'-' }}</small>
</div>
</th>
<td role="cell">
<div>
<div>
<code>{{ entry.context }}</code>
</div>
{% if entry.user.on_behalf_of %}
<small>
{% blocktrans with username=entry.user.on_behalf_of.username %}
On behalf of {{ username }}
{% endblocktrans %}
</small>
{% endif %}
</div>
</td>
<td role="cell">
<div>
<div>{{ entry.user.username }}</div>
<small>
{% blocktrans with pk=entry.user.pk %}
ID: {{ pk }}
{% endblocktrans %}
</small>
</div>
</td>
<td role="cell">
<span>
{{ entry.created }}
</span>
</td>
<td role="cell">
<span>
{{ entry.client_ip }}
</span>
</td>
</tr>
{% endfor %}
</tbody>
</table>
<div class="pf-c-pagination pf-m-bottom">
{% include 'partials/pagination.html' %}
</div>
</div>
</section>
</main>
{% endblock %}

View File

@ -1,9 +0,0 @@
"""authentik events urls"""
from django.urls import path
from authentik.events.views import EventListView
urlpatterns = [
# Event Log
path("log/", EventListView.as_view(), name="log"),
]

View File

@ -1,30 +0,0 @@
"""authentik Event administration"""
from django.contrib.auth.mixins import LoginRequiredMixin
from django.views.generic import ListView
from guardian.mixins import PermissionListMixin
from authentik.admin.views.utils import SearchListMixin, UserPaginateListMixin
from authentik.events.models import Event
class EventListView(
PermissionListMixin,
LoginRequiredMixin,
SearchListMixin,
UserPaginateListMixin,
ListView,
):
"""Show list of all invitations"""
model = Event
template_name = "events/list.html"
permission_required = "authentik_events.view_event"
ordering = "-created"
search_fields = [
"user",
"action",
"app",
"context",
"client_ip",
]

View File

@ -78,6 +78,8 @@ class FlowViewSet(ModelViewSet):
queryset = Flow.objects.all()
serializer_class = FlowSerializer
lookup_field = "slug"
search_fields = ["name", "slug", "designation", "title"]
filterset_fields = ["flow_uuid", "name", "slug", "designation"]
@swagger_auto_schema(responses={200: FlowDiagramSerializer()})
@action(detail=True, methods=["get"])

View File

@ -1,5 +1,5 @@
"""Base Controller"""
from typing import Dict, List
from dataclasses import dataclass
from structlog import get_logger
from structlog.testing import capture_logs
@ -7,15 +7,26 @@ from structlog.testing import capture_logs
from authentik.lib.sentry import SentryIgnoredException
from authentik.outposts.models import Outpost, OutpostServiceConnection
FIELD_MANAGER = "goauthentik.io"
class ControllerException(SentryIgnoredException):
"""Exception raised when anything fails during controller run"""
@dataclass
class DeploymentPort:
"""Info about deployment's single port."""
port: int
name: str
protocol: str
class BaseController:
"""Base Outpost deployment controller"""
deployment_ports: Dict[str, int]
deployment_ports: list[DeploymentPort]
outpost: Outpost
connection: OutpostServiceConnection
@ -24,14 +35,14 @@ class BaseController:
self.outpost = outpost
self.connection = connection
self.logger = get_logger()
self.deployment_ports = {}
self.deployment_ports = []
# pylint: disable=invalid-name
def up(self):
"""Called by scheduled task to reconcile deployment/service/etc"""
raise NotImplementedError
def up_with_logs(self) -> List[str]:
def up_with_logs(self) -> list[str]:
"""Call .up() but capture all log output and return it."""
with capture_logs() as logs:
self.up()

View File

@ -68,7 +68,10 @@ class DockerController(BaseController):
"image": image_name,
"name": f"authentik-proxy-{self.outpost.uuid.hex}",
"detach": True,
"ports": {x: x for _, x in self.deployment_ports.items()},
"ports": {
f"{port.port}/{port.protocol.lower()}": port.port
for port in self.deployment_ports
},
"environment": self._get_env(),
"labels": self._get_labels(),
}
@ -139,7 +142,10 @@ class DockerController(BaseController):
def get_static_deployment(self) -> str:
"""Generate docker-compose yaml for proxy, version 3.5"""
ports = [f"{x}:{x}" for _, x in self.deployment_ports.items()]
ports = [
f"{port.port}:{port.port}/{port.protocol.lower()}"
for port in self.deployment_ports
]
image_prefix = CONFIG.y("outposts.docker_image_base")
compose = {
"version": "3.5",
@ -154,6 +160,7 @@ class DockerController(BaseController):
),
"AUTHENTIK_TOKEN": self.outpost.token.key,
},
"labels": self._get_labels(),
}
},
}

View File

@ -93,7 +93,8 @@ class KubernetesObjectReconciler(Generic[T]):
def reconcile(self, current: T, reference: T):
"""Check what operations should be done, should be raised as
ReconcileTrigger"""
raise NotImplementedError
if current.metadata.annotations != reference.metadata.annotations:
raise NeedsUpdate()
def create(self, reference: T):
"""API Wrapper to create object"""

View File

@ -18,6 +18,7 @@ from kubernetes.client import (
from authentik import __version__
from authentik.lib.config import CONFIG
from authentik.outposts.controllers.base import FIELD_MANAGER
from authentik.outposts.controllers.k8s.base import (
KubernetesObjectReconciler,
NeedsUpdate,
@ -43,6 +44,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
return f"authentik-outpost-{self.controller.outpost.uuid.hex}"
def reconcile(self, current: V1Deployment, reference: V1Deployment):
super().reconcile(current, reference)
if current.spec.replicas != reference.spec.replicas:
raise NeedsUpdate()
if (
@ -63,8 +65,14 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
"""Get deployment object for outpost"""
# Generate V1ContainerPort objects
container_ports = []
for port_name, port in self.controller.deployment_ports.items():
container_ports.append(V1ContainerPort(container_port=port, name=port_name))
for port in self.controller.deployment_ports:
container_ports.append(
V1ContainerPort(
container_port=port.port,
name=port.name,
protocol=port.protocol.upper(),
)
)
meta = self.get_object_meta(name=self.name)
secret_name = f"authentik-outpost-{self.controller.outpost.uuid.hex}-api"
image_prefix = CONFIG.y("outposts.docker_image_base")
@ -118,7 +126,9 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
)
def create(self, reference: V1Deployment):
return self.api.create_namespaced_deployment(self.namespace, reference)
return self.api.create_namespaced_deployment(
self.namespace, reference, field_manager=FIELD_MANAGER
)
def delete(self, reference: V1Deployment):
return self.api.delete_namespaced_deployment(

