Compare commits
5 Commits
trustchain
...
version-20
| Author | SHA1 | Date |
|---|---|---|
Jens Langhammer
|
fe5d22ce6c | |
|
Jens Langhammer
|
0e30b6ee55 | |
|
Jens Langhammer
|
6cbba45291 | |
|
Jens Langhammer
|
ba023a3bba | |
|
Jens Langhammer
|
6c805bcf32 |
|
|
@ -1,5 +1,5 @@
|
|||
[bumpversion]
|
||||
current_version = 2021.8.4
|
||||
current_version = 2021.8.5
|
||||
tag = True
|
||||
commit = True
|
||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)
|
||||
|
|
|
|||
|
|
@ -33,14 +33,14 @@ jobs:
|
|||
with:
|
||||
push: ${{ github.event_name == 'release' }}
|
||||
tags: |
|
||||
beryju/authentik:2021.8.4,
|
||||
beryju/authentik:2021.8.5,
|
||||
beryju/authentik:latest,
|
||||
ghcr.io/goauthentik/server:2021.8.4,
|
||||
ghcr.io/goauthentik/server:2021.8.5,
|
||||
ghcr.io/goauthentik/server:latest
|
||||
platforms: linux/amd64,linux/arm64
|
||||
context: .
|
||||
- name: Building Docker Image (stable)
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }}
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }}
|
||||
run: |
|
||||
docker pull beryju/authentik:latest
|
||||
docker tag beryju/authentik:latest beryju/authentik:stable
|
||||
|
|
@ -75,14 +75,14 @@ jobs:
|
|||
with:
|
||||
push: ${{ github.event_name == 'release' }}
|
||||
tags: |
|
||||
beryju/authentik-proxy:2021.8.4,
|
||||
beryju/authentik-proxy:2021.8.5,
|
||||
beryju/authentik-proxy:latest,
|
||||
ghcr.io/goauthentik/proxy:2021.8.4,
|
||||
ghcr.io/goauthentik/proxy:2021.8.5,
|
||||
ghcr.io/goauthentik/proxy:latest
|
||||
file: proxy.Dockerfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
- name: Building Docker Image (stable)
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }}
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }}
|
||||
run: |
|
||||
docker pull beryju/authentik-proxy:latest
|
||||
docker tag beryju/authentik-proxy:latest beryju/authentik-proxy:stable
|
||||
|
|
@ -117,14 +117,14 @@ jobs:
|
|||
with:
|
||||
push: ${{ github.event_name == 'release' }}
|
||||
tags: |
|
||||
beryju/authentik-ldap:2021.8.4,
|
||||
beryju/authentik-ldap:2021.8.5,
|
||||
beryju/authentik-ldap:latest,
|
||||
ghcr.io/goauthentik/ldap:2021.8.4,
|
||||
ghcr.io/goauthentik/ldap:2021.8.5,
|
||||
ghcr.io/goauthentik/ldap:latest
|
||||
file: ldap.Dockerfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
- name: Building Docker Image (stable)
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }}
|
||||
if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }}
|
||||
run: |
|
||||
docker pull beryju/authentik-ldap:latest
|
||||
docker tag beryju/authentik-ldap:latest beryju/authentik-ldap:stable
|
||||
|
|
@ -175,7 +175,7 @@ jobs:
|
|||
SENTRY_PROJECT: authentik
|
||||
SENTRY_URL: https://sentry.beryju.org
|
||||
with:
|
||||
version: authentik@2021.8.4
|
||||
version: authentik@2021.8.5
|
||||
environment: beryjuorg-prod
|
||||
sourcemaps: './web/dist'
|
||||
url_prefix: '~/static/dist'
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
"""authentik"""
|
||||
__version__ = "2021.8.4"
|
||||
__version__ = "2021.8.5"
|
||||
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ from django.urls import reverse
|
|||
from django.views.generic import RedirectView
|
||||
from structlog.stdlib import get_logger
|
||||
|
||||
from authentik.flows.views import FlowExecutorView
|
||||
from authentik.sources.oauth.models import OAuthSource
|
||||
from authentik.sources.oauth.views.base import OAuthClientMixin
|
||||
|
||||
|
|
@ -43,5 +42,4 @@ class OAuthRedirect(OAuthClientMixin, RedirectView):
|
|||
raise Http404(f"source {slug} is not enabled.")
