Jens Langhammer
f8a6aa3250
root: fix missing certs directly
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-12-04 20:06:02 +01:00
Jens Langhammer
572f6d4ea0
crypto: add certificate discovery to automatically import certificates from lets encrypt
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1835
2021-12-03 18:27:36 +01:00
Jens Langhammer
39acb044fb
lifecycle: allow custom worker count in k8s
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-29 14:27:55 +01:00
Jens L
ef994e0084
lifecycle: improve redis connection debug py printing full URL
2021-11-25 13:44:42 +01:00
Jens L
e1ef196283
core: remove dump_config, handle directly in config loader without booting django, don't check database
2021-11-25 13:38:31 +01:00
Jens Langhammer
61621e7d60
lifecycle: improve backup restore by dropping database before
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-20 00:32:24 +01:00
Jens Langhammer
cf5e70c759
lifecycle: revert to non-h11 worker
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-04 13:16:10 +01:00
Jens Langhammer
9679be39fa
lifecycle: bump celery healthcheck to 5s timeout
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
#1627
2021-10-16 14:28:05 +02:00
Jens Langhammer
98907ec889
root: remove structlog.processors.format_exc_info for new structlog version
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-13 09:42:49 +02:00
Jens Langhammer
48f96ea55f
lifecycle: only set prometheus_multiproc_dir in ak wrapper to prevent full disk on worker
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-12 14:44:32 +02:00
Jens Langhammer
6c603cdf80
internal: add internal healthchecking to prevent websocket errors
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 22:21:14 +02:00
Jens Langhammer
e8420957b1
lifecycle: fix syntax error in ak wrapper
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 21:03:54 +02:00
Jens Langhammer
aee58c8d53
root: add docker-native healthcheck for web and celery
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-05 20:45:18 +02:00
Jens Langhammer
e22a286a6f
lifecycle: only lock database when system migrations need to be applied, and during django migrations, and don't double unlock
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 23:14:16 +02:00
Jens Langhammer
9778050dda
lifecycle: switch to h11 uvicorn worker for now
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:03:08 +02:00
Jens Langhammer
8e59b06611
lifecycle: migrate to gunicorn instead of runserver
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-13 17:54:23 +02:00
Jens Langhammer
c5cf17b60b
lifecycle: fix worker startup error when docker socket's group is not called docker
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-09 15:24:35 +02:00
Jens Langhammer
52f2838f57
lifecycle: rename to ak
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 14:54:02 +02:00
Jens Langhammer
229468175a
lifecycle: fix error in gunicorn config
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 01:07:50 +02:00
Jens Langhammer
4cd3466e56
root: ignore known warnings
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-09 00:27:29 +02:00
Jens Langhammer
919946609d
web/elements: add separate flag for chips when checkboxes are enabled
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 10:16:13 +02:00
Jens Langhammer
13a8ad3126
lifecycle: decrease default worker count on compose
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-05 09:37:14 +02:00
Jens Langhammer
77ed25ae34
root: reformat to 100 line width
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-03 17:45:16 +02:00
Jens Langhammer
89fafff0af
lifecycle: fix postgresql port not being passed for migrations
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-16 12:04:36 +02:00
Starz0r
a5bb583268
root: optional TLS support on redis connections ( #1147 )
...
* root: optional TLS support on redis connections
* root: don't use f-strings when not interpolating variables
* root: use f-string in redis protocol prefix interpolation
* root: glaring typo
* formatting
* small formatting change I missed
* root: swap around default redis protocol prefixes
2021-07-15 11:48:52 +02:00
Starz0r
5cfbb0993a
Allow for Configurable Redis Port ( #1124 )
...
* root: make redis port configurable
* root: parse redis port from config as an integer
* code formatting
* lifecycle: truncate line under 100 chars
* lifecycle: incorrect indenting on newline
2021-07-12 11:01:41 +02:00
Jens Langhammer
b73de96aa6
lifecycle: fix permissions for unittest xml
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 16:03:51 +02:00
Jens Langhammer
4ee2f951da
lifecycle: fix check_if_root not working without docker
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 15:56:12 +02:00
Jens Langhammer
01c5235e82
ci: use bootstrap for testing
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 15:54:47 +02:00
Jens Langhammer
20493252e2
lifecycle: fix custom port not being set for postgres healthcheck
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-09 10:59:48 +02:00
Jens Langhammer
c1c55a6005
lifecycle: fix permission error with local docker
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-22 20:47:05 +02:00
Jens Langhammer
634ea61b50
lifecycle: check if group of docker socket exists
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-14 00:50:20 +02:00
Jens Langhammer
934e62d5be
lifecycle: fix error when worker is not running as root
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 22:55:35 +02:00
Jens Langhammer
72e41c03f5
lifecycle: run worker as root and drop perms later to fix docker permission issues
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-13 20:11:49 +02:00
Jens Langhammer
f072c600cc
lifecycle: use URl for redis on startup to prevent errors with no paswords
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-09 20:13:58 +02:00
Jens Langhammer
ca5761652c
lifecycle: show errors when initial db check fails
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-05 20:15:01 +02:00
Jens Langhammer
8a666535a8
website/docs: update container explanation
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-04 17:49:21 +02:00
Jens Langhammer
988cf15b71
root: initial go proxy, update compose and helm
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-05-03 09:39:09 +02:00
Jens Langhammer
7b8e5c4272
root: auto-migrate on startup, lock database using pg_advisory_lock
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-18 14:47:50 +02:00
Jens Langhammer
5627848fad
lifecycle: allow adjustment of worker cores
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-11 13:20:27 +02:00
Jens Langhammer
4054e6da8c
helm: don't automount Service token when integration is not enabled, improve k8s detection
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-07 16:16:17 +02:00
Jens L
8708e487ae
stages: add WebAuthn stage ( #550 )
...
