outposts: add repair_permissions command

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-23 14:53:53 +02:00
parent 45d47f828a
commit 12e2f7b945
6 changed files with 38 additions and 1 deletions

View File

@ -0,0 +1,15 @@
"""Repair missing permissions"""
from django.core.management.base import BaseCommand, no_translations
from django.apps import apps
from django.contrib.auth.management import create_permissions
class Command(BaseCommand): # pragma: no cover
"""Repair missing permissions"""
@no_translations
def handle(self, *args, **options):
"""Check permissions for all apps"""
for app in apps.get_app_configs():
self.stdout.write(f"Checking app {app.name} ({app.label})\n")
create_permissions(app, verbosity=0)

View File

@ -371,7 +371,11 @@ class Outpost(ManagedModel):
)
Event.new(
action=EventAction.SYSTEM_EXCEPTION,
message=exception_to_string(exc),
message=(
"While setting the permissions for the service-account, a permission "
"was not found: "
"Check https://goauthentik.io/docs/troubleshooting/missing_permission"
) + exception_to_string(exc),
).set_user(user).save()
else:
app_label, perm = model_or_perm.split(".")

View File

@ -0,0 +1,17 @@
---
title: Missing Permissions system_exception events
---
This error can occur during initial setup, when authentik bootstraps the embedded Outpost, while the database migrations are not finished yet.
The error should be temporary and not occur after initial installation.
If it does, you can run the following command to ensure all permissions exist:
```
docker-compose run --rm worker repair_permissions
# Or for kubernetes
kubectl exec -it authentik-worker-.... -- ak repair_permissions
```
If the error persists after running this command, please open an Issue on [GitHub](https://github.com/goauthentik/authentik/issues/)

View File

@ -204,6 +204,7 @@ module.exports = {
"troubleshooting/emails",
"troubleshooting/login",
"troubleshooting/image_upload_backup",
"troubleshooting/missing_permission",
],
},
],