Compare commits
12 Commits
version/20
...
version/20
| Author | SHA1 | Date | |
|---|---|---|---|
| 677a181b9c | |||
| 4b551add1a | |||
| 217cca822d | |||
| e6f897c7e6 | |||
| 65c9d4bf4c | |||
| 6e88e52d78 | |||
| 6e69edf1af | |||
| 08e7ef3c1e | |||
| d728163eea | |||
| cf76652a4c | |||
| c525ecc334 | |||
| 49d40d4337 |
@ -1,5 +1,5 @@
|
||||
[bumpversion]
|
||||
current_version = 2021.1.1-rc1
|
||||
current_version = 2021.1.1-stable
|
||||
tag = True
|
||||
commit = True
|
||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-(?P<release>.*)
|
||||
|
||||
20
.github/workflows/release.yml
vendored
20
.github/workflows/release.yml
vendored
@ -18,11 +18,11 @@ jobs:
|
||||
- name: Building Docker Image
|
||||
run: docker build
|
||||
--no-cache
|
||||
-t beryju/authentik:2021.1.1-rc1
|
||||
-t beryju/authentik:2021.1.1-stable
|
||||
-t beryju/authentik:latest
|
||||
-f Dockerfile .
|
||||
- name: Push Docker Container to Registry (versioned)
|
||||
run: docker push beryju/authentik:2021.1.1-rc1
|
||||
run: docker push beryju/authentik:2021.1.1-stable
|
||||
- name: Push Docker Container to Registry (latest)
|
||||
run: docker push beryju/authentik:latest
|
||||
build-proxy:
|
||||
@ -34,7 +34,7 @@ jobs:
|
||||
go-version: "^1.15"
|
||||
- name: prepare go api client
|
||||
run: |
|
||||
cd proxy
|
||||
cd outpost
|
||||
go get -u github.com/go-swagger/go-swagger/cmd/swagger
|
||||
swagger generate client -f ../swagger.yaml -A authentik -t pkg/
|
||||
go build -v .
|
||||
@ -45,14 +45,14 @@ jobs:
|
||||
run: docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
|
||||
- name: Building Docker Image
|
||||
run: |
|
||||
cd proxy/
|
||||
cd outpost/
|
||||
docker build \
|
||||
--no-cache \
|
||||
-t beryju/authentik-proxy:2021.1.1-rc1 \
|
||||
-t beryju/authentik-proxy:2021.1.1-stable \
|
||||
-t beryju/authentik-proxy:latest \
|
||||
-f Dockerfile .
|
||||
-f proxy.Dockerfile .
|
||||
- name: Push Docker Container to Registry (versioned)
|
||||
run: docker push beryju/authentik-proxy:2021.1.1-rc1
|
||||
run: docker push beryju/authentik-proxy:2021.1.1-stable
|
||||
- name: Push Docker Container to Registry (latest)
|
||||
run: docker push beryju/authentik-proxy:latest
|
||||
build-static:
|
||||
@ -69,11 +69,11 @@ jobs:
|
||||
cd web/
|
||||
docker build \
|
||||
--no-cache \
|
||||
-t beryju/authentik-static:2021.1.1-rc1 \
|
||||
-t beryju/authentik-static:2021.1.1-stable \
|
||||
-t beryju/authentik-static:latest \
|
||||
-f Dockerfile .
