a5467c6e19
* root: add primary-replica db router Signed-off-by: Jens Langhammer <jens@goauthentik.io> * copy all settings for database replicas Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * refresh read replicas config, switch to using a dict instead of a list for easier refresh Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add test for get_keys Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix getting override Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * nosec Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * small fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix replica settings Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * generate config: add a dummy read replica Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add doc Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add healthchecks for replicas Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add note about hot reloading Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
25 lines
925 B
Python
25 lines
925 B
Python
"""authentik database backend"""
|
|
|
|
from django_tenants.postgresql_backend.base import DatabaseWrapper as BaseDatabaseWrapper
|
|
|
|
from authentik.lib.config import CONFIG
|
|
|
|
|
|
class DatabaseWrapper(BaseDatabaseWrapper):
|
|
"""database backend which supports rotating credentials"""
|
|
|
|
def get_connection_params(self):
|
|
"""Refresh DB credentials before getting connection params"""
|
|
conn_params = super().get_connection_params()
|
|
|
|
prefix = "postgresql"
|
|
if self.alias.startswith("replica_"):
|
|
prefix = f"postgresql.read_replicas.{self.alias.removeprefix('replica_')}"
|
|
|
|
for setting in ("host", "port", "user", "password"):
|
|
conn_params[setting] = CONFIG.refresh(f"{prefix}.{setting}")
|
|
if conn_params[setting] is None and self.alias.startswith("replica_"):
|
|
conn_params[setting] = CONFIG.refresh(f"postgresql.{setting}")
|
|
|
|
return conn_params
|