Commit Graph

66 Commits

Author SHA1 Message Date
Jens Langhammer f8a6aa3250 root: fix missing certs directly
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-04 20:06:02 +01:00
Jens Langhammer 572f6d4ea0 crypto: add certificate discovery to automatically import certificates from lets encrypt
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1835
2021-12-03 18:27:36 +01:00
Jens Langhammer 39acb044fb lifecycle: allow custom worker count in k8s
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-29 14:27:55 +01:00
Jens L ef994e0084 lifecycle: improve redis connection debug py printing full URL 2021-11-25 13:44:42 +01:00
Jens L e1ef196283 core: remove dump_config, handle directly in config loader without booting django, don't check database 2021-11-25 13:38:31 +01:00
Jens Langhammer 61621e7d60 lifecycle: improve backup restore by dropping database before
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-20 00:32:24 +01:00
Jens Langhammer cf5e70c759 lifecycle: revert to non-h11 worker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:16:10 +01:00
Jens Langhammer 9679be39fa lifecycle: bump celery healthcheck to 5s timeout
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#1627
2021-10-16 14:28:05 +02:00
Jens Langhammer 98907ec889 root: remove structlog.processors.format_exc_info for new structlog version
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-13 09:42:49 +02:00
Jens Langhammer 48f96ea55f lifecycle: only set prometheus_multiproc_dir in ak wrapper to prevent full disk on worker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 14:44:32 +02:00
Jens Langhammer 6c603cdf80 internal: add internal healthchecking to prevent websocket errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 22:21:14 +02:00
Jens Langhammer e8420957b1 lifecycle: fix syntax error in ak wrapper
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 21:03:54 +02:00
Jens Langhammer aee58c8d53 root: add docker-native healthcheck for web and celery
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:18 +02:00
Jens Langhammer e22a286a6f lifecycle: only lock database when system migrations need to be applied, and during django migrations, and don't double unlock
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 23:14:16 +02:00
Jens Langhammer 9778050dda lifecycle: switch to h11 uvicorn worker for now
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:03:08 +02:00
Jens Langhammer 8e59b06611 lifecycle: migrate to gunicorn instead of runserver
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 17:54:23 +02:00
Jens Langhammer c5cf17b60b lifecycle: fix worker startup error when docker socket's group is not called docker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:24:35 +02:00
Jens Langhammer 52f2838f57 lifecycle: rename to ak
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:54:02 +02:00
Jens Langhammer 229468175a lifecycle: fix error in gunicorn config
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 01:07:50 +02:00
Jens Langhammer 4cd3466e56 root: ignore known warnings
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 00:27:29 +02:00
Jens Langhammer 919946609d web/elements: add separate flag for chips when checkboxes are enabled
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 10:16:13 +02:00
Jens Langhammer 13a8ad3126 lifecycle: decrease default worker count on compose
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 09:37:14 +02:00
Jens Langhammer 77ed25ae34 root: reformat to 100 line width
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 17:45:16 +02:00
Jens Langhammer 89fafff0af lifecycle: fix postgresql port not being passed for migrations
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-16 12:04:36 +02:00
Starz0r a5bb583268
root: optional TLS support on redis connections (#1147)
* root: optional TLS support on redis connections

* root: don't use f-strings when not interpolating variables

* root: use f-string in redis protocol prefix interpolation

* root: glaring typo

* formatting

* small formatting change I missed

* root: swap around default redis protocol prefixes
2021-07-15 11:48:52 +02:00
Starz0r 5cfbb0993a
Allow for Configurable Redis Port (#1124)
* root: make redis port configurable

* root: parse redis port from config as an integer

* code formatting

* lifecycle: truncate line under 100 chars

* lifecycle: incorrect indenting on newline
2021-07-12 11:01:41 +02:00
Jens Langhammer b73de96aa6 lifecycle: fix permissions for unittest xml
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 16:03:51 +02:00
Jens Langhammer 4ee2f951da lifecycle: fix check_if_root not working without docker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 15:56:12 +02:00
Jens Langhammer 01c5235e82 ci: use bootstrap for testing
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 15:54:47 +02:00
Jens Langhammer 20493252e2 lifecycle: fix custom port not being set for postgres healthcheck
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 10:59:48 +02:00
Jens Langhammer c1c55a6005 lifecycle: fix permission error with local docker
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-22 20:47:05 +02:00
Jens Langhammer 634ea61b50 lifecycle: check if group of docker socket exists
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 00:50:20 +02:00
Jens Langhammer 934e62d5be lifecycle: fix error when worker is not running as root
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 22:55:35 +02:00
Jens Langhammer 72e41c03f5 lifecycle: run worker as root and drop perms later to fix docker permission issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 20:11:49 +02:00
Jens Langhammer f072c600cc lifecycle: use URl for redis on startup to prevent errors with no paswords
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 20:13:58 +02:00
Jens Langhammer ca5761652c lifecycle: show errors when initial db check fails
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 20:15:01 +02:00
Jens Langhammer 8a666535a8 website/docs: update container explanation
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 17:49:21 +02:00
Jens Langhammer 988cf15b71 root: initial go proxy, update compose and helm
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 09:39:09 +02:00
Jens Langhammer 7b8e5c4272 root: auto-migrate on startup, lock database using pg_advisory_lock
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-18 14:47:50 +02:00
Jens Langhammer 5627848fad lifecycle: allow adjustment of worker cores
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-11 13:20:27 +02:00
Jens Langhammer 4054e6da8c helm: don't automount Service token when integration is not enabled, improve k8s detection
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-07 16:16:17 +02:00
Jens L 8708e487ae
stages: add WebAuthn stage (#550)
* core: add User.uid for globally unique user ID

