website/docs: add more blueprint docs
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
810c04bacf
commit
070714abe4
|
@ -4,7 +4,6 @@ metadata:
|
||||||
entries:
|
entries:
|
||||||
- attrs:
|
- attrs:
|
||||||
designation: authentication
|
designation: authentication
|
||||||
layout: stacked
|
|
||||||
name: Welcome to authentik!
|
name: Welcome to authentik!
|
||||||
title: Welcome to authentik!
|
title: Welcome to authentik!
|
||||||
identifiers:
|
identifiers:
|
||||||
|
@ -12,34 +11,16 @@ entries:
|
||||||
model: authentik_flows.flow
|
model: authentik_flows.flow
|
||||||
id: flow
|
id: flow
|
||||||
- attrs:
|
- attrs:
|
||||||
backends:
|
|
||||||
- authentik.core.auth.InbuiltBackend
|
|
||||||
- authentik.sources.ldap.auth.LDAPBackend
|
|
||||||
- authentik.core.auth.TokenBackend
|
|
||||||
- authentik.core.auth.TokenBackend
|
|
||||||
configure_flow: !Find [authentik_flows.flow, [slug, default-password-change]]
|
configure_flow: !Find [authentik_flows.flow, [slug, default-password-change]]
|
||||||
failed_attempts_before_cancel: 5
|
|
||||||
identifiers:
|
identifiers:
|
||||||
name: default-authentication-password
|
name: default-authentication-password
|
||||||
id: default-authentication-password
|
id: default-authentication-password
|
||||||
model: authentik_stages_password.passwordstage
|
model: authentik_stages_password.passwordstage
|
||||||
- attrs:
|
- identifiers:
|
||||||
device_classes:
|
|
||||||
- static
|
|
||||||
- totp
|
|
||||||
- webauthn
|
|
||||||
- duo
|
|
||||||
- sms
|
|
||||||
not_configured_action: skip
|
|
||||||
identifiers:
|
|
||||||
name: default-authentication-mfa-validation
|
name: default-authentication-mfa-validation
|
||||||
id: default-authentication-mfa-validation
|
id: default-authentication-mfa-validation
|
||||||
model: authentik_stages_authenticator_validate.authenticatorvalidatestage
|
model: authentik_stages_authenticator_validate.authenticatorvalidatestage
|
||||||
- attrs:
|
- identifiers:
|
||||||
user_fields:
|
|
||||||
- email
|
|
||||||
- username
|
|
||||||
identifiers:
|
|
||||||
name: default-authentication-identification
|
name: default-authentication-identification
|
||||||
id: default-authentication-identification
|
id: default-authentication-identification
|
||||||
model: authentik_stages_identification.identificationstage
|
model: authentik_stages_identification.identificationstage
|
||||||
|
|
|
@ -5,7 +5,6 @@ entries:
|
||||||
- attrs:
|
- attrs:
|
||||||
designation: stage_configuration
|
designation: stage_configuration
|
||||||
name: default-authenticator-static-setup
|
name: default-authenticator-static-setup
|
||||||
policy_engine_mode: any
|
|
||||||
title: Setup Static OTP Tokens
|
title: Setup Static OTP Tokens
|
||||||
identifiers:
|
identifiers:
|
||||||
slug: default-authenticator-static-setup
|
slug: default-authenticator-static-setup
|
||||||
|
|
|
@ -5,7 +5,6 @@ entries:
|
||||||
- attrs:
|
- attrs:
|
||||||
designation: stage_configuration
|
designation: stage_configuration
|
||||||
name: default-authenticator-webauthn-setup
|
name: default-authenticator-webauthn-setup
|
||||||
policy_engine_mode: any
|
|
||||||
title: Setup WebAuthn
|
title: Setup WebAuthn
|
||||||
identifiers:
|
identifiers:
|
||||||
slug: default-authenticator-webauthn-setup
|
slug: default-authenticator-webauthn-setup
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
title: Export
|
||||||
|
---
|
||||||
|
|
||||||
|
## Global export
|
||||||
|
|
||||||
|
:::info
|
||||||
|
Requires authentik 2022.8.2
|
||||||
|
:::
|
||||||
|
|
||||||
|
To migrate existing configurations to blueprints, run `ak export_blueprint` within any authentik Worker container. This will output a blueprint for most currently created objects. Some objects will not be exported as they might have dependencies on other things.
|
||||||
|
|
||||||
|
Exported blueprints don't use any of the YAML Tags, they just contain a list of entries as they are in the database.
|
||||||
|
|
||||||
|
Note that fields which are write-only (for example, OAuth Provider's Secret Key) will not be added to the blueprint, as the serialisation logic from the API is used for blueprints.
|
||||||
|
|
||||||
|
Additionally, default values will be skipped and not added to the blueprint.
