diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml index 38c6e5a5d..3bcba95aa 100644 --- a/.github/workflows/ci-main.yml +++ b/.github/workflows/ci-main.yml @@ -60,7 +60,7 @@ jobs: cp authentik/lib/default.yml local.env.yml cp -R .github .. cp -R scripts .. - git checkout $(git describe --abbrev=0 --match 'version/*') + git checkout $(git describe --tags $(git rev-list --tags --max-count=1)) rm -rf .github/ scripts/ mv ../.github ../scripts . - name: Setup authentik env (ensure stable deps are installed) diff --git a/go.mod b/go.mod index 2d7a38ecc..5d10d2227 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/prometheus/client_golang v1.15.0 github.com/sirupsen/logrus v1.9.0 github.com/stretchr/testify v1.8.2 - goauthentik.io/api/v3 v3.2023031.17 + goauthentik.io/api/v3 v3.2023040.1 golang.org/x/exp v0.0.0-20230210204819-062eb4c674ab golang.org/x/oauth2 v0.7.0 golang.org/x/sync v0.1.0 diff --git a/go.sum b/go.sum index fb3447d17..478551fa5 100644 --- a/go.sum +++ b/go.sum @@ -331,8 +331,8 @@ go.opentelemetry.io/otel/sdk v1.11.1 h1:F7KmQgoHljhUuJyA+9BiU+EkJfyX5nVVF4wyzWZp go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ= go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk= go.uber.org/goleak v1.1.10 h1:z+mqJhf6ss6BSfSM671tgKyZBFPTTJM+HLxnhPC3wu0= -goauthentik.io/api/v3 v3.2023031.17 h1:FM1kG/1TBy8aCsWZtiuapp7J451Z3xWpj0dTSfjtnaE= -goauthentik.io/api/v3 v3.2023031.17/go.mod h1:H76Cdv9Nio0vnivoh6u12nlVIrW6x/kkvUwj8udFs4s= +goauthentik.io/api/v3 v3.2023040.1 h1:WuMkilnvamibI3wMrOdNbMz4q3jbTheq0u3K97ZwYGM= +goauthentik.io/api/v3 v3.2023040.1/go.mod h1:A2I2iDSEu0pW13mAT6J6wMWVSeV5+F52MWlcIHmERvk= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= @@ -412,7 +412,6 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -420,7 +419,6 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -474,13 +472,12 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -490,7 +487,6 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/lifecycle/ak b/lifecycle/ak index 10f72b421..2dec9c95e 100755 --- a/lifecycle/ak +++ b/lifecycle/ak @@ -15,7 +15,7 @@ function wait_for_db { function check_if_root { if [[ $EUID -ne 0 ]]; then log "Not running as root, disabling permission fixes" - $1 + exec $1 return fi SOCKET="/var/run/docker.sock" @@ -35,7 +35,7 @@ function check_if_root { chown -R authentik:authentik /media /certs chmod ug+rwx /media chmod ug+rx /certs - chpst -u authentik:$GROUP env HOME=/authentik $1 + exec chpst -u authentik:$GROUP env HOME=/authentik $1 } function set_mode { @@ -57,9 +57,9 @@ if [[ "$1" == "server" ]]; then python -m manage bootstrap_tasks fi if [[ -x "$(command -v authentik)" ]]; then - authentik + exec authentik else - go run -v ./cmd/server/ + exec go run -v ./cmd/server/ fi elif [[ "$1" == "worker" ]]; then wait_for_db @@ -81,7 +81,7 @@ elif [[ "$1" == "healthcheck" ]]; then if [[ $mode == "server" ]]; then exec curl --user-agent "goauthentik.io lifecycle Healthcheck" -I http://localhost:9000/-/health/ready/ elif [[ $mode == "worker" ]]; then - mtime=$(stat -f %m $WORKER_HEARTBEAT) + mtime=$(date -r $WORKER_HEARTBEAT +"%s") time=$(date +"%s") if [ "$(( $time - $mtime ))" -gt "30" ]; then log "Worker hasn't updated heartbeat in 30 seconds" diff --git a/poetry.lock b/poetry.lock index f4814c3ae..3defdb7f0 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1230,14 +1230,14 @@ ssh = ["paramiko (>=2.4.3)"] [[package]] name = "drf-spectacular" -version = "0.26.1" +version = "0.26.2" description = "Sane and flexible OpenAPI 3 schema generation for Django REST framework" category = "main" optional = false python-versions = ">=3.6" files = [ - {file = "drf-spectacular-0.26.1.tar.gz", hash = "sha256:1599a204bf9cc6be7ef3e509859885a38d4f871fe287a1f191479868afd9e234"}, - {file = "drf_spectacular-0.26.1-py3-none-any.whl", hash = "sha256:6df86ff6c2dc663792e5ff618643bf41d2ac9dc6fb5d1b0f273e2778bab951e5"}, + {file = "drf-spectacular-0.26.2.tar.gz", hash = "sha256:005623d6bb9de37d2d0ec24ccd59c636e4a42f9af252f1470129ac32ccab38cb"}, + {file = "drf_spectacular-0.26.2-py3-none-any.whl", hash = "sha256:e80eba58d9579bf6c3380ffd6d6a9b466c4bc35b23da0ba76dfcc96de1e907d7"}, ] [package.dependencies] @@ -1632,14 +1632,14 @@ files = [ [[package]] name = "importlib-metadata" -version = "6.3.0" +version = "6.4.1" description = "Read metadata from Python packages" category = "dev" optional = false python-versions = ">=3.7" files = [ - {file = "importlib_metadata-6.3.0-py3-none-any.whl", hash = "sha256:8f8bd2af397cf33bd344d35cfe7f489219b7d14fc79a3f854b75b8417e9226b0"}, - {file = "importlib_metadata-6.3.0.tar.gz", hash = "sha256:23c2bcae4762dfb0bbe072d358faec24957901d75b6c4ab11172c0c982532402"}, + {file = "importlib_metadata-6.4.1-py3-none-any.whl", hash = "sha256:63ace321e24167d12fbb176b6015f4dbe06868c54a2af4f15849586afb9027fd"}, + {file = "importlib_metadata-6.4.1.tar.gz", hash = "sha256:eb1a7933041f0f85c94cd130258df3fb0dec060ad8c1c9318892ef4192c47ce1"}, ] [package.dependencies] @@ -2742,14 +2742,14 @@ files = [ [[package]] name = "pytest" -version = "7.3.0" +version = "7.3.1" description = "pytest: simple powerful testing with Python" category = "dev" optional = false python-versions = ">=3.7" files = [ - {file = "pytest-7.3.0-py3-none-any.whl", hash = "sha256:933051fa1bfbd38a21e73c3960cebdad4cf59483ddba7696c48509727e17f201"}, - {file = "pytest-7.3.0.tar.gz", hash = "sha256:58ecc27ebf0ea643ebfdf7fb1249335da761a00c9f955bcd922349bcb68ee57d"}, + {file = "pytest-7.3.1-py3-none-any.whl", hash = "sha256:3799fa815351fea3a5e96ac7e503a96fa51cc9942c3753cda7651b93c1cfa362"}, + {file = "pytest-7.3.1.tar.gz", hash = "sha256:434afafd78b1d78ed0addf160ad2b77a30d35d4bdf8af234fe621919d9ed15e3"}, ] [package.dependencies] diff --git a/web/package-lock.json b/web/package-lock.json index 6a5c7ce44..0791aee94 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -22,7 +22,7 @@ "@codemirror/theme-one-dark": "^6.1.1", "@formatjs/intl-listformat": "^7.1.9", "@fortawesome/fontawesome-free": "^6.4.0", - "@goauthentik/api": "^2023.3.1-1680447184", + "@goauthentik/api": "^2023.4.0-1681471246", "@hcaptcha/types": "^1.0.3", "@jackfranklin/rollup-plugin-markdown": "^0.4.0", "@lingui/cli": "^3.17.2", @@ -35,8 +35,8 @@ "@rollup/plugin-node-resolve": "^15.0.2", "@rollup/plugin-replace": "^5.0.2", "@rollup/plugin-typescript": "^11.1.0", - "@sentry/browser": "^7.47.0", - "@sentry/tracing": "^7.47.0", + "@sentry/browser": "^7.48.0", + "@sentry/tracing": "^7.48.0", "@squoosh/cli": "^0.7.3", "@trivago/prettier-plugin-sort-imports": "^4.1.1", "@types/chart.js": "^2.9.37", @@ -2026,9 +2026,9 @@ } }, "node_modules/@goauthentik/api": { - "version": "2023.3.1-1680447184", - "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.3.1-1680447184.tgz", - "integrity": "sha512-b4L7TUb8vkEDnPGpDTicdzEBB6O47KjOVHMWTmn3QzNLj2BCIVx/AF+nM58LvM3eXyrtB203pMX1I1W5Hv9o1g==" + "version": "2023.4.0-1681471246", + "resolved": "https://registry.npmjs.org/@goauthentik/api/-/api-2023.4.0-1681471246.tgz", + "integrity": "sha512-/P9CfSHM4qEe1eaphC5MTYb/4yVrXBqME2amrj9JtK8dItGM/qSGDMIS8v18zZUsbO5fM+RQ/AtL/Izj1COZWA==" }, "node_modules/@hcaptcha/types": { "version": "1.0.3", @@ -2949,13 +2949,13 @@ } }, "node_modules/@sentry-internal/tracing": { - "version": "7.47.0", - "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.47.0.tgz", - "integrity": "sha512-udpHnCzF8DQsWf0gQwd0XFGp6Y8MOiwnl8vGt2ohqZGS3m1+IxoRLXsSkD8qmvN6KKDnwbaAvYnK0z0L+AW95g==", + "version": "7.48.0", + "resolved": "https://registry.npmjs.org/@sentry-internal/tracing/-/tracing-7.48.0.tgz", + "integrity": "sha512-MFAPDTrvCtfSm0/Zbmx7HA0Q5uCfRadOUpN8Y8rP1ndz+329h2kA3mZRCuC+3/aXL11zs2CHUhcAkGjwH2vogg==", "dependencies": { - "@sentry/core": "7.47.0", - "@sentry/types": "7.47.0", - "@sentry/utils": "7.47.0", + "@sentry/core": "7.48.0", + "@sentry/types": "7.48.0", + "@sentry/utils": "7.48.0", "tslib": "^1.9.3" }, "engines": { @@ -2968,15 +2968,15 @@ "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" }, "node_modules/@sentry/browser": { - "version": "7.47.0", - "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.47.0.tgz", - "integrity": "sha512-L0t07kS/G1UGVZ9fpD6HLuaX8vVBqAGWgu+1uweXthYozu/N7ZAsakjU/Ozu6FSXj1mO3NOJZhOn/goIZLSj5A==", + "version": "7.48.0", + "resolved": "https://registry.npmjs.org/@sentry/browser/-/browser-7.48.0.tgz", + "integrity": "sha512-tdx/2nhuiykncmXFlV4Dpp+Hxgt/v31LiyXE79IcM560wc+QmWKtzoW9azBWQ0xt5KOO3ERMib9qPE4/ql1/EQ==", "dependencies": { - "@sentry-internal/tracing": "7.47.0", - "@sentry/core": "7.47.0", - "@sentry/replay": "7.47.0", - "@sentry/types": "7.47.0", - "@sentry/utils": "7.47.0", + "@sentry-internal/tracing": "7.48.0", + "@sentry/core": "7.48.0", + "@sentry/replay": "7.48.0", + "@sentry/types": "7.48.0", + "@sentry/utils": "7.48.0", "tslib": "^1.9.3" }, "engines": { @@ -2989,12 +2989,12 @@ "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" }, "node_modules/@sentry/core": { - "version": "7.47.0", - "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.47.0.tgz", - "integrity": "sha512-EFhZhKdMu7wKmWYZwbgTi8FNZ7Fq+HdlXiZWNz51Bqe3pHmfAkdHtAEs0Buo0v623MKA0CA4EjXIazGUM34XTg==", + "version": "7.48.0", + "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.48.0.tgz", + "integrity": "sha512-8FYuJTMpyuxRZvlen3gQ3rpOtVInSDmSyXqWEhCLuG/w34AtWoTiW7G516rsAAh6Hy1TP91GooMWbonP3XQNTQ==", "dependencies": { - "@sentry/types": "7.47.0", - "@sentry/utils": "7.47.0", + "@sentry/types": "7.48.0", + "@sentry/utils": "7.48.0", "tslib": "^1.9.3" }, "engines": { @@ -3007,43 +3007,43 @@ "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" }, "node_modules/@sentry/replay": { - "version": "7.47.0", - "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.47.0.tgz", - "integrity": "sha512-BFpVZVmwlezZ83y0L43TCTJY142Fxh+z+qZSwTag5HlhmIpBKw/WKg06ajOhrYJbCBkhHmeOvyKkxX0jnc39ZA==", + "version": "7.48.0", + "resolved": "https://registry.npmjs.org/@sentry/replay/-/replay-7.48.0.tgz", + "integrity": "sha512-8fRHMGJ0NJeIZi6UucxUTvfDPaBa7+jU1kCTLjCcuH3X/UVz5PtGLMtFSO5U8HP+mUDlPs97MP1uoDvMa4S2Ng==", "dependencies": { - "@sentry/core": "7.47.0", - "@sentry/types": "7.47.0", - "@sentry/utils": "7.47.0" + "@sentry/core": "7.48.0", + "@sentry/types": "7.48.0", + "@sentry/utils": "7.48.0" }, "engines": { "node": ">=12" } }, "node_modules/@sentry/tracing": { - "version": "7.47.0", - "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.47.0.tgz", - "integrity": "sha512-hJCpKdekwaFNbCVXxfCz5IxfSEJIKnkPmRSVHITOm5VhKwq2e5kmy4Rn6bzSETwJFSDE8LGbR/3eSfGTqw37XA==", + "version": "7.48.0", + "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.48.0.tgz", + "integrity": "sha512-X6w74Av0fyayNicKIlwL1IdpZ3O0ETQjyYXCDTwHoJL71ojrgrL5vdiNz8WwbPONTnqu98HehPYL/z3DCCKVbw==", "dependencies": { - "@sentry-internal/tracing": "7.47.0" + "@sentry-internal/tracing": "7.48.0" }, "engines": { "node": ">=8" } }, "node_modules/@sentry/types": { - "version": "7.47.0", - "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.47.0.tgz", - "integrity": "sha512-GxXocplN0j1+uczovHrfkykl9wvkamDtWxlPUQgyGlbLGZn+UH1Y79D4D58COaFWGEZdSNKr62gZAjfEYu9nQA==", + "version": "7.48.0", + "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.48.0.tgz", + "integrity": "sha512-kkAszZwQ5/v4n7Yyw/DPNRWx7h724mVNRGZIJa9ggUMvTgMe7UKCZZ5wfQmYiKVlGbwd9pxXAcP8Oq15EbByFQ==", "engines": { "node": ">=8" } }, "node_modules/@sentry/utils": { - "version": "7.47.0", - "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.47.0.tgz", - "integrity": "sha512-A89SaOLp6XeZfByeYo2C8Ecye/YAtk/gENuyOUhQEdMulI6mZdjqtHAp7pTMVgkBc/YNARVuoa+kR/IdRrTPkQ==", + "version": "7.48.0", + "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.48.0.tgz", + "integrity": "sha512-d977sghkFVMfld0LrEyyY2gYrfayLPdDEpUDT+hg5y79r7zZDCFyHtdB86699E5K89MwDZahW7Erk+a1nk4x5w==", "dependencies": { - "@sentry/types": "7.47.0", + "@sentry/types": "7.48.0", "tslib": "^1.9.3" }, "engines": { diff --git a/web/package.json b/web/package.json index 0c8d92e4f..b8a22d4d4 100644 --- a/web/package.json +++ b/web/package.json @@ -66,7 +66,7 @@ "@codemirror/theme-one-dark": "^6.1.1", "@formatjs/intl-listformat": "^7.1.9", "@fortawesome/fontawesome-free": "^6.4.0", - "@goauthentik/api": "^2023.3.1-1680447184", + "@goauthentik/api": "^2023.4.0-1681471246", "@hcaptcha/types": "^1.0.3", "@jackfranklin/rollup-plugin-markdown": "^0.4.0", "@lingui/cli": "^3.17.2", @@ -79,8 +79,8 @@ "@rollup/plugin-node-resolve": "^15.0.2", "@rollup/plugin-replace": "^5.0.2", "@rollup/plugin-typescript": "^11.1.0", - "@sentry/browser": "^7.47.0", - "@sentry/tracing": "^7.47.0", + "@sentry/browser": "^7.48.0", + "@sentry/tracing": "^7.48.0", "@squoosh/cli": "^0.7.3", "@trivago/prettier-plugin-sort-imports": "^4.1.1", "@types/chart.js": "^2.9.37", diff --git a/website/docs/installation/docker-compose.md b/website/docs/installation/docker-compose.md index 8185f335c..f7715ca3e 100644 --- a/website/docs/installation/docker-compose.md +++ b/website/docs/installation/docker-compose.md @@ -14,20 +14,29 @@ This installation method is for test-setups and small-scale production setups. Download the latest `docker-compose.yml` from [here](https://goauthentik.io/docker-compose.yml). Place it in a directory of your choice. -If this is a fresh authentik install run the following commands to generate a password: +If this is a fresh authentik installation, you need to generate a password and a secret key. If you don't already have a password