* admin: fix ?next for Flow list

* stages: add initial webauthn implementation

* web: add ak-flow-submit event to submit flow stage

* web: show error message for webauthn registration

* admin: fix next param not redirecting correctly

* stages/webauthn: remove form

* stages/webauthn: add API

* web: update flow diagram on ak-refresh

* stages/webauthn: add initial authentication

* stages/webauthn: initial authentication implementation

* web: cleanup webauthn utils

* stages: rename otp_* to authenticator and move webauthn to authenticator

* docs: fix broken links

* stages/authenticator_*: fix template paths

* stages/authenticator_validate: add device classes

* stages/authenticator_webauthn: implement django_otp.devices

* stages/authenticator_*: update default stage names

* web: add button to create stage on flow page

* web: don't minify HTML, remove nbsp

* admin: fix typo in stage list

* stages/*: use common base class for stage serializer

* stages/authenticator_*: create default objects after rename

* tests/e2e: adjust stage order
2021-02-17 20:49:58 +01:00
Jens Langhammer bfe8bb5e61 lifecycle: fix typo causing single process in docker-compose 2021-01-27 10:13:23 +01:00
Jens L 1ccf6dcf6f
events: Notifications (#418)
* events: initial alerting implementation

* policies: move error handling to process, ensure policy UUID is saved

* policies: add tests for error handling in PolicyProcess

* events: improve loop detection

* events: add API for action and trigger

* policies: ensure http_request is not used in context

* events: adjust unittests for user handling

* policies/event_matcher: add policy type

* events: add API tests

* events: add middleware tests

* core: make application's provider not required

* outposts: allow blank kubeconfig

* outposts: validate kubeconfig before saving

* api: fix formatting

* stages/invitation: remove invitation_created signal as model_created functions the same

* stages/invitation: ensure created_by is set when creating from API

* events: rebase migrations on master

* events: fix missing Alerts from API

* policies: fix unittests

* events: add tests for alerts

* events: rename from alerting to notifications

* events: add ability to specify severity of notification created

* policies/event_matcher: Add app field to match on event app

* policies/event_matcher: fix EventMatcher not being included in API

* core: use objects.none() when get_queryset is used

* events: use m2m for multiple transports, create notification object in task

* events: add default triggers

* events: fix migrations return value

* events: fix notification_transport not being in the correct queue

* stages/email: allow sending of email without backend

* events: implement sending via webhook + slack/discord + email
2021-01-11 18:43:59 +01:00
dependabot[bot] bc9e7e8b93
build(deps): bump structlog from 20.1.0 to 20.2.0 (#445)
* build(deps): bump structlog from 20.1.0 to 20.2.0

Bumps [structlog](https://github.com/hynek/structlog) from 20.1.0 to 20.2.0.
- [Release notes](https://github.com/hynek/structlog/releases)
- [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0)

Signed-off-by: dependabot[bot] <support@github.com>

* *: use structlog.stdlib instead of structlog for type-hints

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-01-01 15:39:43 +01:00
Jens Langhammer dc16a8a4c9 providers/proxy: set proxy-size for nginx for larger response 2020-12-28 00:45:58 +01:00
Jens L a4dc6d13b5
events: rename audit to events and use for more metrics (#397)
* events: rename audit to events

* policies/expression: log expression exceptions as event

* policies/expression: add ExpressionPolicy Model to event when possible

* lib/expressions: ensure syntax errors are logged too

* lib: fix lint error

* policies: add execution_logging field

* core: add property mapping tests

* policies/expression: add full test

* policies/expression: fix attribute name

* policies: add execution_logging

* web: fix imports

* root: update swagger

* policies: use dataclass instead of dict for types

* events: add support for dataclass as event param

* events: add special keys which are never cleaned

* policies: add tests for process, don't clean full cache

* admin: create event when new version is seen

* events: move utils to separate file

* admin: add tests for admin tasks

* events: add .set_user method to ensure users have correct attributes set

* core: add test for property_mapping errors with user and request
2020-12-20 22:04:29 +01:00
Jens Langhammer d2862ddc93 lifecycle: clean full redis as part of system migration 2020-12-12 23:30:49 +01:00
dependabot[bot] 2caa1e7650
build(deps-dev): bump bandit from 1.6.2 to 1.6.3 (#371)
* build(deps-dev): bump bandit from 1.6.2 to 1.6.3

Bumps [bandit](https://github.com/PyCQA/bandit) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3)

Signed-off-by: dependabot[bot] <support@github.com>

* root: update for new bandit version

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2020-12-07 11:21:07 +01:00
Jens Langhammer e0bc4f1da5 lifecycle: fix outpost service connections not being migrated 2020-12-06 12:22:51 +01:00