Merge branch 'master' into next
This commit is contained in:
commit
fef5a5ca52
|
@ -13,6 +13,7 @@ redis:
|
|||
ws_db: 2
|
||||
|
||||
debug: false
|
||||
|
||||
log_level: info
|
||||
|
||||
# Error reporting, sends stacktrace to sentry.beryju.org
|
||||
|
|
|
@ -26,5 +26,5 @@ def invalidate_policy_cache(sender, instance, **_):
|
|||
cache.delete_many(keys)
|
||||
LOGGER.debug("Invalidating policy cache", policy=instance, keys=total)
|
||||
# Also delete user application cache
|
||||
keys = cache.keys(user_app_cache_key("*"))
|
||||
keys = cache.keys(user_app_cache_key("*")) or []
|
||||
cache.delete_many(keys)
|
||||
|
|
|
@ -15,9 +15,11 @@ class OAuthSourceForm(forms.ModelForm):
|
|||
self.fields["authentication_flow"].queryset = Flow.objects.filter(
|
||||
designation=FlowDesignation.AUTHENTICATION
|
||||
)
|
||||
self.fields["authentication_flow"].required = True
|
||||
self.fields["enrollment_flow"].queryset = Flow.objects.filter(
|
||||
designation=FlowDesignation.ENROLLMENT
|
||||
)
|
||||
self.fields["enrollment_flow"].required = True
|
||||
if hasattr(self.Meta, "overrides"):
|
||||
for overide_field, overide_value in getattr(self.Meta, "overrides").items():
|
||||
self.fields[overide_field].initial = overide_value
|
||||
|
|
|
@ -4,6 +4,7 @@ from typing import Any, Optional
|
|||
from django.conf import settings
|
||||
from django.contrib import messages
|
||||
from django.http import Http404, HttpRequest, HttpResponse
|
||||
from django.http.response import HttpResponseBadRequest
|
||||
from django.shortcuts import redirect
|
||||
from django.urls import reverse
|
||||
from django.utils.translation import gettext as _
|
||||
|
@ -151,6 +152,8 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||
PLAN_CONTEXT_REDIRECT: final_redirect,
|
||||
}
|
||||
)
|
||||
if not flow:
|
||||
return HttpResponseBadRequest()
|
||||
# We run the Flow planner here so we can pass the Pending user in the context
|
||||
planner = FlowPlanner(flow)
|
||||
plan = planner.plan(self.request, kwargs)
|
||||
|
@ -233,6 +236,9 @@ class OAuthCallback(OAuthClientMixin, View):
|
|||
PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
|
||||
}
|
||||
# We run the Flow planner here so we can pass the Pending user in the context
|
||||
if not source.enrollment_flow:
|
||||
LOGGER.warning("source has no enrollment flow", source=source)
|
||||
return HttpResponseBadRequest()
|
||||
planner = FlowPlanner(source.enrollment_flow)
|
||||
plan = planner.plan(self.request, context)
|
||||
plan.append(in_memory_stage(PostUserEnrollmentStage))
|
||||
|
|
|
@ -19,7 +19,7 @@ services:
|
|||
networks:
|
||||
- internal
|
||||
server:
|
||||
image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3}
|
||||
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
|
||||
command: server
|
||||
environment:
|
||||
AUTHENTIK_REDIS__HOST: redis
|
||||
|
@ -47,7 +47,7 @@ services:
|
|||
env_file:
|
||||
- .env
|
||||
worker:
|
||||
image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3}
|
||||
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
|
||||
command: worker
|
||||
networks:
|
||||
- internal
|
||||
|
@ -66,7 +66,7 @@ services:
|
|||
env_file:
|
||||
- .env
|
||||
static:
|
||||
image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.3.3}
|
||||
image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.3.3}
|
||||
networks:
|
||||
- internal
|
||||
labels:
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
title: Beta versions
|
||||
---
|
||||
|
||||
You can test upcoming authentik versions by switching to the *next* images. These beta versions supported upgrades from the latest stable version, and have a supported upgrade plan to the next stable version.