generator installed, you can run this command to install **pwgen**, a popular generator: ```shell # You can also use openssl instead: `openssl rand -base64 36` sudo apt-get install -y pwgen -# Because of a PostgreSQL limitation, only passwords up to 99 chars are supported -# See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com +``` + +Next, run the following commands to generate a password and secret key and write them to your `.env` file: + +```shell echo "PG_PASS=$(pwgen -s 40 1)" >> .env echo "AUTHENTIK_SECRET_KEY=$(pwgen -s 50 1)" >> .env -# Skip if you don't want to enable error reporting +# Because of a PostgreSQL limitation, only passwords up to 99 chars are supported +# See https://www.postgresql.org/message-id/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com +``` + +To enable error reporting, run the following command: + +```shell echo "AUTHENTIK_ERROR_REPORTING__ENABLED=true" >> .env ``` -## Email configuration (optional, but recommended) +## Email configuration (optional but recommended) It is also recommended to configure global email credentials. These are used by authentik to notify you about alerts and configuration issues. They can also be used by [Email stages](../flow/stages/email/) to send verification/recovery emails. diff --git a/website/docs/releases/2023/v2023.4.md b/website/docs/releases/2023/v2023.4.md index 641e4cec9..5194be543 100644 --- a/website/docs/releases/2023/v2023.4.md +++ b/website/docs/releases/2023/v2023.4.md @@ -3,6 +3,14 @@ title: Release 2023.4 - RADIUS support slug: "/releases/2023.4" --- +## Breaking changes + +- (Kubernetes only) Changes to RBAC objects created by helm + + In previous versions, the helm chart would create a _ClusterRole_ and _ClusterRoleBinding_ if the service account creation was enabled. This was done to allow the deployment of outposts in any namespace in kubernetes. As this conflicted with multiple authentik installs per cluster, and was often not used, the new helm chart changes these resources to a _Role_ and _RoleBinding_, which give authentik access to deploy in the same namespace. + + To keep the old behaviour, you can install the [authentik-remote-cluster](https://artifacthub.io/packages/helm/goauthentik/authentik-remote-cluster) chart, which deploys the same RBAC into any other namespace or cluster. + ## New features - RADIUS support diff --git a/website/package-lock.json b/website/package-lock.json index 644d58b71..0f0d0275c 100644 --- a/website/package-lock.json +++ b/website/package-lock.json @@ -15,10 +15,10 @@ "@mdx-js/react": "^1.6.22", "clsx": "^1.2.1", "disqus-react": "^1.1.5", - "postcss": "^8.4.21", + "postcss": "^8.4.22", "rapidoc": "^9.3.4", "react": "^17.0.2", - "react-before-after-slider-component": "^1.1.6", + "react-before-after-slider-component": "^1.1.8", "react-dom": "^17.0.2", "react-feather": "^2.0.10", "react-toggle": "^4.1.3" @@ -8731,9 +8731,15 @@ } }, "node_modules/nanoid": { - "version": "3.3.4", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", - "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==", + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", + "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/ai" + } + ], "bin": { "nanoid": "bin/nanoid.cjs" }, @@ -9310,9 +9316,9 @@ } }, "node_modules/postcss": { - "version": "8.4.21", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz", - "integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==", + "version": "8.4.22", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.22.tgz", + "integrity": "sha512-XseknLAfRHzVWjCEtdviapiBtfLdgyzExD50Rg2ePaucEesyh8Wv4VPdW0nbyDa1ydbrAxV19jvMT4+LFmcNUA==", "funding": [ { "type": "opencollective", @@ -9321,10 +9327,14 @@ { "type": "tidelift", "url": "https://tidelift.com/funding/github/npm/postcss" + }, + { + "type": "github", + "url": "https://github.com/sponsors/ai" } ], "dependencies": { - "nanoid": "^3.3.4", + "nanoid": "^3.3.6", "picocolors": "^1.0.0", "source-map-js": "^1.0.2" }, @@ -10203,9 +10213,9 @@ } }, "node_modules/react-before-after-slider-component": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/react-before-after-slider-component/-/react-before-after-slider-component-1.1.6.tgz", - "integrity": "sha512-T6MgeomX17ibpxdDcS4GyncUb8IiZPQr9yTt9+ay1m4J5P8AGwgqOnR28Y3bMdcnjg8kIo8bvffLG5vuIWQIcw==", + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/react-before-after-slider-component/-/react-before-after-slider-component-1.1.8.tgz", + "integrity": "sha512-KcY231f68+7bF0Zkfat55jvgNSSCB5TkBtm1HhLeb336jtQ0hYKkdq6VwrleNrfeVdUD2v+E7DzgNJYc6dsY3Q==", "peerDependencies": { "react": ">=17.0.2", "react-dom": ">=17.0.2" @@ -19838,9 +19848,9 @@ } }, "nanoid": { - "version": "3.3.4", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", - "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==" + "version": "3.3.6", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz", + "integrity": "sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==" }, "negotiator": { "version": "0.6.3", @@ -20243,11 +20253,11 @@ } }, "postcss": { - "version": "8.4.21", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.21.tgz", - "integrity": "sha512-tP7u/Sn/dVxK2NnruI4H9BG+x+Wxz6oeZ1cJ8P6G/PZY0IKk4k/63TDsQf2kQq3+qoJeLm2kIBUNlZe3zgb4Zg==", + "version": "8.4.22", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.22.tgz", + "integrity": "sha512-XseknLAfRHzVWjCEtdviapiBtfLdgyzExD50Rg2ePaucEesyh8Wv4VPdW0nbyDa1ydbrAxV19jvMT4+LFmcNUA==", "requires": { - "nanoid": "^3.3.4", + "nanoid": "^3.3.6", "picocolors": "^1.0.0", "source-map-js": "^1.0.2" } @@ -20814,9 +20824,9 @@ } }, "react-before-after-slider-component": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/react-before-after-slider-component/-/react-before-after-slider-component-1.1.6.tgz", - "integrity": "sha512-T6MgeomX17ibpxdDcS4GyncUb8IiZPQr9yTt9+ay1m4J5P8AGwgqOnR28Y3bMdcnjg8kIo8bvffLG5vuIWQIcw==", + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/react-before-after-slider-component/-/react-before-after-slider-component-1.1.8.tgz", + "integrity": "sha512-KcY231f68+7bF0Zkfat55jvgNSSCB5TkBtm1HhLeb336jtQ0hYKkdq6VwrleNrfeVdUD2v+E7DzgNJYc6dsY3Q==", "requires": {} }, "react-dev-utils": { diff --git a/website/package.json b/website/package.json index 714fc2235..11dd81598 100644 --- a/website/package.json +++ b/website/package.json @@ -22,10 +22,10 @@ "@mdx-js/react": "^1.6.22", "clsx": "^1.2.1", "disqus-react": "^1.1.5", - "postcss": "^8.4.21", + "postcss": "^8.4.22", "rapidoc": "^9.3.4", "react": "^17.0.2", - "react-before-after-slider-component": "^1.1.6", + "react-before-after-slider-component": "^1.1.8", "react-dom": "^17.0.2", "react-feather": "^2.0.10", "react-toggle": "^4.1.3"