Merge branch 'master' into next

2021-03-13 21:27:51 +01:00 · 2021-03-13 21:27:51 +01:00 · fef5a5ca52
parent 741ebbacca 9d339d8b11
commit fef5a5ca52
11 changed files with 209 additions and 58 deletions
--- a/authentik/lib/default.yml
+++ b/authentik/lib/default.yml
@ -13,6 +13,7 @@ redis:
  ws_db: 2
 debug: false
 log_level: info
 # Error reporting, sends stacktrace to sentry.beryju.org
--- a/authentik/policies/signals.py
+++ b/authentik/policies/signals.py
@ -26,5 +26,5 @@ def invalidate_policy_cache(sender, instance, **_):
            cache.delete_many(keys)
        LOGGER.debug("Invalidating policy cache", policy=instance, keys=total)
    # Also delete user application cache
-    keys = cache.keys(user_app_cache_key("*"))
+    keys = cache.keys(user_app_cache_key("*")) or []
    cache.delete_many(keys)
--- a/authentik/sources/oauth/forms.py
+++ b/authentik/sources/oauth/forms.py
@ -15,9 +15,11 @@ class OAuthSourceForm(forms.ModelForm):
        self.fields["authentication_flow"].queryset = Flow.objects.filter(
            designation=FlowDesignation.AUTHENTICATION
        )
        self.fields["authentication_flow"].required = True
        self.fields["enrollment_flow"].queryset = Flow.objects.filter(
            designation=FlowDesignation.ENROLLMENT
        )
        self.fields["enrollment_flow"].required = True
        if hasattr(self.Meta, "overrides"):
            for overide_field, overide_value in getattr(self.Meta, "overrides").items():
                self.fields[overide_field].initial = overide_value
--- a/authentik/sources/oauth/views/callback.py
+++ b/authentik/sources/oauth/views/callback.py
@ -4,6 +4,7 @@ from typing import Any, Optional
 from django.conf import settings
 from django.contrib import messages
 from django.http import Http404, HttpRequest, HttpResponse
 from django.http.response import HttpResponseBadRequest
 from django.shortcuts import redirect
 from django.urls import reverse
 from django.utils.translation import gettext as _
@ -151,6 +152,8 @@ class OAuthCallback(OAuthClientMixin, View):
                PLAN_CONTEXT_REDIRECT: final_redirect,
            }
        )
        if not flow:
            return HttpResponseBadRequest()
        # We run the Flow planner here so we can pass the Pending user in the context
        planner = FlowPlanner(flow)
        plan = planner.plan(self.request, kwargs)
@ -233,6 +236,9 @@ class OAuthCallback(OAuthClientMixin, View):
            PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
        }
        # We run the Flow planner here so we can pass the Pending user in the context
        if not source.enrollment_flow:
            LOGGER.warning("source has no enrollment flow", source=source)
            return HttpResponseBadRequest()
        planner = FlowPlanner(source.enrollment_flow)
        plan = planner.plan(self.request, context)
        plan.append(in_memory_stage(PostUserEnrollmentStage))
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -19,7 +19,7 @@ services:
    networks:
      - internal
  server:
-    image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3}
+    image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
    command: server
    environment:
      AUTHENTIK_REDIS__HOST: redis
@ -47,7 +47,7 @@ services:
    env_file:
      - .env
  worker:
-    image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3}
+    image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
    command: worker
    networks:
      - internal
@ -66,7 +66,7 @@ services:
    env_file:
      - .env
  static:
-    image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.3.3}
+    image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.3.3}
    networks:
      - internal
    labels:
--- a/website/docs/installation/beta.mdx
+++ b/website/docs/installation/beta.mdx
@ -0,0 +1,43 @@
 ---
 title: Beta versions
 ---
 You can test upcoming authentik versions by switching to the *next* images. These beta versions supported upgrades from the latest stable version, and have a supported upgrade plan to the next stable version.
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 <Tabs
  defaultValue="docker-compose"
  values={[
    {label: 'docker-compose', value: 'docker-compose'},
    {label: 'Kubernetes', value: 'kubernetes'},
  ]}>
  <TabItem value="docker-compose">
 Add the following block to your `.env` file:
 ```shell
 AUTHENTIK_IMAGE=docker.beryju.org/authentik/server
 AUTHENTIK_IMAGE_STATIC=docker.beryju.org/authentik/static
 AUTHENTIK_TAG=gh-next
 AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik
 ```
 Afterwards, run the upgrade commands from the [release notes](../releases/next)
  </TabItem>
  <TabItem value="kubernetes">
 Add the following block to your `values.yml` file:
 ```yaml
 image:
  name: docker.beryju.org/authentik/server
  name_static: docker.beryju.org/authentik/static
  name_outposts: docker.beryju.org/authentik
  tag: gh-next
  # pullPolicy: Always to ensure you always get the latest version
  pullPolicy: Always
 ```
 Afterwards, run the upgrade commands from the [release notes](../releases/next)
  </TabItem>
 </Tabs>
--- a/website/docs/installation/docker-compose-config.md
+++ b/website/docs/installation/docker-compose-config.md
@ -0,0 +1,84 @@
 ---
 title: docker-compose configuration
 ---
 These are all the configuration options you can set via docker-compose. These don't apply to Kubernetes, as those settings are configured via helm.