View File

@ -4,6 +4,7 @@ from typing import TYPE_CHECKING
from kubernetes.client import CoreV1Api, V1Secret
from authentik.outposts.controllers.base import FIELD_MANAGER
from authentik.outposts.controllers.k8s.base import (
KubernetesObjectReconciler,
NeedsUpdate,
@ -30,6 +31,7 @@ class SecretReconciler(KubernetesObjectReconciler[V1Secret]):
return f"authentik-outpost-{self.controller.outpost.uuid.hex}-api"
def reconcile(self, current: V1Secret, reference: V1Secret):
super().reconcile(current, reference)
for key in reference.data.keys():
if current.data[key] != reference.data[key]:
raise NeedsUpdate()
@ -51,7 +53,9 @@ class SecretReconciler(KubernetesObjectReconciler[V1Secret]):
)
def create(self, reference: V1Secret):
return self.api.create_namespaced_secret(self.namespace, reference)
return self.api.create_namespaced_secret(
self.namespace, reference, field_manager=FIELD_MANAGER
)
def delete(self, reference: V1Secret):
return self.api.delete_namespaced_secret(

View File

@ -3,6 +3,7 @@ from typing import TYPE_CHECKING
from kubernetes.client import CoreV1Api, V1Service, V1ServicePort, V1ServiceSpec
from authentik.outposts.controllers.base import FIELD_MANAGER
from authentik.outposts.controllers.k8s.base import (
KubernetesObjectReconciler,
NeedsUpdate,
@ -25,6 +26,7 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
return f"authentik-outpost-{self.controller.outpost.uuid.hex}"
def reconcile(self, current: V1Service, reference: V1Service):
super().reconcile(current, reference)
if len(current.spec.ports) != len(reference.spec.ports):
raise NeedsUpdate()
for port in reference.spec.ports:
@ -35,8 +37,15 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
"""Get deployment object for outpost"""
meta = self.get_object_meta(name=self.name)
ports = []
for port_name, port in self.controller.deployment_ports.items():
ports.append(V1ServicePort(name=port_name, port=port))
for port in self.controller.deployment_ports:
ports.append(
V1ServicePort(
name=port.name,
port=port.port,
protocol=port.protocol.upper(),
target_port=port.port,
)
)
selector_labels = DeploymentReconciler(self.controller).get_pod_meta()
return V1Service(
metadata=meta,
@ -44,7 +53,9 @@ class ServiceReconciler(KubernetesObjectReconciler[V1Service]):
)
def create(self, reference: V1Service):
return self.api.create_namespaced_service(self.namespace, reference)
return self.api.create_namespaced_service(
self.namespace, reference, field_manager=FIELD_MANAGER
)
def delete(self, reference: V1Service):
return self.api.delete_namespaced_service(

View File

@ -398,7 +398,7 @@ class AuthorizationCode(ExpiringModel, BaseGrantModel):
verbose_name_plural = _("Authorization Codes")
def __str__(self):
return "{0} - {1}".format(self.provider, self.code)
return f"Authorization code for {self.provider} for user {self.user}"
@dataclass
@ -461,7 +461,7 @@ class RefreshToken(ExpiringModel, BaseGrantModel):
self._id_token = json.dumps(asdict(value))
def __str__(self):
return f"{self.provider} - {self.access_token}"
return f"Refresh Token for {self.provider} for user {self.user}"
@property
def at_hash(self):

View File

@ -2,6 +2,7 @@
from typing import Dict
from urllib.parse import urlparse
from authentik.outposts.controllers.base import DeploymentPort
from authentik.outposts.controllers.docker import DockerController
from authentik.outposts.models import DockerServiceConnection, Outpost
from authentik.providers.proxy.models import ProxyProvider
@ -12,10 +13,10 @@ class ProxyDockerController(DockerController):
def __init__(self, outpost: Outpost, connection: DockerServiceConnection):
super().__init__(outpost, connection)
self.deployment_ports = {
"http": 4180,
"https": 4443,
}
self.deployment_ports = [
DeploymentPort(4180, "http", "tcp"),
DeploymentPort(4443, "https", "tcp"),
]
def _get_labels(self) -> Dict[str, str]:
hosts = []

View File

@ -15,6 +15,7 @@ from kubernetes.client.models.networking_v1beta1_ingress_rule import (
NetworkingV1beta1IngressRule,
)
from authentik.outposts.controllers.base import FIELD_MANAGER
from authentik.outposts.controllers.k8s.base import (
KubernetesObjectReconciler,
NeedsUpdate,
@ -39,6 +40,7 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
def reconcile(
self, current: NetworkingV1beta1Ingress, reference: NetworkingV1beta1Ingress
):
super().reconcile(current, reference)
# Create a list of all expected host and tls hosts
expected_hosts = []
expected_hosts_tls = []
@ -74,11 +76,13 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
# goes to the same pod
"nginx.ingress.kubernetes.io/affinity": "cookie",
"traefik.ingress.kubernetes.io/affinity": "true",
"nginx.ingress.kubernetes.io/proxy-buffers-number": "4",
"nginx.ingress.kubernetes.io/proxy-buffer-size": "16k",
}
annotations.update(
self.controller.outpost.config.kubernetes_ingress_annotations
)
return dict()
return annotations
def get_reference_object(self) -> NetworkingV1beta1Ingress:
"""Get deployment object for outpost"""
@ -102,7 +106,7 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
NetworkingV1beta1HTTPIngressPath(
backend=NetworkingV1beta1IngressBackend(
service_name=self.name,
service_port=self.controller.deployment_ports["http"],
service_port="http",
),
path="/",
)
@ -122,7 +126,9 @@ class IngressReconciler(KubernetesObjectReconciler[NetworkingV1beta1Ingress]):
)
def create(self, reference: NetworkingV1beta1Ingress):
return self.api.create_namespaced_ingress(self.namespace, reference)
return self.api.create_namespaced_ingress(
self.namespace, reference, field_manager=FIELD_MANAGER
)
def delete(self, reference: NetworkingV1beta1Ingress):
return self.api.delete_namespaced_ingress(

