aeb1b450eb
* providers/google: initial account sync to google workspace Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start separating scim sync client Signed-off-by: Jens Langhammer <jens@goauthentik.io> * generalize more...ish Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set dispatch_uid Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start generalizing task Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fully separate tasks Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix signals...? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start google dedupe Signed-off-by: Jens Langhammer <jens@goauthentik.io> * drawing the rest of the owl Signed-off-by: Jens Langhammer <jens@goauthentik.io> * more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * juse use a whole lot less magic Signed-off-by: Jens Langhammer <jens@goauthentik.io> * member sync, better implement conflict/retry-able exceptions Signed-off-by: Jens Langhammer <jens@goauthentik.io> * max wizards taller Signed-off-by: Jens Langhammer <jens@goauthentik.io> * gen api, basic UI Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix some bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix a bunch more bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * generalize sync status API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rework sync chart Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add slugify to evaluator Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add test property mappings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * rename to google workspace Signed-off-by: Jens Langhammer <jens@goauthentik.io> * handle existing objects Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix credential render Signed-off-by: Jens Langhammer <jens@goauthentik.io> * verify email has correct domain before syncing user Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing docstring Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix lock not being used Signed-off-by: Jens Langhammer <jens@goauthentik.io> * abstract more common stuff away Signed-off-by: Jens Langhammer <jens@goauthentik.io> * backport time limit fix https://github.com/goauthentik/authentik/pull/9546 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start discovery Signed-off-by: Jens Langhammer <jens@goauthentik.io> * implement discover for google Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent same issue as with https://github.com/goauthentik/authentik/pull/9557 Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix sync status Signed-off-by: Jens Langhammer <jens@goauthentik.io> * make group name unique in API Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix reference to old wrapper Signed-off-by: Jens Langhammer <jens@goauthentik.io> * start adding tests man this api client is awful Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add SkipObject Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont use weak ref Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add user and group delete options Signed-off-by: Jens Langhammer <jens@goauthentik.io> * set user agent Signed-off-by: Jens Langhammer <jens@goauthentik.io> * if the api's testing tools are awful, let's just make our own Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add more tests and already fix some more bugs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add discover Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add preview banner Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add group import test Signed-off-by: Jens Langhammer <jens@goauthentik.io> * only import users/groups in the correct parent group Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix conflicting args Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix missing schedule Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix web ui Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add default_group_email_domain Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
168 lines
6.1 KiB
Python
168 lines
6.1 KiB
Python
# Generated by Django 5.0.4 on 2024-05-07 16:03
|
