From 838b3faaf9c8a9a78d158ba987d1f749a7c1aba6 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Thu, 11 Jan 2024 15:48:50 +0100 Subject: [PATCH] update reconcile logic to clearly differentiate between tenant and global Signed-off-by: Marc 'risson' Schmitt --- authentik/admin/apps.py | 2 +- authentik/blueprints/apps.py | 26 +++++-------------- authentik/core/apps.py | 4 +-- authentik/crypto/apps.py | 2 +- authentik/enterprise/apps.py | 2 +- authentik/enterprise/providers/rac/apps.py | 2 +- authentik/events/apps.py | 4 +-- authentik/flows/apps.py | 4 +-- authentik/outposts/apps.py | 2 +- authentik/policies/apps.py | 2 +- authentik/policies/reputation/apps.py | 4 +-- authentik/providers/proxy/apps.py | 2 +- authentik/providers/scim/apps.py | 2 +- authentik/rbac/apps.py | 2 +- authentik/sources/ldap/apps.py | 2 +- authentik/sources/oauth/apps.py | 2 +- authentik/sources/saml/apps.py | 2 +- authentik/stages/authenticator_duo/apps.py | 2 +- authentik/stages/authenticator_static/apps.py | 2 +- authentik/stages/email/apps.py | 2 +- authentik/tenants/apps.py | 7 ++--- 21 files changed, 31 insertions(+), 48 deletions(-) diff --git a/authentik/admin/apps.py b/authentik/admin/apps.py index a80e21d89..6cc7ba865 100644 --- a/authentik/admin/apps.py +++ b/authentik/admin/apps.py @@ -15,6 +15,6 @@ class AuthentikAdminConfig(ManagedAppConfig): verbose_name = "authentik Admin" default = True - def reconcile_load_admin_signals(self): + def reconcile_global_load_admin_signals(self): """Load admin signals""" self.import_module("authentik.admin.signals") diff --git a/authentik/blueprints/apps.py b/authentik/blueprints/apps.py index 1c537ddd8..2fdc31015 100644 --- a/authentik/blueprints/apps.py +++ b/authentik/blueprints/apps.py @@ -13,7 +13,7 @@ class ManagedAppConfig(AppConfig): _logger: BoundLogger - RECONCILE_PREFIX: str = "reconcile_" + RECONCILE_GLOBAL_PREFIX: str = "reconcile_global_" RECONCILE_TENANT_PREFIX: str = "reconcile_tenant_" def __init__(self, app_name: str, *args, **kwargs) -> None: @@ -57,26 +57,12 @@ class ManagedAppConfig(AppConfig): with tenant: self._reconcile(self.RECONCILE_TENANT_PREFIX) - def reconcile(self) -> None: - """reconcile ourselves""" + def reconcile_global(self) -> None: + """reconcile ourselves for global methods. Used for signals, tasks, etc. Database queries should not be made in here.""" from django_tenants.utils import get_public_schema_name, schema_context - # Special case for the authentik_tenants app, as we need to create the default tenant - # before being able to use it - if self.label == "authentik_tenants": - with schema_context(get_public_schema_name()): - self._reconcile(self.RECONCILE_PREFIX) - return - - from authentik.tenants.models import Tenant - - try: - default_tenant = Tenant.objects.get(schema_name=get_public_schema_name()) - except (DatabaseError, ProgrammingError, InternalError) as exc: - self._logger.debug("Failed to get default tenant to run reconcile", exc=exc) - return - with default_tenant: - self._reconcile(self.RECONCILE_PREFIX) + with schema_context(get_public_schema_name()): + self._reconcile(self.RECONCILE_GLOBAL_PREFIX) class AuthentikBlueprintsConfig(ManagedAppConfig): @@ -87,7 +73,7 @@ class AuthentikBlueprintsConfig(ManagedAppConfig): verbose_name = "authentik Blueprints" default = True - def reconcile_load_blueprints_v1_tasks(self): + def reconcile_global_load_blueprints_v1_tasks(self): """Load v1 tasks""" self.import_module("authentik.blueprints.v1.tasks") diff --git a/authentik/core/apps.py b/authentik/core/apps.py index c3f8c8686..f158cd4a8 100644 --- a/authentik/core/apps.py +++ b/authentik/core/apps.py @@ -13,11 +13,11 @@ class AuthentikCoreConfig(ManagedAppConfig): mountpoint = "" default = True - def reconcile_load_core_signals(self): + def reconcile_global_load_core_signals(self): """Load core signals""" self.import_module("authentik.core.signals") - def reconcile_debug_worker_hook(self): + def reconcile_global_debug_worker_hook(self): """Dispatch