View File

@ -1,4 +1,5 @@
"""Proxy Provider Kubernetes Contoller"""
from authentik.outposts.controllers.base import DeploymentPort
from authentik.outposts.controllers.kubernetes import KubernetesController
from authentik.outposts.models import KubernetesServiceConnection, Outpost
from authentik.providers.proxy.controllers.k8s.ingress import IngressReconciler
@ -9,9 +10,9 @@ class ProxyKubernetesController(KubernetesController):
def __init__(self, outpost: Outpost, connection: KubernetesServiceConnection):
super().__init__(outpost, connection)
self.deployment_ports = {
"http": 4180,
"https": 4443,
}
self.deployment_ports = [
DeploymentPort(4180, "http", "tcp"),
DeploymentPort(4443, "https", "tcp"),
]
self.reconcilers["ingress"] = IngressReconciler
self.reconcile_order.append("ingress")

View File

@ -7,7 +7,7 @@ from authentik.providers.proxy.models import ProxyProvider
class ProxyProviderForm(forms.ModelForm):
"""Security Gateway Provider form"""
"""Proxy Provider form"""
instance: ProxyProvider

View File

@ -142,6 +142,7 @@ SWAGGER_SETTINGS = {
REST_FRAMEWORK = {
"DEFAULT_PAGINATION_CLASS": "authentik.api.pagination.Pagination",
"PAGE_SIZE": 100,
"DATETIME_FORMAT": "%s",
"DEFAULT_FILTER_BACKENDS": [
"rest_framework_guardian.filters.ObjectPermissionsFilter",
"django_filters.rest_framework.DjangoFilterBackend",

View File

@ -19,7 +19,7 @@ services:
networks:
- internal
server:
image: beryju/authentik:${AUTHENTIK_TAG:-0.14.0-rc1}
image: beryju/authentik:${AUTHENTIK_TAG:-0.14.1-stable}
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
@ -44,7 +44,7 @@ services:
env_file:
- .env
worker:
image: beryju/authentik:${AUTHENTIK_TAG:-0.14.0-rc1}
image: beryju/authentik:${AUTHENTIK_TAG:-0.14.1-stable}
command: worker
networks:
- internal
@ -60,7 +60,7 @@ services:
env_file:
- .env
static:
image: beryju/authentik-static:${AUTHENTIK_TAG:-0.14.0-rc1}
image: beryju/authentik-static:${AUTHENTIK_TAG:-0.14.1-stable}
networks:
- internal
labels:

View File

@ -4,7 +4,7 @@ name: authentik
home: https://goauthentik.io
sources:
- https://github.com/BeryJu/authentik
version: "0.14.0-rc1"
version: "0.14.1-stable"
icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
dependencies:
- name: postgresql

View File

@ -4,7 +4,7 @@
|-----------------------------------|-------------------------|-------------|
| image.name | beryju/authentik | Image used to run the authentik server and worker |
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
| image.tag | 0.14.0-rc1 | Image tag |
| image.tag | 0.14.1-stable | Image tag |
| image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments |
| serverReplicas | 1 | Replicas for the Server deployment |
| workerReplicas | 1 | Replicas for the Worker deployment |

View File

@ -5,7 +5,7 @@ image:
name: beryju/authentik
name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
tag: 0.14.0-rc1
tag: 0.14.1-stable
pullPolicy: IfNotPresent
serverReplicas: 1

View File

@ -1,3 +1,3 @@
package pkg
const VERSION = "0.14.0-rc1"
const VERSION = "0.14.1-stable"

View File

@ -868,6 +868,11 @@ paths:
operationId: events_events_list
description: Event Read-Only Viewset
parameters:
- name: action
in: query
description: ''
required: false
type: string
- name: ordering
in: query
description: Which field to use when ordering the results.
@ -919,6 +924,11 @@ paths:
operationId: events_events_top_per_user
description: Get the top_n events grouped by user count
parameters:
- name: action
in: query
description: ''
required: false
type: string
- name: ordering
in: query
description: Which field to use when ordering the results.
@ -1194,6 +1204,26 @@ paths:
operationId: flows_instances_list
description: Flow Viewset
parameters:
- name: flow_uuid
in: query
description: ''
required: false
type: string
- name: name
in: query
description: ''
required: false
type: string
- name: slug
in: query
description: ''
required: false
type: string
- name: designation
in: query
description: ''
required: false
type: string
- name: ordering
in: query
description: Which field to use when ordering the results.
@ -8133,6 +8163,14 @@ definitions:
type: string
format: uuid
x-nullable: true
verbose_name:
title: Verbose name
type: string
readOnly: true
verbose_name_plural:
title: Verbose name plural
type: string
readOnly: true
__type__:
title: 'type '
type: string
@ -8181,6 +8219,14 @@ definitions:
type: string
format: uuid
x-nullable: true
verbose_name:
title: Verbose name
type: string
readOnly: true
verbose_name_plural:
title: Verbose name plural
type: string
readOnly: true
server_uri:
title: Server URI
type: string
@ -8296,6 +8342,14 @@ definitions:
type: string
format: uuid
x-nullable: true
verbose_name:
title: Verbose name
type: string
readOnly: true
verbose_name_plural:
title: Verbose name plural
type: string
readOnly: true
provider_type:
title: Provider type
type: string

