d24e2abe7f
* rbac: rework API slightly to improve terraform compatibility Signed-off-by: Jens Langhammer <jens@goauthentik.io> * sigh https://www.django-rest-framework.org/api-guide/filtering/#filtering-and-object-lookups Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add permission support for users global permissions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add role support to blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix yaml tags Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add generated read-only role Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make permissions optional Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add object permission support to blueprints Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests kinda Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more tests and fix bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
3.3 KiB
Models
Some models behave differently and allow for access to different API fields when created via blueprint.
authentik_core.token
key
:::info Requires authentik 2023.4 :::
Via the standard API, a token's key cannot be changed, it can only be rotated. This is to ensure a high entropy in it's key, and to prevent insecure data from being used. However, when provisioning tokens via a blueprint, it may be required to set a token to an existing value.
With blueprints, the field key can be set, to set the token's key to any value.
For example:
# [...]
- model: authentik_core.token
state: present
identifiers:
identifier: my-token
attrs:
key: this-should-be-a-long-value
user: !KeyOf my-user
intent: api
authentik_core.user
password
:::info Requires authentik 2023.6 :::
Via the standard API, a user's password can only be set via the separate /api/v3/core/users/<id>/set_password/ endpoint. In blueprints, the password of a user can be set using the password field.
Keep in mind that if an LDAP Source is configured and the user maps to an LDAP user, this password change will be propagated to the LDAP server.
For example:
# [...]
- model: authentik_core.user
state: present
identifiers:
username: test-user
attrs:
name: test user
password: this-should-be-a-long-value
permissions
:::info Requires authentik 2024.8 :::
The permissions field can be used to set global permissions for a user. A full list of possible permissions is included in the JSON schema for blueprints.
For example:
# [...]
- model: authentik_core.user
identifiers:
username: test-user
attrs:
permissions:
- authentik_blueprints.view_blueprintinstance
authentik_core.application
icon
:::info Requires authentik 2023.5 :::
Application icons can be directly set to URLs with the icon field.
For example:
# [...]
- model: authentik_core.application
identifiers:
slug: my-app
attrs:
name: My App
icon: https://goauthentik.io/img/icon.png
authentik_sources_oauth.oauthsource, authentik_sources_saml.samlsource, authentik_sources_plex.plexsource
icon
:::info Requires authentik 2023.5 :::
Source icons can be directly set to URLs with the icon field.
For example:
# [...]
- model: authentik_sources_oauth.oauthsource
identifiers:
slug: my-source
attrs:
name: My source
icon: https://goauthentik.io/img/icon.png
authentik_flows.flow
icon
:::info Requires authentik 2023.5 :::
Flow backgrounds can be directly set to URLs with the background field.
For example:
# [...]
- model: authentik_flows.flow
identifiers:
slug: my-flow
attrs:
name: my-flow
title: My flow
designation: authentication
background: https://goauthentik.io/img/icon.png
authentik_rbac.role
permissions
:::info Requires authentik 2024.8 :::
The permissions field can be used to set global permissions for a role. A full list of possible permissions is included in the JSON schema for blueprints.
For example:
# [...]
- model: authentik_rbac.role
identifiers:
name: test-role
attrs:
permissions:
- authentik_blueprints.view_blueprintinstance