|
||||||
|
|
||||||
|
## Flow exports
|
||||||
|
|
||||||
|
Instead of exporting everything from a single instance, there's also the option to export a single flow with it's attached stages, policies and other objects.
|
||||||
|
|
||||||
|
This export can be triggered via the API or the Web UI by clicking the download button in the flow list.
|
||||||
|
|
||||||
|
## Cleaning up
|
||||||
|
|
||||||
|
Exports from either method will contain a (potentially) long list of objects, all with hardcoded primary keys and now ability for templating/instantiation. This is because currently, authentik does not check which primary keys are used where. It is assumed that for most exports, there'll be some manual changes done regardless, to filter out unwanted objects, adjust properties, etc.
|
|
@ -0,0 +1,66 @@
|
||||||
|
---
|
||||||
|
title: Example
|
||||||
|
---
|
||||||
|
|
||||||
|
This is one of the default packaged blueprints to create the default authentication flow.
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
version: 1
|
||||||
|
metadata:
|
||||||
|
name: Default - Authentication flow
|
||||||
|
entries:
|
||||||
|
# Order of entries is important when using !KeyOf, as tags are evaluated in order they are in
|
||||||
|
# the document
|
||||||
|
- attrs:
|
||||||
|
# Only options that are required should be set here. Default values should not be stated
|
||||||
|
# here, as they will prevent anyone from overwriting the value
|
||||||
|
designation: authentication
|
||||||
|
name: Welcome to authentik!
|
||||||
|
title: Welcome to authentik!
|
||||||
|
identifiers:
|
||||||
|
slug: default-authentication-flow
|
||||||
|
model: authentik_flows.flow
|
||||||
|
id: flow
|
||||||
|
- attrs:
|
||||||
|
configure_flow:
|
||||||
|
!Find [authentik_flows.flow, [slug, default-password-change]]
|
||||||
|
identifiers:
|
||||||
|
name: default-authentication-password
|
||||||
|
id: default-authentication-password
|
||||||
|
model: authentik_stages_password.passwordstage
|
||||||
|
- identifiers:
|
||||||
|
name: default-authentication-mfa-validation
|
||||||
|
# If we're fine with all defaults, `attrs` can be omitted
|
||||||
|
id: default-authentication-mfa-validation
|
||||||
|
model: authentik_stages_authenticator_validate.authenticatorvalidatestage
|
||||||
|
- identifiers:
|
||||||
|
name: default-authentication-identification
|
||||||
|
id: default-authentication-identification
|
||||||
|
model: authentik_stages_identification.identificationstage
|
||||||
|
- attrs:
|
||||||
|
session_duration: seconds=0
|
||||||
|
identifiers:
|
||||||
|
name: default-authentication-login
|
||||||
|
id: default-authentication-login
|
||||||
|
model: authentik_stages_user_login.userloginstage
|
||||||
|
- identifiers:
|
||||||
|
order: 10
|
||||||
|
stage: !KeyOf default-authentication-identification
|
||||||
|
target: !KeyOf flow
|
||||||
|
model: authentik_flows.flowstagebinding
|
||||||
|
- identifiers:
|
||||||
|
order: 20
|
||||||
|
stage: !KeyOf default-authentication-password
|
||||||
|
target: !KeyOf flow
|
||||||
|
model: authentik_flows.flowstagebinding
|
||||||
|
- identifiers:
|
||||||
|
order: 30
|
||||||
|
stage: !KeyOf default-authentication-mfa-validation
|
||||||
|
target: !KeyOf flow
|
||||||
|
model: authentik_flows.flowstagebinding
|
||||||
|
- identifiers:
|
||||||
|
order: 100
|
||||||
|
stage: !KeyOf default-authentication-login
|
||||||
|
target: !KeyOf flow
|
||||||
|
model: authentik_flows.flowstagebinding
|
||||||
|
```
|
|
@ -11,7 +11,12 @@ module.exports = {
|
||||||
type: "doc",
|
type: "doc",
|
||||||
id: "blueprints/index",
|
id: "blueprints/index",
|
||||||
},
|
},
|
||||||
items: ["blueprints/v1/structure", "blueprints/v1/tags"],
|
items: [
|
||||||
|
"blueprints/export",
|
||||||
|
"blueprints/v1/structure",
|
||||||
|
"blueprints/v1/tags",
|
||||||
|
"blueprints/v1/example",
|
||||||
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
type: "category",
|
type: "category",
|
||||||
|
@ -28,7 +33,7 @@ module.exports = {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
type: "category",
|
type: "category",
|
||||||
label: "Setup",
|
label: "Development",
|
||||||
items: [
|
items: [
|
||||||
"setup/full-dev-environment",
|
"setup/full-dev-environment",
|
||||||
"setup/frontend-only-dev-environment",
|
"setup/frontend-only-dev-environment",
|
||||||
|
|
Reference in New Issue