132
web/package-lock.json generated
View File

@ -304,9 +304,9 @@
}
},
"@types/codemirror": {
"version": "0.0.102",
"resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-0.0.102.tgz",
"integrity": "sha512-WZZW8VL8BAzzAZWkiYnM5VsYz1qWYieRqHPPtC/BB015QXd3LPXtBlbRYA8lauKgM10qWYeLH8p5LsIn2SLXfA==",
"version": "0.0.103",
"resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-0.0.103.tgz",
"integrity": "sha512-dYQTrIcZal0pnYz/ODjpJB+yadKJhGHywylAlHKjE8VSzGiw2A+6S+hD6jfyXw02ToFR9DO52X+O1pvHn31sbg==",
"requires": {
"@types/tern": "*"
}
@ -393,13 +393,13 @@
}
},
"@typescript-eslint/eslint-plugin": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.11.0.tgz",
"integrity": "sha512-x4arJMXBxyD6aBXLm3W7mSDZRiABzy+2PCLJbL7OPqlp53VXhaA1HKK7R2rTee5OlRhnUgnp8lZyVIqjnyPT6g==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.11.1.tgz",
"integrity": "sha512-fABclAX2QIEDmTMk6Yd7Muv1CzFLwWM4505nETzRHpP3br6jfahD9UUJkhnJ/g2m7lwfz8IlswcwGGPGiq9exw==",
"dev": true,
"requires": {
"@typescript-eslint/experimental-utils": "4.11.0",
"@typescript-eslint/scope-manager": "4.11.0",
"@typescript-eslint/experimental-utils": "4.11.1",
"@typescript-eslint/scope-manager": "4.11.1",
"debug": "^4.1.1",
"functional-red-black-tree": "^1.0.1",
"regexpp": "^3.0.0",
@ -408,71 +408,71 @@
},
"dependencies": {
"@typescript-eslint/scope-manager": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.11.0.tgz",
"integrity": "sha512-6VSTm/4vC2dHM3ySDW9Kl48en+yLNfVV6LECU8jodBHQOhO8adAVizaZ1fV0QGZnLQjQ/y0aBj5/KXPp2hBTjA==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.11.1.tgz",
"integrity": "sha512-Al2P394dx+kXCl61fhrrZ1FTI7qsRDIUiVSuN6rTwss6lUn8uVO2+nnF4AvO0ug8vMsy3ShkbxLu/uWZdTtJMQ==",
"dev": true,
"requires": {
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/visitor-keys": "4.11.0"
"@typescript-eslint/types": "4.11.1",
"@typescript-eslint/visitor-keys": "4.11.1"
}
},
"@typescript-eslint/types": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.11.0.tgz",
"integrity": "sha512-XXOdt/NPX++txOQHM1kUMgJUS43KSlXGdR/aDyEwuAEETwuPt02Nc7v+s57PzuSqMbNLclblQdv3YcWOdXhQ7g==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.11.1.tgz",
"integrity": "sha512-5kvd38wZpqGY4yP/6W3qhYX6Hz0NwUbijVsX2rxczpY6OXaMxh0+5E5uLJKVFwaBM7PJe1wnMym85NfKYIh6CA==",
"dev": true
},
"@typescript-eslint/visitor-keys": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.11.0.tgz",
"integrity": "sha512-tRYKyY0i7cMk6v4UIOCjl1LhuepC/pc6adQqJk4Is3YcC6k46HvsV9Wl7vQoLbm9qADgeujiT7KdLrylvFIQ+A==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.11.1.tgz",
"integrity": "sha512-IrlBhD9bm4bdYcS8xpWarazkKXlE7iYb1HzRuyBP114mIaj5DJPo11Us1HgH60dTt41TCZXMaTCAW+OILIYPOg==",
"dev": true,
"requires": {
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/types": "4.11.1",
"eslint-visitor-keys": "^2.0.0"
}
}
}
},
"@typescript-eslint/experimental-utils": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.11.0.tgz",
"integrity": "sha512-1VC6mSbYwl1FguKt8OgPs8xxaJgtqFpjY/UzUYDBKq4pfQ5lBvN2WVeqYkzf7evW42axUHYl2jm9tNyFsb8oLg==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/experimental-utils/-/experimental-utils-4.11.1.tgz",
"integrity": "sha512-mAlWowT4A6h0TC9F+J5pdbEhjNiEMO+kqPKQ4sc3fVieKL71dEqfkKgtcFVSX3cjSBwYwhImaQ/mXQF0oaI38g==",
"dev": true,
"requires": {
"@types/json-schema": "^7.0.3",
"@typescript-eslint/scope-manager": "4.11.0",
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/typescript-estree": "4.11.0",
"@typescript-eslint/scope-manager": "4.11.1",
"@typescript-eslint/types": "4.11.1",
"@typescript-eslint/typescript-estree": "4.11.1",
"eslint-scope": "^5.0.0",
"eslint-utils": "^2.0.0"
},
"dependencies": {
"@typescript-eslint/scope-manager": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.11.0.tgz",
"integrity": "sha512-6VSTm/4vC2dHM3ySDW9Kl48en+yLNfVV6LECU8jodBHQOhO8adAVizaZ1fV0QGZnLQjQ/y0aBj5/KXPp2hBTjA==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.11.1.tgz",
"integrity": "sha512-Al2P394dx+kXCl61fhrrZ1FTI7qsRDIUiVSuN6rTwss6lUn8uVO2+nnF4AvO0ug8vMsy3ShkbxLu/uWZdTtJMQ==",
"dev": true,
"requires": {
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/visitor-keys": "4.11.0"
"@typescript-eslint/types": "4.11.1",
"@typescript-eslint/visitor-keys": "4.11.1"
}
},
"@typescript-eslint/types": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.11.0.tgz",