* core: add User.uid for globally unique user ID
* admin: fix ?next for Flow list
* stages: add initial webauthn implementation
* web: add ak-flow-submit event to submit flow stage
* web: show error message for webauthn registration
* admin: fix next param not redirecting correctly
* stages/webauthn: remove form
* stages/webauthn: add API
* web: update flow diagram on ak-refresh
* stages/webauthn: add initial authentication
* stages/webauthn: initial authentication implementation
* web: cleanup webauthn utils
* stages: rename otp_* to authenticator and move webauthn to authenticator
* docs: fix broken links
* stages/authenticator_*: fix template paths
* stages/authenticator_validate: add device classes
* stages/authenticator_webauthn: implement django_otp.devices
* stages/authenticator_*: update default stage names
* web: add button to create stage on flow page
* web: don't minify HTML, remove nbsp
* admin: fix typo in stage list
* stages/*: use common base class for stage serializer
* stages/authenticator_*: create default objects after rename
* tests/e2e: adjust stage order
2021-02-17 20:49:58 +01:00
Jens Langhammer
bfe8bb5e61
lifecycle: fix typo causing single process in docker-compose
2021-01-27 10:13:23 +01:00
Jens L
1ccf6dcf6f
events: Notifications ( #418 )
...
* events: initial alerting implementation
* policies: move error handling to process, ensure policy UUID is saved
* policies: add tests for error handling in PolicyProcess
* events: improve loop detection
* events: add API for action and trigger
* policies: ensure http_request is not used in context
* events: adjust unittests for user handling
* policies/event_matcher: add policy type
* events: add API tests
* events: add middleware tests
* core: make application's provider not required
* outposts: allow blank kubeconfig
* outposts: validate kubeconfig before saving
* api: fix formatting
* stages/invitation: remove invitation_created signal as model_created functions the same
* stages/invitation: ensure created_by is set when creating from API
* events: rebase migrations on master
* events: fix missing Alerts from API
* policies: fix unittests
* events: add tests for alerts
* events: rename from alerting to notifications
* events: add ability to specify severity of notification created
* policies/event_matcher: Add app field to match on event app
* policies/event_matcher: fix EventMatcher not being included in API
* core: use objects.none() when get_queryset is used
* events: use m2m for multiple transports, create notification object in task
* events: add default triggers
* events: fix migrations return value
* events: fix notification_transport not being in the correct queue
* stages/email: allow sending of email without backend
* events: implement sending via webhook + slack/discord + email
2021-01-11 18:43:59 +01:00
dependabot[bot]
bc9e7e8b93
build(deps): bump structlog from 20.1.0 to 20.2.0 ( #445 )
...
* build(deps): bump structlog from 20.1.0 to 20.2.0
Bumps [structlog](https://github.com/hynek/structlog ) from 20.1.0 to 20.2.0.
- [Release notes](https://github.com/hynek/structlog/releases )
- [Changelog](https://github.com/hynek/structlog/blob/master/CHANGELOG.rst )
- [Commits](https://github.com/hynek/structlog/compare/20.1.0...20.2.0 )
Signed-off-by: dependabot[bot] <support@github.com>
* *: use structlog.stdlib instead of structlog for type-hints
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-01-01 15:39:43 +01:00
Jens Langhammer
dc16a8a4c9
providers/proxy: set proxy-size for nginx for larger response
2020-12-28 00:45:58 +01:00
Jens L
a4dc6d13b5
events: rename audit to events and use for more metrics ( #397 )
...
* events: rename audit to events
* policies/expression: log expression exceptions as event
* policies/expression: add ExpressionPolicy Model to event when possible
* lib/expressions: ensure syntax errors are logged too
* lib: fix lint error
* policies: add execution_logging field
* core: add property mapping tests
* policies/expression: add full test
* policies/expression: fix attribute name
* policies: add execution_logging
* web: fix imports
* root: update swagger
* policies: use dataclass instead of dict for types
* events: add support for dataclass as event param
* events: add special keys which are never cleaned
* policies: add tests for process, don't clean full cache
* admin: create event when new version is seen
* events: move utils to separate file
* admin: add tests for admin tasks
* events: add .set_user method to ensure users have correct attributes set
* core: add test for property_mapping errors with user and request
2020-12-20 22:04:29 +01:00
Jens Langhammer
d2862ddc93
lifecycle: clean full redis as part of system migration
2020-12-12 23:30:49 +01:00
dependabot[bot]
2caa1e7650
build(deps-dev): bump bandit from 1.6.2 to 1.6.3 ( #371 )
...
* build(deps-dev): bump bandit from 1.6.2 to 1.6.3
Bumps [bandit](https://github.com/PyCQA/bandit ) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/PyCQA/bandit/releases )
- [Commits](https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3 )
Signed-off-by: dependabot[bot] <support@github.com>
* root: update for new bandit version
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
2020-12-07 11:21:07 +01:00
Jens Langhammer
e0bc4f1da5
lifecycle: fix outpost service connections not being migrated
2020-12-06 12:22:51 +01:00