root: allow custom settings via python module

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

.gitignore

@@ -194,11 +194,9 @@ pip-selfcheck.json
 /static/
 local.env.yml
 
-# Selenium Screenshots
-selenium_screenshots/
-backups/
 media/
 *mmdb
 
 .idea/
 /gen-*/
+data/

authentik/root/settings.py

@@ -452,22 +452,29 @@ _DISALLOWED_ITEMS = [
     "AUTHENTICATION_BACKENDS",
     "CELERY_BEAT_SCHEDULE",
 ]
-# Load subapps's INSTALLED_APPS
+
+
+def _update_settings(app_path: str):
+    try:
+        settings_module = importlib.import_module(app_path)
+        CONFIG.log("debug", "Loaded app settings", path=app_path)
+        INSTALLED_APPS.extend(getattr(settings_module, "INSTALLED_APPS", []))
+        MIDDLEWARE.extend(getattr(settings_module, "MIDDLEWARE", []))
+        AUTHENTICATION_BACKENDS.extend(getattr(settings_module, "AUTHENTICATION_BACKENDS", []))
+        CELERY_BEAT_SCHEDULE.update(getattr(settings_module, "CELERY_BEAT_SCHEDULE", {}))
+        for _attr in dir(settings_module):
+            if not _attr.startswith("__") and _attr not in _DISALLOWED_ITEMS:
+                globals()[_attr] = getattr(settings_module, _attr)
+    except ImportError:
+        pass
+
+
+# Load subapps's settings
 for _app in INSTALLED_APPS:
-    if _app.startswith("authentik"):
-        if "apps" in _app:
-            _app = ".".join(_app.split(".")[:-2])
-        try:
-            app_settings = importlib.import_module(f"{_app}.settings")
-            INSTALLED_APPS.extend(getattr(app_settings, "INSTALLED_APPS", []))
-            MIDDLEWARE.extend(getattr(app_settings, "MIDDLEWARE", []))
-            AUTHENTICATION_BACKENDS.extend(getattr(app_settings, "AUTHENTICATION_BACKENDS", []))
-            CELERY_BEAT_SCHEDULE.update(getattr(app_settings, "CELERY_BEAT_SCHEDULE", {}))
-            for _attr in dir(app_settings):
-                if not _attr.startswith("__") and _attr not in _DISALLOWED_ITEMS:
-                    globals()[_attr] = getattr(app_settings, _attr)
-        except ImportError:
-            pass
+    if not _app.startswith("authentik"):
+        continue
+    _update_settings(f"{_app}.settings")
+_update_settings("data.user_settings")
 
 if DEBUG:
     CELERY_TASK_ALWAYS_EAGER = True

tests/e2e/utils.py

@@ -2,8 +2,8 @@
 import json
 import os
 from functools import lru_cache, wraps
-from os import environ, makedirs
-from time import sleep, time
+from os import environ
+from time import sleep
 from typing import Any, Callable, Optional
 
 from django.contrib.staticfiles.testing import StaticLiveServerTestCase
@@ -111,11 +111,6 @@ class SeleniumTestCase(StaticLiveServerTestCase):
         raise ValueError(f"Webdriver failed after {RETRIES}.")
 
     def tearDown(self):
-        if "TF_BUILD" in environ:
-            makedirs("selenium_screenshots/", exist_ok=True)
-            screenshot_file = f"selenium_screenshots/{self.__class__.__name__}_{time()}.png"
-            self.driver.save_screenshot(screenshot_file)
-            self.logger.warning("Saved screenshot", file=screenshot_file)
         self.logger.debug("--------browser logs")
         for line in self.driver.get_log("browser"):
             self.logger.debug(line["message"], source=line["source"], level=line["level"])

website/docs/installation/configuration.md

@@ -278,3 +278,11 @@ Requires authentik 2022.9
 Configure how many gunicorn threads a worker processes should have (see https://docs.gunicorn.org/en/stable/design.html).
 
 Defaults to 4.
+
+## Custom python settings
+
+To modify additional settings further than the options above allow, you can create a custom python file and mount it to `/data/user_settings.py`. This file will be loaded on startup by both the server and the worker. All default settings are [here](https://github.com/goauthentik/authentik/blob/main/authentik/root/settings.py)
+
+:::warning
+Using these custom settings is not supported and can prevent your authentik instance from starting. Use with caution.
+:::