|
||||
|
||||
import Tabs from '@theme/Tabs';
|
||||
import TabItem from '@theme/TabItem';
|
||||
|
||||
<Tabs
|
||||
defaultValue="docker-compose"
|
||||
values={[
|
||||
{label: 'docker-compose', value: 'docker-compose'},
|
||||
{label: 'Kubernetes', value: 'kubernetes'},
|
||||
]}>
|
||||
<TabItem value="docker-compose">
|
||||
Add the following block to your `.env` file:
|
||||
|
||||
```shell
|
||||
AUTHENTIK_IMAGE=docker.beryju.org/authentik/server
|
||||
AUTHENTIK_IMAGE_STATIC=docker.beryju.org/authentik/static
|
||||
AUTHENTIK_TAG=gh-next
|
||||
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik
|
||||
```
|
||||
|
||||
Afterwards, run the upgrade commands from the [release notes](../releases/next)
|
||||
</TabItem>
|
||||
<TabItem value="kubernetes">
|
||||
Add the following block to your `values.yml` file:
|
||||
|
||||
```yaml
|
||||
image:
|
||||
name: docker.beryju.org/authentik/server
|
||||
name_static: docker.beryju.org/authentik/static
|
||||
name_outposts: docker.beryju.org/authentik
|
||||
tag: gh-next
|
||||
# pullPolicy: Always to ensure you always get the latest version
|
||||
pullPolicy: Always
|
||||
```
|
||||
|
||||
Afterwards, run the upgrade commands from the [release notes](../releases/next)
|
||||
</TabItem>
|
||||
</Tabs>
|
|
@ -0,0 +1,84 @@
|
|||
---
|
||||
title: docker-compose configuration
|
||||
---
|
||||
|
||||
These are all the configuration options you can set via docker-compose. These don't apply to Kubernetes, as those settings are configured via helm.
|
||||
|
||||
Append any of the following keys to your `.env` file, and run `docker-compose up -d` to apply them.
|
||||
|
||||
## AUTHENTIK_LOG_LEVEL
|
||||
|
||||
Log level for the server and worker containers. Possible values: debug, info, warning, error
|
||||
Defaults to `info`.
|
||||
|
||||
## AUTHENTIK_ERROR_REPORTING
|
||||
|
||||
- AUTHENTIK_ERROR_REPORTING__ENABLED
|
||||
|
||||
Enable error reporting. Defaults to `false`.
|
||||
|
||||
Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent.
|
||||
|
||||
- AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
|
||||
|
||||
Unique environment that is attached to your error reports, should be set to your email address for example. Defaults to `customer`.
|
||||
|
||||
- AUTHENTIK_ERROR_REPORTING__SEND_PII
|
||||
|
||||
Whether or not to send personal data, like usernames. Defaults to `false`.
|
||||
|
||||
## AUTHENTIK_EMAIL
|
||||
|
||||
- AUTHENTIK_EMAIL__HOST
|
||||
|
||||
Default: `localhost`
|
||||
|
||||
- AUTHENTIK_EMAIL__PORT
|
||||
|
||||
Default: `25`
|
||||
|
||||
- AUTHENTIK_EMAIL__USERNAME
|
||||
|
||||
Default: `""`
|
||||
|
||||
- AUTHENTIK_EMAIL__PASSWORD
|
||||
|
||||
Default: `""`
|
||||
|
||||
- AUTHENTIK_EMAIL__USE_TLS
|
||||
|
||||
Default: `false`
|
||||
|
||||
- AUTHENTIK_EMAIL__USE_SSL
|
||||
|
||||
Default: `false`
|
||||
|
||||
- AUTHENTIK_EMAIL__TIMEOUT
|
||||
|
||||
Default: `10`
|
||||
|
||||
- AUTHENTIK_EMAIL__FROM
|
||||
|
||||
Default: `authentik@localhost`
|
||||
|
||||
Email address authentik will send from, should have a correct @domain
|
||||
|
||||
## AUTHENTIK_OUTPOSTS
|
||||
|
||||
- AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE
|
||||
|
||||
This is the prefix used for authentik-managed outposts. Default: `beryju/authentik`.
|
||||
|
||||
## AUTHENTIK_AUTHENTIK
|
||||
|
||||
- AUTHENTIK_AUTHENTIK__AVATARS
|
||||
|
||||
Controls which avatars are shown. Defaults to `gravatar`. Can be set to `none` to disable avatars.
|
||||
|
||||
- AUTHENTIK_AUTHENTIK__BRANDING__TITLE
|
||||
|
||||
Branding title used throughout the UI. Defaults to `authentik`.
|
||||
|
||||
- AUTHENTIK_AUTHENTIK__BRANDING__LOGO
|
||||
|
||||
Logo shown in the sidebar and flow executions. Defaults to `/static/dist/assets/icons/icon_left_brand.svg`
|
|
@ -2,6 +2,6 @@
|
|||
title: Installation
|
||||
---
|
||||
|
||||
If you want to try out authentik, or only want a small deployment (< 100 Users), you should use [docker-compose](./docker-compose).
|
||||
If you want to try out authentik, or only want a small deployment you should use [docker-compose](./docker-compose).
|
||||
|
||||
If you want a larger deployment, or you want High-Availability, you should use [Kubernetes](./kubernetes).