|
||||
client = self.get_client(source, callback=self.get_callback_url(source))
|
||||
params = self.get_additional_parameters(source)
|
||||
FlowExecutorView(request=self.request).cancel()
|
||||
return client.get_redirect_url(params)
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ services:
|
|||
networks:
|
||||
- internal
|
||||
server:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.4}
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.5}
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
environment:
|
||||
|
|
@ -44,7 +44,7 @@ services:
|
|||
- "0.0.0.0:9000:9000"
|
||||
- "0.0.0.0:9443:9443"
|
||||
worker:
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.4}
|
||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.5}
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
networks:
|
||||
|
|
|
|||
|
|
@ -17,4 +17,4 @@ func OutpostUserAgent() string {
|
|||
return fmt.Sprintf("authentik-outpost@%s (%s)", VERSION, BUILD())
|
||||
}
|
||||
|
||||
const VERSION = "2021.8.4"
|
||||
const VERSION = "2021.8.5"
|
||||
|
|
|
|||
|
|
@ -107,8 +107,24 @@ func (a *APIController) Start() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (a *APIController) OnRefresh() error {
|
||||
// Because we don't know the outpost UUID, we simply do a list and pick the first
|
||||
// The service account this token belongs to should only have access to a single outpost
|
||||
outposts, _, err := a.Client.OutpostsApi.OutpostsInstancesList(context.Background()).Execute()
|
||||
|
||||
if err != nil {
|
||||
log.WithError(err).Error("Failed to fetch outpost configuration")
|
||||
return err
|
||||
}
|
||||
outpost := outposts.Results[0]
|
||||
doGlobalSetup(outpost.Config)
|
||||
|
||||
log.WithField("name", outpost.Name).Debug("Fetched outpost configuration")
|
||||
return a.Server.Refresh()
|
||||
}
|
||||
|
||||
func (a *APIController) StartBackgorundTasks() error {
|
||||
err := a.Server.Refresh()
|
||||
err := a.OnRefresh()
|
||||
if err != nil {
|
||||
return errors.Wrap(err, "failed to run initial refresh")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ func (ac *APIController) startWSHandler() {
|
|||
if wsMsg.Instruction == WebsocketInstructionTriggerUpdate {
|
||||
time.Sleep(ac.reloadOffset)
|
||||
logger.Debug("Got update trigger...")
|
||||
err := ac.Server.Refresh()
|
||||
err := ac.OnRefresh()
|
||||
if err != nil {
|
||||
logger.WithError(err).Debug("Failed to update")
|
||||
}
|
||||
|
|
@ -118,7 +118,7 @@ func (ac *APIController) startIntervalUpdater() {
|
|||
logger := ac.logger.WithField("loop", "interval-updater")
|
||||
ticker := time.NewTicker(5 * time.Minute)
|
||||
for ; true; <-ticker.C {
|
||||
err := ac.Server.Refresh()
|
||||
err := ac.OnRefresh()
|
||||
if err != nil {
|
||||
logger.WithError(err).Debug("Failed to update")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,9 +14,12 @@ function check_if_root {
|
|||
# Get group ID of the docker socket, so we can create a matching group and
|
||||
# add ourselves to it
|
||||
DOCKER_GID=$(stat -c '%g' $SOCKET)
|
||||
# Ensure group for the id exists
|
||||
getent group $DOCKER_GID || groupadd -f -g $DOCKER_GID docker
|
||||
usermod -a -G $DOCKER_GID authentik
|
||||
GROUP="authentik:docker"
|
||||
# since the name of the group might not be docker, we need to lookup the group id
|
||||
GROUP_NAME=$(getent group $DOCKER_GID | sed 's/:/\n/g' | head -1)
|
||||
GROUP="authentik:${GROUP_NAME}"
|
||||
fi
|
||||
# Fix permissions of backups and media
|
||||
chown -R authentik:authentik /media /backups
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
openapi: 3.0.3
|
||||
info:
|
||||
title: authentik
|
||||
version: 2021.8.4
|
||||
version: 2021.8.5
|
||||
description: Making authentication simple.
