trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into next

This commit is contained in:
Jens Langhammer 2021-03-13 21:27:51 +01:00
parent 741ebbacca 9d339d8b11
commit fef5a5ca52
11 changed files with 209 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
authentik/lib/default.yml
View File

@ -13,6 +13,7 @@ redis:
ws_db: 2
debug: false
log_level: info
# Error reporting, sends stacktrace to sentry.beryju.org

2
authentik/policies/signals.py
View File

@ -26,5 +26,5 @@ def invalidate_policy_cache(sender, instance, **_):
cache.delete_many(keys)
LOGGER.debug("Invalidating policy cache", policy=instance, keys=total)
# Also delete user application cache
keys = cache.keys(user_app_cache_key("*"))
keys = cache.keys(user_app_cache_key("*")) or []
cache.delete_many(keys)

2
authentik/sources/oauth/forms.py
View File

@ -15,9 +15,11 @@ class OAuthSourceForm(forms.ModelForm):
self.fields["authentication_flow"].queryset = Flow.objects.filter(
designation=FlowDesignation.AUTHENTICATION
)
self.fields["authentication_flow"].required = True
self.fields["enrollment_flow"].queryset = Flow.objects.filter(
designation=FlowDesignation.ENROLLMENT
)
self.fields["enrollment_flow"].required = True
if hasattr(self.Meta, "overrides"):
for overide_field, overide_value in getattr(self.Meta, "overrides").items():
self.fields[overide_field].initial = overide_value

6
authentik/sources/oauth/views/callback.py
View File

@ -4,6 +4,7 @@ from typing import Any, Optional
from django.conf import settings
from django.contrib import messages
from django.http import Http404, HttpRequest, HttpResponse
from django.http.response import HttpResponseBadRequest
from django.shortcuts import redirect
from django.urls import reverse
from django.utils.translation import gettext as _
@ -151,6 +152,8 @@ class OAuthCallback(OAuthClientMixin, View):
PLAN_CONTEXT_REDIRECT: final_redirect,
}
)
if not flow:
return HttpResponseBadRequest()
# We run the Flow planner here so we can pass the Pending user in the context
planner = FlowPlanner(flow)
plan = planner.plan(self.request, kwargs)
@ -233,6 +236,9 @@ class OAuthCallback(OAuthClientMixin, View):
PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
}
# We run the Flow planner here so we can pass the Pending user in the context
if not source.enrollment_flow:
LOGGER.warning("source has no enrollment flow", source=source)
return HttpResponseBadRequest()
planner = FlowPlanner(source.enrollment_flow)
plan = planner.plan(self.request, context)
plan.append(in_memory_stage(PostUserEnrollmentStage))

6
docker-compose.yml
View File

@ -19,7 +19,7 @@ services:
networks:
- internal
server:
image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3}
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
command: server
environment:
AUTHENTIK_REDIS__HOST: redis
@ -47,7 +47,7 @@ services:
env_file:
- .env
worker:
image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3}
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
command: worker
networks:
- internal
@ -66,7 +66,7 @@ services:
env_file:
- .env
static:
image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.3.3}
image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.3.3}
networks:
- internal
labels:

43
website/docs/installation/beta.mdx Normal file
View File

@ -0,0 +1,43 @@
---
title: Beta versions
---
You can test upcoming authentik versions by switching to the *next* images. These beta versions supported upgrades from the latest stable version, and have a supported upgrade plan to the next stable version.
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
<Tabs
defaultValue="docker-compose"
values={[
{label: 'docker-compose', value: 'docker-compose'},
{label: 'Kubernetes', value: 'kubernetes'},
]}>
<TabItem value="docker-compose">
Add the following block to your `.env` file:
```shell
AUTHENTIK_IMAGE=docker.beryju.org/authentik/server
AUTHENTIK_IMAGE_STATIC=docker.beryju.org/authentik/static
AUTHENTIK_TAG=gh-next
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik
```
Afterwards, run the upgrade commands from the [release notes](../releases/next)
</TabItem>
<TabItem value="kubernetes">
Add the following block to your `values.yml` file:
```yaml
image:
name: docker.beryju.org/authentik/server
name_static: docker.beryju.org/authentik/static
name_outposts: docker.beryju.org/authentik
tag: gh-next
# pullPolicy: Always to ensure you always get the latest version
pullPolicy: Always
```
Afterwards, run the upgrade commands from the [release notes](../releases/next)
</TabItem>
</Tabs>