"integrity": "sha512-XXOdt/NPX++txOQHM1kUMgJUS43KSlXGdR/aDyEwuAEETwuPt02Nc7v+s57PzuSqMbNLclblQdv3YcWOdXhQ7g==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.11.1.tgz",
"integrity": "sha512-5kvd38wZpqGY4yP/6W3qhYX6Hz0NwUbijVsX2rxczpY6OXaMxh0+5E5uLJKVFwaBM7PJe1wnMym85NfKYIh6CA==",
"dev": true
},
"@typescript-eslint/typescript-estree": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.11.0.tgz",
"integrity": "sha512-eA6sT5dE5RHAFhtcC+b5WDlUIGwnO9b0yrfGa1mIOIAjqwSQCpXbLiFmKTdRbQN/xH2EZkGqqLDrKUuYOZ0+Hg==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.11.1.tgz",
"integrity": "sha512-tC7MKZIMRTYxQhrVAFoJq/DlRwv1bnqA4/S2r3+HuHibqvbrPcyf858lNzU7bFmy4mLeIHFYr34ar/1KumwyRw==",
"dev": true,
"requires": {
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/visitor-keys": "4.11.0",
"@typescript-eslint/types": "4.11.1",
"@typescript-eslint/visitor-keys": "4.11.1",
"debug": "^4.1.1",
"globby": "^11.0.1",
"is-glob": "^4.0.1",
@ -482,12 +482,12 @@
}
},
"@typescript-eslint/visitor-keys": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.11.0.tgz",
"integrity": "sha512-tRYKyY0i7cMk6v4UIOCjl1LhuepC/pc6adQqJk4Is3YcC6k46HvsV9Wl7vQoLbm9qADgeujiT7KdLrylvFIQ+A==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.11.1.tgz",
"integrity": "sha512-IrlBhD9bm4bdYcS8xpWarazkKXlE7iYb1HzRuyBP114mIaj5DJPo11Us1HgH60dTt41TCZXMaTCAW+OILIYPOg==",
"dev": true,
"requires": {
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/types": "4.11.1",
"eslint-visitor-keys": "^2.0.0"
}
},
@ -508,41 +508,41 @@
}
},
"@typescript-eslint/parser": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.11.0.tgz",
"integrity": "sha512-NBTtKCC7ZtuxEV5CrHUO4Pg2s784pvavc3cnz6V+oJvVbK4tH9135f/RBP6eUA2KHiFKAollSrgSctQGmHbqJQ==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-4.11.1.tgz",
"integrity": "sha512-BJ3jwPQu1jeynJ5BrjLuGfK/UJu6uwHxJ/di7sanqmUmxzmyIcd3vz58PMR7wpi8k3iWq2Q11KMYgZbUpRoIPw==",
"dev": true,
"requires": {
"@typescript-eslint/scope-manager": "4.11.0",
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/typescript-estree": "4.11.0",
"@typescript-eslint/scope-manager": "4.11.1",
"@typescript-eslint/types": "4.11.1",
"@typescript-eslint/typescript-estree": "4.11.1",
"debug": "^4.1.1"
}
},
"@typescript-eslint/scope-manager": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.11.0.tgz",
"integrity": "sha512-6VSTm/4vC2dHM3ySDW9Kl48en+yLNfVV6LECU8jodBHQOhO8adAVizaZ1fV0QGZnLQjQ/y0aBj5/KXPp2hBTjA==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-4.11.1.tgz",
"integrity": "sha512-Al2P394dx+kXCl61fhrrZ1FTI7qsRDIUiVSuN6rTwss6lUn8uVO2+nnF4AvO0ug8vMsy3ShkbxLu/uWZdTtJMQ==",
"dev": true,
"requires": {
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/visitor-keys": "4.11.0"
"@typescript-eslint/types": "4.11.1",
"@typescript-eslint/visitor-keys": "4.11.1"
}
},
"@typescript-eslint/types": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.11.0.tgz",
"integrity": "sha512-XXOdt/NPX++txOQHM1kUMgJUS43KSlXGdR/aDyEwuAEETwuPt02Nc7v+s57PzuSqMbNLclblQdv3YcWOdXhQ7g==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-4.11.1.tgz",
"integrity": "sha512-5kvd38wZpqGY4yP/6W3qhYX6Hz0NwUbijVsX2rxczpY6OXaMxh0+5E5uLJKVFwaBM7PJe1wnMym85NfKYIh6CA==",
"dev": true
},
"@typescript-eslint/typescript-estree": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.11.0.tgz",
"integrity": "sha512-eA6sT5dE5RHAFhtcC+b5WDlUIGwnO9b0yrfGa1mIOIAjqwSQCpXbLiFmKTdRbQN/xH2EZkGqqLDrKUuYOZ0+Hg==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-4.11.1.tgz",
"integrity": "sha512-tC7MKZIMRTYxQhrVAFoJq/DlRwv1bnqA4/S2r3+HuHibqvbrPcyf858lNzU7bFmy4mLeIHFYr34ar/1KumwyRw==",
"dev": true,
"requires": {
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/visitor-keys": "4.11.0",
"@typescript-eslint/types": "4.11.1",
"@typescript-eslint/visitor-keys": "4.11.1",
"debug": "^4.1.1",
"globby": "^11.0.1",
"is-glob": "^4.0.1",
@ -568,12 +568,12 @@
}
},
"@typescript-eslint/visitor-keys": {
"version": "4.11.0",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.11.0.tgz",
"integrity": "sha512-tRYKyY0i7cMk6v4UIOCjl1LhuepC/pc6adQqJk4Is3YcC6k46HvsV9Wl7vQoLbm9qADgeujiT7KdLrylvFIQ+A==",
"version": "4.11.1",
"resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-4.11.1.tgz",
"integrity": "sha512-IrlBhD9bm4bdYcS8xpWarazkKXlE7iYb1HzRuyBP114mIaj5DJPo11Us1HgH60dTt41TCZXMaTCAW+OILIYPOg==",
"dev": true,
"requires": {
"@typescript-eslint/types": "4.11.0",
"@typescript-eslint/types": "4.11.1",
"eslint-visitor-keys": "^2.0.0"
}
},