|
||||
contact:
|
||||
email: hello@beryju.org
|
||||
|
|
|
|||
|
|
@ -14,6 +14,9 @@ export function configureSentry(canDoPpi: boolean = false): Promise<Config> {
|
|||
if (config.errorReportingEnabled) {
|
||||
Sentry.init({
|
||||
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
|
||||
ignoreErrors: [
|
||||
/network/i,
|
||||
],
|
||||
release: `authentik@${VERSION}`,
|
||||
tunnel: "/api/v3/sentry/",
|
||||
integrations: [
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
|
|||
export const ERROR_CLASS = "pf-m-danger";
|
||||
export const PROGRESS_CLASS = "pf-m-in-progress";
|
||||
export const CURRENT_CLASS = "pf-m-current";
|
||||
export const VERSION = "2021.8.4";
|
||||
export const VERSION = "2021.8.5";
|
||||
export const PAGE_SIZE = 20;
|
||||
export const TITLE_DEFAULT = "authentik";
|
||||
export const ROUTE_SEPARATOR = ";";
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@ This installation method is for test-setups and small-scale productive setups.
|
|||
|
||||
## Preparation
|
||||
|
||||
Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/version/2021.8.4/docker-compose.yml). Place it in a directory of your choice.
|
||||
Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/version/2021.8.5/docker-compose.yml). Place it in a directory of your choice.
|
||||
|
||||
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.8.4 >> .env`
|
||||
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.8.5 >> .env`
|
||||
|
||||
If this is a fresh authentik install run the following commands to generate a password:
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ version: "3.5"
|
|||
|
||||
services:
|
||||
authentik_proxy:
|
||||
image: ghcr.io/goauthentik/proxy:2021.8.4
|
||||
image: ghcr.io/goauthentik/proxy:2021.8.5
|
||||
ports:
|
||||
- 4180:4180
|
||||
- 4443:4443
|
||||
|
|
@ -21,7 +21,7 @@ services:
|
|||
AUTHENTIK_TOKEN: token-generated-by-authentik
|
||||
# Or, for the LDAP Outpost
|
||||
authentik_proxy:
|
||||
image: ghcr.io/goauthentik/ldap:2021.8.4
|
||||
image: ghcr.io/goauthentik/ldap:2021.8.5
|
||||
ports:
|
||||
- 389:3389
|
||||
environment:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ metadata:
|
|||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.8.4
|
||||
app.kubernetes.io/version: 2021.8.5
|
||||
name: authentik-outpost-api
|
||||
stringData:
|
||||
authentik_host: "__AUTHENTIK_URL__"
|
||||
|
|
@ -29,7 +29,7 @@ metadata:
|
|||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.8.4
|
||||
app.kubernetes.io/version: 2021.8.5
|
||||
name: authentik-outpost
|
||||
spec:
|
||||
ports:
|
||||
|
|
@ -54,7 +54,7 @@ metadata:
|
|||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.8.4
|
||||
app.kubernetes.io/version: 2021.8.5
|
||||
name: authentik-outpost
|
||||
spec:
|
||||
selector:
|
||||
|
|
@ -62,14 +62,14 @@ spec:
|
|||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.8.4
|
||||
app.kubernetes.io/version: 2021.8.5
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.8.4
|
||||
app.kubernetes.io/version: 2021.8.5
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
|
|
@ -88,7 +88,7 @@ spec:
|
|||
secretKeyRef:
|
||||
key: authentik_host_insecure
|
||||
name: authentik-outpost-api
|
||||
image: ghcr.io/goauthentik/proxy:2021.8.4
|
||||
image: ghcr.io/goauthentik/proxy:2021.8.5
|
||||
name: proxy
|
||||
ports:
|
||||
- containerPort: 4180
|
||||
|
|
@ -110,7 +110,7 @@ metadata:
|
|||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||
app.kubernetes.io/managed-by: goauthentik.io
|
||||
app.kubernetes.io/name: authentik-proxy
|
||||
app.kubernetes.io/version: 2021.8.4
|
||||
app.kubernetes.io/version: 2021.8.5
|
||||
name: authentik-outpost
|
||||
spec:
|
||||
rules:
|
||||
|
|
|
|||
Reference in New Issue