|
||||
- name: Push Docker Container to Registry (versioned)
|
||||
run: docker push beryju/authentik-static:2021.1.1-rc1
|
||||
run: docker push beryju/authentik-static:2021.1.1-stable
|
||||
- name: Push Docker Container to Registry (latest)
|
||||
run: docker push beryju/authentik-static:latest
|
||||
test-release:
|
||||
@ -107,5 +107,5 @@ jobs:
|
||||
SENTRY_PROJECT: authentik
|
||||
SENTRY_URL: https://sentry.beryju.org
|
||||
with:
|
||||
tagName: 2021.1.1-rc1
|
||||
tagName: 2021.1.1-stable
|
||||
environment: beryjuorg-prod
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
"""authentik"""
|
||||
__version__ = "2021.1.1-rc1"
|
||||
__version__ = "2021.1.1-stable"
|
||||
|
||||
@ -50,7 +50,8 @@ class TestAdminTasks(TestCase):
|
||||
self.assertEqual(cache.get(VERSION_CACHE_KEY), "99999999.9999999")
|
||||
self.assertTrue(
|
||||
Event.objects.filter(
|
||||
action=EventAction.UPDATE_AVAILABLE, context__new_version="99999999.9999999"
|
||||
action=EventAction.UPDATE_AVAILABLE,
|
||||
context__new_version="99999999.9999999",
|
||||
).exists()
|
||||
)
|
||||
# test that a consecutive check doesn't create a duplicate event
|
||||
@ -58,7 +59,8 @@ class TestAdminTasks(TestCase):
|
||||
self.assertEqual(
|
||||
len(
|
||||
Event.objects.filter(
|
||||
action=EventAction.UPDATE_AVAILABLE, context__new_version="99999999.9999999"
|
||||
action=EventAction.UPDATE_AVAILABLE,
|
||||
context__new_version="99999999.9999999",
|
||||
)
|
||||
),
|
||||
1,
|
||||
|
||||
@ -86,7 +86,11 @@ class ApplicationViewSet(ModelViewSet):
|
||||
engine.build()
|
||||
if engine.passing:
|
||||
allowed_applications.append(application)
|
||||
cache.set(user_app_cache_key(self.request.user.pk), allowed_applications)
|
||||
cache.set(
|
||||
user_app_cache_key(self.request.user.pk),
|
||||
allowed_applications,
|
||||
timeout=86400,
|
||||
)
|
||||
serializer = self.get_serializer(allowed_applications, many=True)
|
||||
return self.get_paginated_response(serializer.data)
|
||||
|
||||
|
||||
@ -49,9 +49,15 @@ def outpost_service_connection_state(connection_pk: Any):
|
||||
@CELERY_APP.task(bind=True, base=MonitoredTask)
|
||||
def outpost_service_connection_monitor(self: MonitoredTask):
|
||||
"""Regularly check the state of Outpost Service Connections"""
|
||||
for connection in OutpostServiceConnection.objects.all():
|
||||
connections = OutpostServiceConnection.objects.all()
|
||||
for connection in connections.iterator():
|
||||
outpost_service_connection_state.delay(connection.pk)
|
||||
self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL))
|
||||
self.set_status(
|
||||
TaskResult(
|
||||
TaskResultStatus.SUCCESSFUL,
|
||||
[f"Successfully updated {len(connections)} connections."],
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
@CELERY_APP.task(bind=True, base=MonitoredTask)
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
"""authentik policy engine"""
|
||||
from enum import Enum
|
||||
from multiprocessing import Pipe, set_start_method
|
||||
from multiprocessing import Pipe, current_process
|
||||
from multiprocessing.connection import Connection
|
||||
from typing import Iterator, List, Optional
|
||||
|
||||
@ -16,9 +16,7 @@ from authentik.policies.process import PolicyProcess, cache_key
|
||||
from authentik.policies.types import PolicyRequest, PolicyResult
|
||||
|
||||
LOGGER = get_logger()
|
||||
# This is only really needed for macOS, because Python 3.8 changed the default to spawn
|
||||
# spawn causes issues with objects that aren't picklable, and also the django setup
|
||||
set_start_method("fork")
|
||||
CURRENT_PROCESS = current_process()
|
||||
|
||||
|
||||
class PolicyProcessInfo:
|
||||
@ -117,14 +115,19 @@ class PolicyEngine:
|
||||
LOGGER.debug("P_ENG: Evaluating policy", policy=binding.policy)
|
||||
our_end, task_end = Pipe(False)
|
||||
task = PolicyProcess(binding, self.request, task_end)
|
||||
task.daemon = False
|
||||
LOGGER.debug("P_ENG: Starting Process", policy=binding.policy)
|
||||
task.start()
|
||||
if CURRENT_PROCESS._config.get("daemon"):
|
||||
task.run()
|
||||
else:
|
||||
task.start()
|
||||
self.__processes.append(
|
||||
PolicyProcessInfo(process=task, connection=our_end, binding=binding)
|
||||
)
