 d24e2abe7f
			
		
	
	d24e2abe7f
	
	
	
		
			
			* rbac: rework API slightly to improve terraform compatibility Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sigh https://www.django-rest-framework.org/api-guide/filtering/#filtering-and-object-lookups Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission support for users global permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add role support to blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix yaml tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add generated read-only role Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make permissions optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add object permission support to blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests kinda Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more tests and fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
		
			
				
	
	
		
			165 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			165 lines
		
	
	
		
			3.3 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # Models
 | ||
| 
 | ||
| Some models behave differently and allow for access to different API fields when created via blueprint.
 | ||
| 
 | ||
| ## `authentik_core.token`
 | ||
| 
 | ||
| ### `key`
 | ||
| 
 | ||
| :::info
 | ||
| Requires authentik 2023.4
 | ||
| :::
 | ||
| 
 | ||
| Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in it's key, and to prevent insecure data from being used. However, when provisioning tokens via a blueprint, it may be required to set a token to an existing value.
 | ||
| 
 | ||
| With blueprints, the field `key` can be set, to set the token's key to any value.
 | ||
| 
 | ||
| For example:
 | ||
| 
 | ||
| ```yaml
 | ||
| # [...]
 | ||
| - model: authentik_core.token
 | ||
|   state: present
 | ||
|   identifiers:
 | ||
|       identifier: my-token
 | ||
|   attrs:
 | ||
|       key: this-should-be-a-long-value
 | ||
|       user: !KeyOf my-user
 | ||
|       intent: api
 | ||
| ```
 | ||
| 
 | ||
| ## `authentik_core.user`
 | ||
| 
 | ||
| ### `password`
 | ||
| 
 | ||
| :::info
 | ||
| Requires authentik 2023.6
 | ||
| :::
 | ||
| 
 | ||
| Via the standard API, a user's password can only be set via the separate `/api/v3/core/users/<id>/set_password/` endpoint. In blueprints, the password of a user can be set using the `password` field.
 | ||
| 
 | ||
| Keep in mind that if an LDAP Source is configured and the user maps to an LDAP user, this password change will be propagated to the LDAP server.
 | ||
| 
 | ||
| For example:
 | ||
| 
 | ||
| ```yaml
 | ||
| # [...]
 | ||
| - model: authentik_core.user
 | ||
|   state: present
 | ||
|   identifiers:
 | ||
|       username: test-user
 | ||
|   attrs:
 | ||
|       name: test user
 | ||
|       password: this-should-be-a-long-value
 | ||
| ```
 | ||
| 
 | ||
| ### `permissions`
 | ||
| 
 | ||
| :::info
 | ||
| Requires authentik 2024.8
 | ||
| :::
 | ||
| 
 | ||
| The `permissions` field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints.
 | ||
| 
 | ||
| For example:
 | ||
| 
 | ||
| ```yaml
 | ||
| # [...]
 | ||
| - model: authentik_core.user
 | ||
|   identifiers:
 | ||
|       username: test-user
 | ||
|   attrs:
 | ||
|       permissions:
 | ||
|           - authentik_blueprints.view_blueprintinstance
 | ||
| ```
 | ||
| 
 | ||
| ## `authentik_core.application`
 | ||
| 
 | ||
| ### `icon`
 | ||
| 
 | ||
| :::info
 | ||
| Requires authentik 2023.5
 | ||
| :::
 | ||
| 
 | ||
| Application icons can be directly set to URLs with the `icon` field.
 | ||
| 
 | ||
| For example:
 | ||
| 
 | ||
| ```yaml
 | ||
| # [...]
 | ||
| - model: authentik_core.application
 | ||
|   identifiers:
 | ||
|       slug: my-app
 | ||
|   attrs:
 | ||
|       name: My App
 | ||
|       icon: https://goauthentik.io/img/icon.png
 | ||
| ```
 | ||
| 
 | ||
| ## `authentik_sources_oauth.oauthsource`, `authentik_sources_saml.samlsource`, `authentik_sources_plex.plexsource`
 | ||
| 
 | ||
| ### `icon`
 | ||
| 
 | ||
| :::info
 | ||
| Requires authentik 2023.5
 | ||
| :::
 | ||
| 
 | ||
| Source icons can be directly set to URLs with the `icon` field.
 | ||
| 
 | ||
| For example:
 | ||
| 
 | ||
| ```yaml
 | ||
| # [...]
 | ||
| - model: authentik_sources_oauth.oauthsource
 | ||
|   identifiers:
 | ||
|       slug: my-source
 | ||
|   attrs:
 | ||
|       name: My source
 | ||
|       icon: https://goauthentik.io/img/icon.png
 | ||
| ```
 | ||
| 
 | ||
| ## `authentik_flows.flow`
 | ||
| 
 | ||
| ### `icon`
 | ||
| 
 | ||
| :::info
 | ||
| Requires authentik 2023.5
 | ||
| :::
 | ||
| 
 | ||
| Flow backgrounds can be directly set to URLs with the `background` field.
 | ||
| 
 | ||
| For example:
 | ||
| 
 | ||
| ```yaml
 | ||
| # [...]
 | ||
| - model: authentik_flows.flow
 | ||
|   identifiers:
 | ||
|       slug: my-flow
 | ||
|   attrs:
 | ||
|       name: my-flow
 | ||
|       title: My flow
 | ||
|       designation: authentication
 | ||
|       background: https://goauthentik.io/img/icon.png
 | ||
| ```
 | ||
| 
 | ||
| ## `authentik_rbac.role`
 | ||
| 
 | ||
| ### `permissions`
 | ||
| 
 | ||
| :::info
 | ||
| Requires authentik 2024.8
 | ||
| :::
 | ||
| 
 | ||
| The `permissions` field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints.
 | ||
| 
 | ||
| For example:
 | ||
| 
 | ||
| ```yaml
 | ||
| # [...]
 | ||
| - model: authentik_rbac.role
 | ||
|   identifiers:
 | ||
|       name: test-role
 | ||
|   attrs:
 | ||
|       permissions:
 | ||
|           - authentik_blueprints.view_blueprintinstance
 | ||
| ```
 |