outposts: add repair_permissions command

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:53:53 +02:00 · 2021-08-23 14:53:53 +02:00 · 12e2f7b945
parent 45d47f828a
commit 12e2f7b945
6 changed files with 38 additions and 1 deletions
--- a/authentik/outposts/management/init.py
+++ b/authentik/outposts/management/init.py
--- a/authentik/outposts/management/commands/init.py
+++ b/authentik/outposts/management/commands/init.py
--- a/authentik/outposts/management/commands/repair_permissions.py
+++ b/authentik/outposts/management/commands/repair_permissions.py
@ -0,0 +1,15 @@
+"""Repair missing permissions"""
+from django.core.management.base import BaseCommand, no_translations
+from django.apps import apps
+from django.contrib.auth.management import create_permissions
+
+
+class Command(BaseCommand):  # pragma: no cover
+    """Repair missing permissions"""
+
+    @no_translations
+    def handle(self, *args, **options):
+        """Check permissions for all apps"""
+        for app in apps.get_app_configs():
+            self.stdout.write(f"Checking app {app.name} ({app.label})\n")
+            create_permissions(app, verbosity=0)
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@ -371,7 +371,11 @@ class Outpost(ManagedModel):
                        )
                        Event.new(
                            action=EventAction.SYSTEM_EXCEPTION,
-                            message=exception_to_string(exc),
+                            message=(
+                                "While setting the permissions for the service-account, a permission "
+                                "was not found: "
+                                "Check https://goauthentik.io/docs/troubleshooting/missing_permission"
+                            ) + exception_to_string(exc),
                        ).set_user(user).save()
                else:
                    app_label, perm = model_or_perm.split(".")
--- a/website/docs/troubleshooting/missing_permission.md
+++ b/website/docs/troubleshooting/missing_permission.md
@ -0,0 +1,17 @@
+---
+title: Missing Permissions system_exception events
+---
+
+This error can occur during initial setup, when authentik bootstraps the embedded Outpost, while the database migrations are not finished yet.
+
+The error should be temporary and not occur after initial installation.
+
+If it does, you can run the following command to ensure all permissions exist:
+
+```
+docker-compose run --rm worker repair_permissions
+# Or for kubernetes
+kubectl exec -it authentik-worker-.... -- ak repair_permissions
+```
+
+If the error persists after running this command, please open an Issue on [GitHub](https://github.com/goauthentik/authentik/issues/)
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -204,6 +204,7 @@ module.exports = {
                "troubleshooting/emails",
                "troubleshooting/login",
                "troubleshooting/image_upload_backup",
+                "troubleshooting/missing_permission",
            ],
        },
    ],