recovery: add create_admin_group management command

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-07 21:53:21 +01:00
parent 61b5b36192
commit c4e029ffe2
4 changed files with 48 additions and 3 deletions

View File

@ -0,0 +1,30 @@
"""authentik recovery create_admin_group"""
from django.core.management.base import BaseCommand
from django.utils.translation import gettext as _
from authentik.core.models import Group, User
class Command(BaseCommand):
"""Create admin group if the default group gets deleted"""
help = _("Create admin group if the default group gets deleted.")
def add_arguments(self, parser):
parser.add_argument("user", action="store", help="User to add to the admin group.")
def handle(self, *args, **options):
"""Create admin group if the default group gets deleted"""
username = options.get("user")
user = User.objects.filter(username=username).first()
if not user:
self.stderr.write(f"User '{username}' not found.")
return
group, _ = Group.objects.update_or_create(
name="authentik Admins",
defaults={
"is_superuser": True,
},
)
group.users.add(user)
self.stdout.write(f"User '{username}' successfully added to the group 'authentik Admins'.")

View File

@ -7,12 +7,9 @@ from django.urls import reverse
from django.utils.text import slugify from django.utils.text import slugify
from django.utils.timezone import now from django.utils.timezone import now
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from structlog.stdlib import get_logger
from authentik.core.models import Token, TokenIntents, User from authentik.core.models import Token, TokenIntents, User
LOGGER = get_logger()
class Command(BaseCommand): class Command(BaseCommand):
"""Create Token used to recover access""" """Create Token used to recover access"""

View File

@ -0,0 +1,17 @@
---
title: Missing admin group
---
If all of the Admin groups have been deleted, or misconfigured during sync, you can use the following command to gain access back.
Run the following command, where *username* is the user you want to add to the newly created group:
```
docker-compose run --rm server create_admin_group username
```
or, for Kubernetes, run
```
kubectl exec -it deployment/authentik-worker -c authentik -- ak create_admin_group username
```

View File

@ -210,6 +210,7 @@ module.exports = {
"troubleshooting/login", "troubleshooting/login",
"troubleshooting/image_upload_backup", "troubleshooting/image_upload_backup",
"troubleshooting/missing_permission", "troubleshooting/missing_permission",
"troubleshooting/missing_admin_group",
], ],
}, },
], ],