|
||||
# If all policies are cached, we have an empty list here.
|
||||
for proc_info in self.__processes:
|
||||
proc_info.process.join(proc_info.binding.timeout)
|
||||
if proc_info.process.is_alive():
|
||||
proc_info.process.join(proc_info.binding.timeout)
|
||||
# Only call .recv() if no result is saved, otherwise we just deadlock here
|
||||
if not proc_info.result:
|
||||
proc_info.result = proc_info.connection.recv()
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
"""authentik policy task"""
|
||||
from multiprocessing import Process
|
||||
from multiprocessing import get_context
|
||||
from multiprocessing.connection import Connection
|
||||
from traceback import format_tb
|
||||
from typing import Optional
|
||||
@ -28,7 +28,11 @@ def cache_key(binding: PolicyBinding, request: PolicyRequest) -> str:
|
||||
return prefix
|
||||
|
||||
|
||||
class PolicyProcess(Process):
|
||||
FORK_CTX = get_context("fork")
|
||||
PROCESS_CLASS = FORK_CTX.Process
|
||||
|
||||
|
||||
class PolicyProcess(PROCESS_CLASS):
|
||||
"""Evaluate a single policy within a seprate process"""
|
||||
|
||||
connection: Connection
|
||||
|
||||
@ -31,7 +31,11 @@ def authenticate(
|
||||
|
||||
Customized version of django's authenticate, which accepts a list of backends"""
|
||||
for backend_path in backends:
|
||||
backend: BaseBackend = path_to_class(backend_path)()
|
||||
try:
|
||||
backend: BaseBackend = path_to_class(backend_path)()
|
||||
except ImportError:
|
||||
LOGGER.warning("Failed to import backend", path=backend_path)
|
||||
continue
|
||||
LOGGER.debug("Attempting authentication...", backend=backend)
|
||||
user = backend.authenticate(request, **credentials)
|
||||
if user is None:
|
||||
|
||||
@ -19,7 +19,7 @@ services:
|
||||
networks:
|
||||
- internal
|
||||
server:
|
||||
image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.1-rc1}
|
||||
image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.1-stable}
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
@ -45,7 +45,7 @@ services:
|
||||
env_file:
|
||||
- .env
|
||||
worker:
|
||||
image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.1-rc1}
|
||||
image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.1-stable}
|
||||
command: worker
|
||||
networks:
|
||||
- internal
|
||||
@ -62,7 +62,7 @@ services:
|
||||
env_file:
|
||||
- .env
|
||||
static:
|
||||
image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.1.1-rc1}
|
||||
image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.1.1-stable}
|
||||
networks:
|
||||
- internal
|
||||
labels:
|
||||
|
||||
@ -4,7 +4,7 @@ name: authentik
|
||||
home: https://goauthentik.io
|
||||
sources:
|
||||
- https://github.com/BeryJu/authentik
|
||||
version: "2021.1.1-rc1"
|
||||
version: "2021.1.1-stable"
|
||||
icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
|
||||
dependencies:
|
||||
- name: postgresql
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
|-----------------------------------|-------------------------|-------------|
|
||||
| image.name | beryju/authentik | Image used to run the authentik server and worker |
|
||||
| image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) |
|
||||
| image.tag | 2021.1.1-rc1 | Image tag |
|
||||
| image.tag | 2021.1.1-stable | Image tag |
|
||||