View File

@ -12,7 +12,7 @@
"@sentry/browser": "^5.29.2",
"@sentry/tracing": "^5.29.2",
"@types/chart.js": "^2.9.29",
"@types/codemirror": "0.0.102",
"@types/codemirror": "0.0.103",
"chart.js": "^2.9.4",
"codemirror": "^5.59.0",
"construct-style-sheets-polyfill": "^2.4.3",
@ -27,8 +27,8 @@
},
"devDependencies": {
"@rollup/plugin-typescript": "^8.1.0",
"@typescript-eslint/eslint-plugin": "^4.11.0",
"@typescript-eslint/parser": "^4.11.0",
"@typescript-eslint/eslint-plugin": "^4.11.1",
"@typescript-eslint/parser": "^4.11.1",
"eslint": "^7.16.0",
"eslint-config-google": "^0.14.0",
"eslint-plugin-lit": "^1.3.0",

View File

@ -1,6 +1,37 @@
import { DefaultClient } from "./Client";
import { DefaultClient, PBResponse, QueryArguments } from "./Client";
export interface EventUser {
pk: number;
email?: string;
username: string;
on_behalf_of?: EventUser;
}
export interface EventContext {
[key: string]: EventContext | string | number;
}
export class Event {
pk: string;
user: EventUser;
action: string;
app: string;
context: EventContext;
client_ip: string;
created: string;
constructor() {
throw Error();
}
static get(pk: string): Promise<Event> {
return DefaultClient.fetch<Event>(["events", "events", pk]);
}
static list(filter?: QueryArguments): Promise<PBResponse<Event>> {
return DefaultClient.fetch<PBResponse<Event>>(["events", "events"], filter);
}
// events/events/top_per_user/?filter_action=authorize_application
static topForUser(action: string): Promise<TopNEvent[]> {
return DefaultClient.fetch<TopNEvent[]>(["events", "events", "top_per_user"], {

View File

@ -28,4 +28,4 @@ export const ColorStyles = css`
background-color: var(--pf-global--danger-color--100);
}
`;
export const VERSION = "0.14.0-rc1";
export const VERSION = "0.14.1-stable";

View File

@ -115,6 +115,7 @@ export abstract class Table<T> extends LitElement {
this.apiEndpoint(this.page).then((r) => {
this.data = r;
this.page = r.pagination.current;
this.expandedRows = [];
});
}
@ -144,7 +145,7 @@ export abstract class Table<T> extends LitElement {
<tr role="row">
<td role="cell" colspan="8">
<div class="pf-l-bullseye">
${inner ? inner : html`<ak-empty-state header="none"></ak-empty-state>`}
${inner ? inner : html`<ak-empty-state header="${gettext("No elements found.")}"></ak-empty-state>`}
</div>
</td>
</tr>
@ -178,7 +179,7 @@ export abstract class Table<T> extends LitElement {
</tr>
<tr class="pf-c-table__expandable-row ${this.expandedRows[idx] ? "pf-m-expanded" : ""}" role="row">
<td></td>
${this.renderExpanded(item)}
${this.expandedRows[idx] ? this.renderExpanded(item) : html``}
</tr>
</tbody>`;
});

View File

@ -26,9 +26,9 @@ export class TableSearch extends LitElement {
if (el.value === "") return;
this.onSearch(el?.value);
}}>
<input class="pf-c-form-control" name="search" type="search" placeholder="Search..." value="${ifDefined(this.value)}" @search=${() => {
<input class="pf-c-form-control" name="search" type="search" placeholder="Search..." value="${ifDefined(this.value)}" @search=${(ev: Event) => {
if (!this.onSearch) return;
this.onSearch("");
this.onSearch((ev.target as HTMLInputElement).value);
}}>
<button class="pf-c-button pf-m-control" type="submit">
<i class="fas fa-search" aria-hidden="true"></i>

View File

@ -36,7 +36,7 @@
class="pf-c-page__main"
tabindex="-1"
id="main-content"
defaultUrl="/library/"
defaultUrl="/library"
>
</ak-router-outlet>
</div>

View File

@ -9,7 +9,7 @@ export const SIDEBAR_ITEMS: SidebarItem[] = [
new SidebarItem("Monitor").children(
new SidebarItem("Overview", "/administration/overview"),
new SidebarItem("System Tasks", "/administration/tasks/"),
new SidebarItem("Events", "/events/log/"),
new SidebarItem("Events", "/events"),
).when((): Promise<boolean> => {
return User.me().then(u => u.is_superuser);
}),

View File

@ -36,7 +36,7 @@ export abstract class Interface extends LitElement {
<ak-sidebar class="pf-c-page__sidebar ${this.sidebarOpen ? "pf-m-expanded" : "pf-m-collapsed"}" .items=${this.sidebar}>
</ak-sidebar>
<main class="pf-c-page__main">
<ak-router-outlet role="main" class="pf-c-page__main" tabindex="-1" id="main-content" defaultUrl="/library/">
<ak-router-outlet role="main" class="pf-c-page__main" tabindex="-1" id="main-content" defaultUrl="/library">
</ak-router-outlet>
</main>
</div>`;