|
|
|
import django.db.models.deletion
|
|
import uuid
|
|
from django.conf import settings
|
|
from django.db import migrations, models
|
|
|
|
|
|
class Migration(migrations.Migration):
|
|
|
|
initial = True
|
|
|
|
dependencies = [
|
|
("authentik_core", "0035_alter_group_options_and_more"),
|
|
migrations.swappable_dependency(settings.AUTH_USER_MODEL),
|
|
]
|
|
|
|
operations = [
|
|
migrations.CreateModel(
|
|
name="GoogleWorkspaceProviderMapping",
|
|
fields=[
|
|
(
|
|
"propertymapping_ptr",
|
|
models.OneToOneField(
|
|
auto_created=True,
|
|
on_delete=django.db.models.deletion.CASCADE,
|
|
parent_link=True,
|
|
primary_key=True,
|
|
serialize=False,
|
|
to="authentik_core.propertymapping",
|
|
),
|
|
),
|
|
],
|
|
options={
|
|
"verbose_name": "Google Workspace Provider Mapping",
|
|
"verbose_name_plural": "Google Workspace Provider Mappings",
|
|
},
|
|
bases=("authentik_core.propertymapping",),
|
|
),
|
|
migrations.CreateModel(
|
|
name="GoogleWorkspaceProvider",
|
|
fields=[
|
|
(
|
|
"provider_ptr",
|
|
models.OneToOneField(
|
|
auto_created=True,
|
|
on_delete=django.db.models.deletion.CASCADE,
|
|
parent_link=True,
|
|
primary_key=True,
|
|
serialize=False,
|
|
to="authentik_core.provider",
|
|
),
|
|
),
|
|
("delegated_subject", models.EmailField(max_length=254)),
|
|
("credentials", models.JSONField()),
|
|
(
|
|
"scopes",
|
|
models.TextField(
|
|
default="https://www.googleapis.com/auth/admin.directory.user,https://www.googleapis.com/auth/admin.directory.group,https://www.googleapis.com/auth/admin.directory.group.member,https://www.googleapis.com/auth/admin.directory.domain.readonly"
|
|
),
|
|
),
|
|
("default_group_email_domain", models.TextField()),
|
|
("exclude_users_service_account", models.BooleanField(default=False)),
|
|
(
|
|
"user_delete_action",
|
|
models.TextField(
|
|
choices=[
|
|
("do_nothing", "Do Nothing"),
|
|
("delete", "Delete"),
|
|
("suspend", "Suspend"),
|
|
],
|
|
default="delete",
|
|
),
|
|
),
|
|
(
|
|
"group_delete_action",
|
|
models.TextField(
|
|
choices=[
|
|
("do_nothing", "Do Nothing"),
|
|
("delete", "Delete"),
|
|
("suspend", "Suspend"),
|
|
],
|
|
default="delete",
|
|
),
|
|
),
|
|
(
|
|
"filter_group",
|
|
models.ForeignKey(
|
|
default=None,
|
|
null=True,
|
|
on_delete=django.db.models.deletion.SET_DEFAULT,
|
|
to="authentik_core.group",
|
|
),
|
|
),
|
|
(
|
|
"property_mappings_group",
|
|
models.ManyToManyField(
|
|
blank=True,
|
|
default=None,
|
|
help_text="Property mappings used for group creation/updating.",
|
|
to="authentik_core.propertymapping",
|
|
),
|
|
),
|
|
],
|
|
options={
|
|
"verbose_name": "Google Workspace Provider",
|
|
"verbose_name_plural": "Google Workspace Providers",
|
|
},
|
|
bases=("authentik_core.provider", models.Model),
|
|
),
|
|
migrations.CreateModel(
|
|
name="GoogleWorkspaceProviderGroup",
|
|
fields=[
|
|
(
|
|
"id",
|
|
models.UUIDField(
|
|
default=uuid.uuid4, editable=False, primary_key=True, serialize=False
|
|
),
|
|
),
|
|
("google_id", models.TextField()),
|
|
(
|
|
"group",
|
|
models.ForeignKey(
|
|
on_delete=django.db.models.deletion.CASCADE, to="authentik_core.group"
|
|
),
|
|
),
|
|
(
|
|
"provider",
|
|
models.ForeignKey(
|
|
on_delete=django.db.models.deletion.CASCADE,
|
|
to="authentik_providers_google_workspace.googleworkspaceprovider",
|
|
),
|
|
),
|
|
],
|
|
options={
|
|
"unique_together": {("google_id", "group", "provider")},
|
|
},
|
|
),
|
|
migrations.CreateModel(
|
|
name="GoogleWorkspaceProviderUser",
|
|
fields=[
|
|
(
|
|
"id",
|
|
models.UUIDField(
|
|
default=uuid.uuid4, editable=False, primary_key=True, serialize=False
|
|
),
|
|
),
|
|
("google_id", models.TextField()),
|
|
(
|
|
"provider",
|
|
models.ForeignKey(
|
|
on_delete=django.db.models.deletion.CASCADE,
|
|
to="authentik_providers_google_workspace.googleworkspaceprovider",
|
|
),
|
|
),
|
|
(
|
|
"user",
|
|
models.ForeignKey(
|
|
on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL
|
|
),
|
|
),
|
|
],
|
|
options={
|
|
"unique_together": {("google_id", "user", "provider")},
|
|
},
|
|
),
|
|
]
|