 Append any of the following keys to your `.env` file, and run `docker-compose up -d` to apply them.
 ## AUTHENTIK_LOG_LEVEL
 Log level for the server and worker containers. Possible values: debug, info, warning, error
 Defaults to `info`.
 ## AUTHENTIK_ERROR_REPORTING
 - AUTHENTIK_ERROR_REPORTING__ENABLED
  Enable error reporting. Defaults to `false`.
  Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent.
 - AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
  Unique environment that is attached to your error reports, should be set to your email address for example. Defaults to `customer`.
 - AUTHENTIK_ERROR_REPORTING__SEND_PII
  Whether or not to send personal data, like usernames. Defaults to `false`.
 ## AUTHENTIK_EMAIL
 - AUTHENTIK_EMAIL__HOST
  Default: `localhost`
 - AUTHENTIK_EMAIL__PORT
  Default: `25`
 - AUTHENTIK_EMAIL__USERNAME
  Default: `""`
 - AUTHENTIK_EMAIL__PASSWORD
  Default: `""`
 - AUTHENTIK_EMAIL__USE_TLS
  Default: `false`
 - AUTHENTIK_EMAIL__USE_SSL
  Default: `false`
 - AUTHENTIK_EMAIL__TIMEOUT
  Default: `10`
 - AUTHENTIK_EMAIL__FROM
  Default: `authentik@localhost`
  Email address authentik will send from, should have a correct @domain
 ## AUTHENTIK_OUTPOSTS
 - AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE
  This is the prefix used for authentik-managed outposts. Default: `beryju/authentik`.
 ## AUTHENTIK_AUTHENTIK
 - AUTHENTIK_AUTHENTIK__AVATARS
  Controls which avatars are shown. Defaults to `gravatar`. Can be set to `none` to disable avatars.
 - AUTHENTIK_AUTHENTIK__BRANDING__TITLE
  Branding title used throughout the UI. Defaults to `authentik`.
 - AUTHENTIK_AUTHENTIK__BRANDING__LOGO
  Logo shown in the sidebar and flow executions. Defaults to `/static/dist/assets/icons/icon_left_brand.svg`
--- a/website/docs/installation/index.md
+++ b/website/docs/installation/index.md
@ -2,6 +2,6 @@
 title: Installation
 ---
-If you want to try out authentik, or only want a small deployment (< 100 Users), you should use [docker-compose](./docker-compose).
+If you want to try out authentik, or only want a small deployment you should use [docker-compose](./docker-compose).
 If you want a larger deployment, or you want High-Availability, you should use [Kubernetes](./kubernetes).
--- a/website/docs/installation/kubernetes.md
+++ b/website/docs/installation/kubernetes.md
@ -59,6 +59,13 @@ config:
    # Email address authentik will send from, should have a correct @domain
    from: authentik@localhost
 # Enable MaxMind GeoIP
 # geoip:
 #   enabled: false
 #   accountId: ""
 #   licenseKey: ""
 #   image: maxmindinc/geoipupdate:latest
 # Enable Database Backups to S3
 # backup:
 #   accessKey: access-key
@ -86,15 +93,4 @@ ingress:
 install:
  postgresql: true
  redis: true
 # These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
 postgresql:
    postgresqlDatabase: authentik
 redis:
    cluster:
        enabled: false
    master:
        persistence:
            enabled: false
 ```
--- a/website/docs/releases/next.md
+++ b/website/docs/releases/next.md
@ -0,0 +1,17 @@
 ---
 title: Next
 ---
 # TBD
 ## Upgrading
 This release does not introduce any new requirements.
 ### docker-compose
 Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`.
 ### Kubernetes
 Run `helm repo update` and then upgrade your release with `helm upgrade passbook authentik/authentik --devel -f values.yaml`.
--- a/website/sidebars.js
+++ b/website/sidebars.js
@ -14,8 +14,10 @@ module.exports = {
            items: [
                "installation/index",
                "installation/docker-compose",
-                "installation/kubernetes",
+                "installation/docker-compose-config",
                "installation/reverse-proxy",
                "installation/kubernetes",
                "installation/beta",
            ],
        },
        {