View File

@ -0,0 +1,116 @@
import { gettext } from "django";
import { css, CSSResult, customElement, html, LitElement, property, TemplateResult } from "lit-element";
import { until } from "lit-html/directives/until";
import { Event, EventContext } from "../../api/Events";
import { Flow } from "../../api/Flows";
import { COMMON_STYLES } from "../../common/styles";
import "../../elements/Spinner";
import { SpinnerSize } from "../../elements/Spinner";
@customElement("ak-event-info")
export class EventInfo extends LitElement {
@property({attribute: false})
event?: Event;
static get styles(): CSSResult[] {
return COMMON_STYLES.concat(
css`
code {
display: block;
white-space: pre-wrap;
}
`
);
}
getModelInfo(context: EventContext): TemplateResult {
return html`<ul class="pf-c-list">
<li>${gettext("UID")}: ${context.pk as string}</li>
<li>${gettext("Name")}: ${context.name as string}</li>
<li>${gettext("App")}: ${context.app as string}</li>
<li>${gettext("Model Name")}: ${context.model_name as string}</li>
</ul>`;
}
defaultResponse(): TemplateResult {
return html`<div class="pf-l-flex">
<div class="pf-l-flex__item">
<h3>${gettext("Context")}</h3>
<code>${JSON.stringify(this.event?.context)}</code>
</div>
<div class="pf-l-flex__item">
<h3>${gettext("User")}</h3>
<code>${JSON.stringify(this.event?.user)}</code>
</div>
</div>`;
}
render(): TemplateResult {
if (!this.event) {
return html`<ak-spinner size=${SpinnerSize.Medium}></ak-spinner>`;
}
switch (this.event?.action) {
case "model_created":
case "model_updated":
case "model_deleted":
return html`
<h3>${gettext("Affected model:")}</h3><hr>
${this.getModelInfo(this.event.context.model as EventContext)}
`;
case "authorize_application":
return html`<div class="pf-l-flex">
<div class="pf-l-flex__item">
<h3>${gettext("Authorized application:")}</h3><hr>
${this.getModelInfo(this.event.context.authorized_application as EventContext)}
</div>
<div class="pf-l-flex__item">
<h3>${gettext("Using flow")}</h3>
<span>${until(Flow.list({
flow_uuid: this.event.context.flow as string,
}).then(resp => {
return html`<a href="#/flows/${resp.results[0].slug}">${resp.results[0].name}</a>`;
}), html`<ak-spinner size=${SpinnerSize.Medium}></ak-spinner>`)}</span>
</div>
</div>`;
case "login_failed":
return html`
<h3>${gettext(`Attempted to log in as ${this.event.context.username}`)}</h3>
`;
case "token_view":
return html`
<h3>${gettext("Token:")}</h3><hr>
${this.getModelInfo(this.event.context.token as EventContext)}
`;
case "property_mapping_exception":
case "policy_exception":
return html`<div class="pf-l-flex">
<div class="pf-l-flex__item">
<h3>${gettext("Exception")}</h3>
<code>${this.event.context.error}</code>
</div>
<div class="pf-l-flex__item">
<h3>${gettext("Expression")}</h3>
<code>${this.event.context.expression}</code>
</div>
</div>`;
case "configuration_error":
return html`<h3>${this.event.context.message}</h3>`;
case "update_available":
return html`<h3>${gettext("New version available!")}</h3>
<a target="_blank" href="https://github.com/BeryJu/authentik/releases/tag/version%2F${this.event.context.new_version}">${this.event.context.new_version}</a>
`;
// Action types which typically don't record any extra context.
// If context is not empty, we fall to the default response.
case "login":
case "logout":
if (this.event.context === {}) {
return html`<span>${gettext("No additional data available.")}</span>`;
}
return this.defaultResponse();
default:
return this.defaultResponse();
}
}
}

View File

@ -0,0 +1,71 @@
import { gettext } from "django";
import { customElement, html, property, TemplateResult } from "lit-element";
import { PBResponse } from "../../api/Client";
import { Event } from "../../api/Events";
import { TableColumn } from "../../elements/table/Table";
import { TablePage } from "../../elements/table/TablePage";
import { time } from "../../utils";
import "./EventInfo";
@customElement("ak-event-list")
export class EventListPage extends TablePage<Event> {
expandable = true;
pageTitle(): string {
return "Event Log";
}
pageDescription(): string | undefined {
return;
}
pageIcon(): string {
return "pf-icon pf-icon-catalog";
}
searchEnabled(): boolean {
return true;
}
@property()
order = "-created";
apiEndpoint(page: number): Promise<PBResponse<Event>> {
return Event.list({
ordering: this.order,
page: page,
search: this.search || "",
});
}
columns(): TableColumn[] {
return [
new TableColumn("Action", "action"),
new TableColumn("User", "user"),
new TableColumn("Creation Date", "created"),
new TableColumn("Client IP", "client_ip"),
];
}
row(item: Event): TemplateResult[] {
return [
html`<div>${item.action}</div>
<small>${item.app}</small>`,
html`<div>${item.user.username}</div>
${item.user.on_behalf_of ? html`<small>
${gettext(`On behalf of ${item.user.on_behalf_of.username}`)}
</small>` : html``}`,
html`<span>${time(item.created).toLocaleString()}</span>`,
html`<span>${item.client_ip}</span>`,
];
}
renderExpanded(item: Event): TemplateResult {
return html`
<td role="cell" colspan="4">
<div class="pf-c-table__expandable-row-content">
<ak-event-info .event=${item}></ak-event-info>
</div>
</td>
<td></td>
<td></td>
<td></td>`;
}
}

View File

@ -7,6 +7,7 @@ import "./pages/applications/ApplicationListPage";
import "./pages/applications/ApplicationViewPage";
import "./pages/sources/SourceViewPage";
import "./pages/flows/FlowViewPage";
import "./pages/events/EventListPage";
export const ROUTES: Route[] = [
// Prevent infinite Shell loops
@ -24,4 +25,5 @@ export const ROUTES: Route[] = [
new Route(new RegExp(`^/flows/(?<slug>${SLUG_REGEX})$`)).then((args) => {
return html`<ak-flow-view .args=${args}></ak-flow-view>`;
}),
new Route(new RegExp("^/events$"), html`<ak-event-list></ak-event-list>`),
];

View File

@ -50,3 +50,7 @@ export function loading<T>(v: T, actual: TemplateResult): TemplateResult {
}
return actual;
}
export function time(t: string): Date {
return new Date(parseInt(t, 10) * 1000);
}

View File

@ -15,7 +15,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte
To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env`
To optionally deploy a different version run `echo AUTHENTIK_TAG=0.14.0-rc1 >> .env`
To optionally deploy a different version run `echo AUTHENTIK_TAG=0.14.1-stable >> .env`
If this is a fresh authentik install run the following commands to generate a password:

View File

@ -22,7 +22,7 @@ image:
name: beryju/authentik
name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
tag: 0.14.0-rc1
tag: 0.14.1-stable
serverReplicas: 1
workerReplicas: 1