startup tasks inline when debugging""" if settings.DEBUG: from authentik.root.celery import worker_ready_hook diff --git a/authentik/crypto/apps.py b/authentik/crypto/apps.py index 0a64c736d..24d63e92a 100644 --- a/authentik/crypto/apps.py +++ b/authentik/crypto/apps.py @@ -16,7 +16,7 @@ class AuthentikCryptoConfig(ManagedAppConfig): verbose_name = "authentik Crypto" default = True - def reconcile_load_crypto_tasks(self): + def reconcile_global_load_crypto_tasks(self): """Load crypto tasks""" self.import_module("authentik.crypto.tasks") diff --git a/authentik/enterprise/apps.py b/authentik/enterprise/apps.py index a0b9bed6d..43445cb99 100644 --- a/authentik/enterprise/apps.py +++ b/authentik/enterprise/apps.py @@ -14,6 +14,6 @@ class AuthentikEnterpriseConfig(EnterpriseConfig): verbose_name = "authentik Enterprise" default = True - def reconcile_load_enterprise_signals(self): + def reconcile_global_load_enterprise_signals(self): """Load enterprise signals""" self.import_module("authentik.enterprise.signals") diff --git a/authentik/enterprise/providers/rac/apps.py b/authentik/enterprise/providers/rac/apps.py index 13930faae..d5958eb94 100644 --- a/authentik/enterprise/providers/rac/apps.py +++ b/authentik/enterprise/providers/rac/apps.py @@ -12,6 +12,6 @@ class AuthentikEnterpriseProviderRAC(EnterpriseConfig): mountpoint = "" ws_mountpoint = "authentik.enterprise.providers.rac.urls" - def reconcile_load_rac_signals(self): + def reconcile_global_load_rac_signals(self): """Load rac signals""" self.import_module("authentik.enterprise.providers.rac.signals") diff --git a/authentik/events/apps.py b/authentik/events/apps.py index 17f795ea4..4aaa257cc 100644 --- a/authentik/events/apps.py +++ b/authentik/events/apps.py @@ -19,11 +19,11 @@ class AuthentikEventsConfig(ManagedAppConfig): verbose_name = "authentik Events" default = True - def reconcile_load_events_signals(self): + def reconcile_global_load_events_signals(self): """Load events signals""" self.import_module("authentik.events.signals") - def reconcile_check_deprecations(self): + def reconcile_global_check_deprecations(self): """Check for config deprecations""" from authentik.events.models import Event, EventAction diff --git a/authentik/flows/apps.py b/authentik/flows/apps.py index ae8b716b5..b901160a8 100644 --- a/authentik/flows/apps.py +++ b/authentik/flows/apps.py @@ -30,11 +30,11 @@ class AuthentikFlowsConfig(ManagedAppConfig): verbose_name = "authentik Flows" default = True - def reconcile_load_flows_signals(self): + def reconcile_global_load_flows_signals(self): """Load flows signals""" self.import_module("authentik.flows.signals") - def reconcile_load_stages(self): + def reconcile_global_load_stages(self): """Ensure all stages are loaded""" from authentik.flows.models import Stage diff --git a/authentik/outposts/apps.py b/authentik/outposts/apps.py index 75b4eb046..dbdf26af4 100644 --- a/authentik/outposts/apps.py +++ b/authentik/outposts/apps.py @@ -29,7 +29,7 @@ class AuthentikOutpostConfig(ManagedAppConfig): verbose_name = "authentik Outpost" default = True - def reconcile_load_outposts_signals(self): + def reconcile_global_load_outposts_signals(self): """Load outposts signals""" self.import_module("authentik.outposts.signals") diff --git a/authentik/policies/apps.py b/authentik/policies/apps.py index 329b53c6e..eca22c5f7 100644 --- a/authentik/policies/apps.py +++ b/authentik/policies/apps.py @@ -35,6 +35,6 @@ class AuthentikPoliciesConfig(ManagedAppConfig): verbose_name = "authentik Policies" default = True - def reconcile_load_policies_signals(self): + def reconcile_global_load_policies_signals(self): """Load policies signals""" self.import_module("authentik.policies.signals") diff --git a/authentik/policies/reputation/apps.py b/authentik/policies/reputation/apps.py index 14e7d3a0c..94a080a70 100644 --- a/authentik/policies/reputation/apps.py +++ b/authentik/policies/reputation/apps.py @@ -10,10 +10,10 @@ class