|
||||
|
|
|
@ -21,10 +21,10 @@ It is also recommended to configure global email credentials. These are used by
|
|||
# Values directly affecting authentik
|
||||
###################################
|
||||
image:
|
||||
name: beryju/authentik
|
||||
name_static: beryju/authentik-static
|
||||
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
|
||||
tag: 2021.3.3
|
||||
name: beryju/authentik
|
||||
name_static: beryju/authentik-static
|
||||
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
|
||||
tag: 2021.3.3
|
||||
|
||||
serverReplicas: 1
|
||||
workerReplicas: 1
|
||||
|
@ -33,31 +33,38 @@ workerReplicas: 1
|
|||
kubernetesIntegration: true
|
||||
|
||||
config:
|
||||
# Optionally specify fixed secret_key, otherwise generated automatically
|
||||
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
||||
# Enable error reporting
|
||||
errorReporting:
|
||||
enabled: false
|
||||
environment: customer
|
||||
sendPii: false
|
||||
# Log level used by web and worker
|
||||
# Can be either debug, info, warning, error
|
||||
logLevel: warning
|
||||
# Global Email settings
|
||||
email:
|
||||
# SMTP Host Emails are sent to
|
||||
host: localhost
|
||||
port: 25
|
||||
# Optionally authenticate
|
||||
username: ""
|
||||
password: ""
|
||||
# Use StartTLS
|
||||
useTls: false
|
||||
# Use SSL
|
||||
useSsl: false
|
||||
timeout: 10
|
||||
# Email address authentik will send from, should have a correct @domain
|
||||
from: authentik@localhost
|
||||
# Optionally specify fixed secret_key, otherwise generated automatically
|
||||
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
||||
# Enable error reporting
|
||||
errorReporting:
|
||||
enabled: false
|
||||
environment: customer
|
||||
sendPii: false
|
||||
# Log level used by web and worker
|
||||
# Can be either debug, info, warning, error
|
||||
logLevel: warning
|
||||
# Global Email settings
|
||||
email:
|
||||
# SMTP Host Emails are sent to
|
||||
host: localhost
|
||||
port: 25
|
||||
# Optionally authenticate
|
||||
username: ""
|
||||
password: ""
|
||||
# Use StartTLS
|
||||
useTls: false
|
||||
# Use SSL
|
||||
useSsl: false
|
||||
timeout: 10
|
||||
# Email address authentik will send from, should have a correct @domain
|
||||
from: authentik@localhost
|
||||
|
||||
# Enable MaxMind GeoIP
|
||||
# geoip:
|
||||
# enabled: false
|
||||
# accountId: ""
|
||||
# licenseKey: ""
|
||||
# image: maxmindinc/geoipupdate:latest
|
||||
|
||||
# Enable Database Backups to S3
|
||||
# backup:
|
||||
|
@ -68,33 +75,22 @@ config:
|
|||
# host: s3-host
|
||||
|
||||
ingress:
|
||||
annotations:
|
||||
{}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- authentik.k8s.local
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
# hosts:
|
||||
# - authentik.k8s.local
|
||||
annotations:
|
||||
{}
|
||||
# kubernetes.io/ingress.class: nginx
|
||||
# kubernetes.io/tls-acme: "true"
|
||||
hosts:
|
||||
- authentik.k8s.local
|
||||
tls: []
|
||||
# - secretName: chart-example-tls
|
||||
# hosts:
|
||||
# - authentik.k8s.local
|
||||
|
||||
###################################
|
||||
# Values controlling dependencies
|
||||
###################################
|
||||
|
||||
install:
|
||||
postgresql: true
|
||||
redis: true
|
||||
|
||||
# These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
|
||||
postgresql:
|
||||
postgresqlDatabase: authentik
|
||||
|
||||
redis:
|
||||
cluster:
|
||||
enabled: false
|
||||
master:
|
||||
persistence:
|
||||
enabled: false
|
||||
postgresql: true
|
||||
redis: true
|
||||
```
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
title: Next
|
||||
---
|
||||
|
||||
# TBD
|
||||
|
||||
## Upgrading
|
||||
|
||||
This release does not introduce any new requirements.
|
||||
|
||||
### docker-compose
|
||||
|
||||
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`.
|
||||
|
||||
### Kubernetes
|
||||
|
||||
Run `helm repo update` and then upgrade your release with `helm upgrade passbook authentik/authentik --devel -f values.yaml`.
|
|
@ -14,8 +14,10 @@ module.exports = {
|
|||
items: [
|
||||
"installation/index",
|
||||
"installation/docker-compose",
|
||||
"installation/kubernetes",
|
||||
"installation/docker-compose-config",
|
||||
"installation/reverse-proxy",
|
||||
"installation/kubernetes",
|
||||
"installation/beta",
|
||||
],
|
||||
},
|
||||
{
|
||||
|
|
Reference in New Issue