View File

@ -0,0 +1,66 @@
---
title: Grafana
---
## What is Grafana
From https://en.wikipedia.org/wiki/Grafana
:::note
Grafana is a multi-platform open source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources, Grafana Enterprise version with additional capabilities is also available. It is expandable through a plug-in system.
:::
## Preparation
The following placeholders will be used:
- `grafana.company` is the FQDN of the Grafana install.
- `authentik.company` is the FQDN of the authentik install.
Create an application in authentik. Create an OAuth2/OpenID provider with the following parameters:
- Client Type: `Confidential`
- JWT Algorithm: `RS256`
- Scopes: OpenID, Email and Profile
- RSA Key: Select any available key
- Redirect URIs: `https://grafana.company/login/generic_oauth`
Note the Client ID and Client Secret values. Create an application, using the provider you've created above. Note the slug of the application you've created.
## Grafana
If your Grafana is running in docker, set the following environment variables:
```yaml
environment:
GF_AUTH_GENERIC_OAUTH_ENABLED: "true"
GF_AUTH_GENERIC_OAUTH_NAME: "authentik"
GF_AUTH_GENERIC_OAUTH_CLIENT_ID: "<Client ID from above>"
GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET: "<Client Secret from above>"
GF_AUTH_GENERIC_OAUTH_SCOPES: "openid profile email"
GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://authentik.company/application/o/authorize/"
GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://authentik.company/application/o/token/"
GF_AUTH_GENERIC_OAUTH_API_URL: "https://authentik.company/application/o/userinfo/"
GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.company/application/o/<Slug of the application from above>/end-session/"
# Optionally enable auto-login
GF_AUTH_OAUTH_AUTO_LOGIN: "true"
```
If you are using a config-file instead, you have to set these options:
```ini
[auth]
signout_redirect_url = https://authentik.company/application/o/<Slug of the application from above>/end-session/
# Optionally enable auto-login
oauth_auto_login = true
[auth.generic_oauth]
name = authentik
enabled = true
client_id = <Client ID from above>
client_secret = <Client Secret from above>
scopes = openid email profile
auth_url = https://authentik.company/application/o/authorize/
token_url = https://authentik.company/application/o/token/
api_url = https://authentik.company/application/o/userinfo/
```

View File

@ -17,13 +17,14 @@ The following placeholders will be used:
- `harbor.company` is the FQDN of the Harbor install.
- `authentik.company` is the FQDN of the authentik install.
Create an application in authentik. Create an OpenID provider with the following parameters:
Create an OAuth2/OpenID provider with the following parameters:
- Client Type: `Confidential`
- Response types: `code (Authorization Code Flow)`
- JWT Algorithm: `RS256`
- Redirect URIs: `https://harbor.company/c/oidc/callback`
- Scopes: `openid`
- Scopes: OpenID, Email and Profile
Note the Client ID and Client Secret values. Create an application, using the provider you've created above.
## Harbor

View File

@ -51,12 +51,11 @@ Under _Sources_, click _Edit_ and ensure that "Autogenerated Active Directory Ma
### Step 3
Under _Providers_, create an OAuth2/OpenID Provider with these settings:
Under _Providers_, create an OAuth2/OpenID provider with these settings:
- Client Type: Confidential
- JWT Algorithm: RS256
- Redirect URI: `https://vcenter.company/ui/login/oauth2/authcode`
- Post Logout Redirect URIs: `https://vcenter.company/ui/login`
- Sub Mode: If your Email address Schema matches your UPN, select "Based on the User's Email...", otherwise select "Based on the User's UPN...".
- Scopes: Select the Scope Mapping you've created in Step 1

View File

@ -20,7 +20,7 @@ title: Release 0.14
- The OAuth2 Provider has been updated to closer match the OpenID Connect Specifications
Response time now longer has to be configured manually. The issuer field can be configured now (the default behaviour is the same as pre-0.14)
Response type no longer has to be configured manually. The issuer field can be configured now (the default behaviour is the same as pre-0.14)
Authorization Codes are now generated as a JWT Token, which is not specified as spec, but seems to be a quasi-standard.
@ -50,7 +50,7 @@ This release does not introduce any new requirements.
### docker-compose
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-0.14/docker-compose.yml) and run `docker-compose up -d`.
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-0.14/docker-compose.yml). Aftewards, simply run `docker-compose up -d` and then the normal upgrade command of `docker-compose run --rm server migrate`.
### Kubernetes

View File

@ -101,6 +101,7 @@ module.exports = {
"integrations/services/aws/index",
"integrations/services/awx-tower/index",
"integrations/services/gitlab/index",
"integrations/services/grafana/index",
"integrations/services/harbor/index",
"integrations/services/home-assistant/index",
"integrations/services/nextcloud/index",

View File

@ -11,8 +11,8 @@ const features = [
title: "Easy to Use",
description: (
<>
Identity made easy. authentik makes single-sign on, user
enrollment and access control simple.
Identity made easy. authentik makes single-sign on (SSO), user
enrollment, and access control simple.
</>
),
},
@ -20,7 +20,7 @@ const features = [
title: "Realise your workflow",
description: (
<>
authentik lets you build your Workflow as you need it, no
authentik lets you build your workflow as you need it, no
limitations.
</>
),
@ -109,20 +109,20 @@ function Home() {
authentik is an open-source Identity Provider
focused on flexibility and versatility. You
can use authentik in an existing environment
to add support for new protocols. authentik
is also a great solution for implementing
signup/recovery/etc in your application, so
you don't have to deal with it.
to add support for new protocols, implement
sign-up/recovery/etc. in your application so
you don't have to deal with it, and many other
things.
</p>
</div>
</div>
<div className="row">
<div className="col col--5 col--offset-2 padding-vert--xl">
<h2>Upmost flexibility</h2>
<h2>Utmost flexibility</h2>
<p>
You can adopt authentik to your environment,
regardless of your requirements. Need an Active-
Directory integrated SSO Provider? Do you want
regardless of your requirements. Need an Active-Directory
integrated SSO Provider? Do you want
to implement a custom enrollment process for your
customers? Are you developing an application and
don't want to deal with User verification and recovery?