| image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments |
|
||||
| serverReplicas | 1 | Replicas for the Server deployment |
|
||||
| workerReplicas | 1 | Replicas for the Worker deployment |
|
||||
|
||||
@ -20,7 +20,7 @@ data:
|
||||
OUTPOSTS__DOCKER_IMAGE_BASE: "{{ .Values.image.name_outposts }}"
|
||||
EMAIL__HOST: "{{ .Values.config.email.host }}"
|
||||
EMAIL__PORT: "{{ .Values.config.email.port }}"
|
||||
EMAIL__USERNAM: "{{ .Values.config.email.username }}"
|
||||
EMAIL__USERNAME: "{{ .Values.config.email.username }}"
|
||||
EMAIL__USE_TLS: "{{ .Values.config.email.use_tls }}"
|
||||
EMAIL__USE_SSL: "{{ .Values.config.email.use_ssl }}"
|
||||
EMAIL__TIMEOUT: "{{ .Values.config.email.timeout }}"
|
||||
|
||||
@ -6,11 +6,11 @@ metadata:
|
||||
data:
|
||||
monitoring_username: bW9uaXRvcg== # monitor in base64
|
||||
{{- if .Values.config.secretKey }}
|
||||
SECRET_KEY: {{ .Values.config.secretKey | b64enc | quote }}
|
||||
secret_key: {{ .Values.config.secretKey | b64enc | quote }}
|
||||
{{- else }}
|
||||
SECRET_KEY: {{ randAlphaNum 50 | b64enc | quote}}
|
||||
secret_key: {{ randAlphaNum 50 | b64enc | quote}}
|
||||
{{- end }}
|
||||
{{- if .Values.backup }}
|
||||
POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secretKey }}"
|
||||
{{- end}}
|
||||
EMAIL__PASSWOR: "{{ .Values.config.email.password }}"
|
||||
EMAIL__PASSWORD: "{{ .Values.config.email.password }}"
|
||||
|
||||
@ -117,7 +117,7 @@ spec:
|
||||
memory: 300M
|
||||
limits:
|
||||
cpu: 300m
|
||||
memory: 600MiB
|
||||
memory: 600M
|
||||
volumes:
|
||||
- name: authentik-uploads
|
||||
persistentVolumeClaim:
|
||||
|
||||
@ -5,7 +5,7 @@ image:
|
||||
name: beryju/authentik
|
||||
name_static: beryju/authentik-static
|
||||
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
|
||||
tag: 2021.1.1-rc1
|
||||
tag: 2021.1.1-stable
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
serverReplicas: 1
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
package pkg
|
||||
|
||||
const VERSION = "2021.1.1-rc1"
|
||||
const VERSION = "2021.1.1-stable"
|
||||
|
||||
@ -81,7 +81,7 @@ select[multiple] {
|
||||
font-size: var(--pf-global--FontSize--sm);
|
||||
}
|
||||
|
||||
.pf-c-page__main {
|
||||
.pf-c-page__main, .pf-c-drawer__content, .pf-c-page__drawer {
|
||||
z-index: auto !important;
|
||||
}
|
||||
|
||||
|
||||
@ -28,4 +28,4 @@ export const ColorStyles = css`
|
||||
background-color: var(--pf-global--danger-color--100);
|
||||
}
|
||||
`;
|
||||
export const VERSION = "2021.1.1-rc1";
|
||||
export const VERSION = "2021.1.1-stable";
|
||||
|
||||
@ -15,7 +15,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte
|
||||
|
||||
To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env`
|
||||
|
||||
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.1.1-rc1 >> .env`
|
||||
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.1.1-stable >> .env`
|
||||
|
||||
If this is a fresh authentik install run the following commands to generate a password:
|
||||
|
||||
|
||||
@ -24,7 +24,7 @@ image:
|
||||
name: beryju/authentik
|
||||
name_static: beryju/authentik-static
|
||||
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
|
||||
tag: 2021.1.1-rc1
|
||||
tag: 2021.1.1-stable
|
||||
|
||||
serverReplicas: 1
|
||||
workerReplicas: 1
|
||||
|
||||
Reference in New Issue
Block a user