84
website/docs/installation/docker-compose-config.md Normal file
View File

@ -0,0 +1,84 @@
---
title: docker-compose configuration
---
These are all the configuration options you can set via docker-compose. These don't apply to Kubernetes, as those settings are configured via helm.
Append any of the following keys to your `.env` file, and run `docker-compose up -d` to apply them.
## AUTHENTIK_LOG_LEVEL
Log level for the server and worker containers. Possible values: debug, info, warning, error
Defaults to `info`.
## AUTHENTIK_ERROR_REPORTING
- AUTHENTIK_ERROR_REPORTING__ENABLED
Enable error reporting. Defaults to `false`.
Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent.
- AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
Unique environment that is attached to your error reports, should be set to your email address for example. Defaults to `customer`.
- AUTHENTIK_ERROR_REPORTING__SEND_PII
Whether or not to send personal data, like usernames. Defaults to `false`.
## AUTHENTIK_EMAIL
- AUTHENTIK_EMAIL__HOST
Default: `localhost`
- AUTHENTIK_EMAIL__PORT
Default: `25`
- AUTHENTIK_EMAIL__USERNAME
Default: `""`
- AUTHENTIK_EMAIL__PASSWORD
Default: `""`
- AUTHENTIK_EMAIL__USE_TLS
Default: `false`
- AUTHENTIK_EMAIL__USE_SSL
Default: `false`
- AUTHENTIK_EMAIL__TIMEOUT
Default: `10`
- AUTHENTIK_EMAIL__FROM
Default: `authentik@localhost`
Email address authentik will send from, should have a correct @domain
## AUTHENTIK_OUTPOSTS
- AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE
This is the prefix used for authentik-managed outposts. Default: `beryju/authentik`.
## AUTHENTIK_AUTHENTIK
- AUTHENTIK_AUTHENTIK__AVATARS
Controls which avatars are shown. Defaults to `gravatar`. Can be set to `none` to disable avatars.
- AUTHENTIK_AUTHENTIK__BRANDING__TITLE
Branding title used throughout the UI. Defaults to `authentik`.
- AUTHENTIK_AUTHENTIK__BRANDING__LOGO
Logo shown in the sidebar and flow executions. Defaults to `/static/dist/assets/icons/icon_left_brand.svg`

2
website/docs/installation/index.md
View File

@ -2,6 +2,6 @@
title: Installation
---
If you want to try out authentik, or only want a small deployment (< 100 Users), you should use [docker-compose](./docker-compose).
If you want to try out authentik, or only want a small deployment you should use [docker-compose](./docker-compose).
If you want a larger deployment, or you want High-Availability, you should use [Kubernetes](./kubernetes).

100
website/docs/installation/kubernetes.md
View File

@ -21,10 +21,10 @@ It is also recommended to configure global email credentials. These are used by
# Values directly affecting authentik
###################################
image:
name: beryju/authentik
name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
tag: 2021.3.3
name: beryju/authentik
name_static: beryju/authentik-static
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
tag: 2021.3.3
serverReplicas: 1
workerReplicas: 1
@ -33,31 +33,38 @@ workerReplicas: 1
kubernetesIntegration: true
config:
# Optionally specify fixed secret_key, otherwise generated automatically
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
# Enable error reporting
errorReporting:
enabled: false
environment: customer
sendPii: false
# Log level used by web and worker
# Can be either debug, info, warning, error
logLevel: warning
# Global Email settings
email:
# SMTP Host Emails are sent to
host: localhost
port: 25
# Optionally authenticate
username: ""
password: ""
# Use StartTLS
useTls: false
# Use SSL
useSsl: false
timeout: 10
# Email address authentik will send from, should have a correct @domain
from: authentik@localhost
# Optionally specify fixed secret_key, otherwise generated automatically
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
# Enable error reporting
errorReporting:
enabled: false
environment: customer
sendPii: false
# Log level used by web and worker
# Can be either debug, info, warning, error
logLevel: warning
# Global Email settings
email:
# SMTP Host Emails are sent to
host: localhost
port: 25
# Optionally authenticate
username: ""
password: ""
# Use StartTLS
useTls: false
# Use SSL
useSsl: false
timeout: 10
# Email address authentik will send from, should have a correct @domain
from: authentik@localhost
# Enable MaxMind GeoIP
# geoip:
# enabled: false
# accountId: ""
# licenseKey: ""
# image: maxmindinc/geoipupdate:latest
# Enable Database Backups to S3
# backup:
@ -68,33 +75,22 @@ config:
# host: s3-host
ingress:
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- authentik.k8s.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - authentik.k8s.local
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- authentik.k8s.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - authentik.k8s.local
###################################
# Values controlling dependencies
###################################
install:
postgresql: true
redis: true
# These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
postgresql:
postgresqlDatabase: authentik
redis:
cluster:
enabled: false
master:
persistence:
enabled: false
postgresql: true
redis: true
```

17
website/docs/releases/next.md Normal file
View File

@ -0,0 +1,17 @@
---
title: Next
---
# TBD
## Upgrading
This release does not introduce any new requirements.
### docker-compose
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`.
### Kubernetes
Run `helm repo update` and then upgrade your release with `helm upgrade passbook authentik/authentik --devel -f values.yaml`.

4
website/sidebars.js
View File

@ -14,8 +14,10 @@ module.exports = {
items: [
"installation/index",
"installation/docker-compose",
"installation/kubernetes",
"installation/docker-compose-config",
"installation/reverse-proxy",
"installation/kubernetes",
"installation/beta",
],
},
{