AuthentikPolicyReputationConfig(ManagedAppConfig): verbose_name = "authentik Policies.Reputation" default = True - def reconcile_load_policies_reputation_signals(self): + def reconcile_global_load_policies_reputation_signals(self): """Load policies.reputation signals""" self.import_module("authentik.policies.reputation.signals") - def reconcile_load_policies_reputation_tasks(self): + def reconcile_global_load_policies_reputation_tasks(self): """Load policies.reputation tasks""" self.import_module("authentik.policies.reputation.tasks") diff --git a/authentik/providers/proxy/apps.py b/authentik/providers/proxy/apps.py index 4e1a9a883..2149bc7ef 100644 --- a/authentik/providers/proxy/apps.py +++ b/authentik/providers/proxy/apps.py @@ -10,6 +10,6 @@ class AuthentikProviderProxyConfig(ManagedAppConfig): verbose_name = "authentik Providers.Proxy" default = True - def reconcile_load_providers_proxy_signals(self): + def reconcile_global_load_providers_proxy_signals(self): """Load proxy signals""" self.import_module("authentik.providers.proxy.signals") diff --git a/authentik/providers/scim/apps.py b/authentik/providers/scim/apps.py index 37c6478c4..dffd4b8b5 100644 --- a/authentik/providers/scim/apps.py +++ b/authentik/providers/scim/apps.py @@ -10,6 +10,6 @@ class AuthentikProviderSCIMConfig(ManagedAppConfig): verbose_name = "authentik Providers.SCIM" default = True - def reconcile_load_signals(self): + def reconcile_global_load_signals(self): """Load signals""" self.import_module("authentik.providers.scim.signals") diff --git a/authentik/rbac/apps.py b/authentik/rbac/apps.py index f6b878c01..f4e8a43f6 100644 --- a/authentik/rbac/apps.py +++ b/authentik/rbac/apps.py @@ -10,6 +10,6 @@ class AuthentikRBACConfig(ManagedAppConfig): verbose_name = "authentik RBAC" default = True - def reconcile_load_rbac_signals(self): + def reconcile_global_load_rbac_signals(self): """Load rbac signals""" self.import_module("authentik.rbac.signals") diff --git a/authentik/sources/ldap/apps.py b/authentik/sources/ldap/apps.py index 4b55ef4ab..eb1f5e2c0 100644 --- a/authentik/sources/ldap/apps.py +++ b/authentik/sources/ldap/apps.py @@ -10,6 +10,6 @@ class AuthentikSourceLDAPConfig(ManagedAppConfig): verbose_name = "authentik Sources.LDAP" default = True - def reconcile_load_sources_ldap_signals(self): + def reconcile_global_load_sources_ldap_signals(self): """Load sources.ldap signals""" self.import_module("authentik.sources.ldap.signals") diff --git a/authentik/sources/oauth/apps.py b/authentik/sources/oauth/apps.py index 04a9a506d..e497c5647 100644 --- a/authentik/sources/oauth/apps.py +++ b/authentik/sources/oauth/apps.py @@ -31,7 +31,7 @@ class AuthentikSourceOAuthConfig(ManagedAppConfig): mountpoint = "source/oauth/" default = True - def reconcile_sources_loaded(self): + def reconcile_global_sources_loaded(self): """Load source_types from config file""" for source_type in AUTHENTIK_SOURCES_OAUTH_TYPES: try: diff --git a/authentik/sources/saml/apps.py b/authentik/sources/saml/apps.py index 727b5bbc4..f7c2847e7 100644 --- a/authentik/sources/saml/apps.py +++ b/authentik/sources/saml/apps.py @@ -11,6 +11,6 @@ class AuthentikSourceSAMLConfig(ManagedAppConfig): mountpoint = "source/saml/" default = True - def reconcile_load_sources_saml_signals(self): + def reconcile_global_load_sources_saml_signals(self): """Load sources.saml signals""" self.import_module("authentik.sources.saml.signals") diff --git a/authentik/stages/authenticator_duo/apps.py b/authentik/stages/authenticator_duo/apps.py index edb7c7a12..0e0e5d927 100644 --- a/authentik/stages/authenticator_duo/apps.py +++ b/authentik/stages/authenticator_duo/apps.py @@ -11,6 +11,6 @@ class AuthentikStageAuthenticatorDuoConfig(ManagedAppConfig): verbose_name = "authentik Stages.Authenticator.Duo" default = True - def reconcile_load_tasks(self): + def reconcile_global_load_tasks(self): """Load tasks""" self.import_module("authentik.stages.authenticator_duo.tasks") diff --git a/authentik/stages/authenticator_static/apps.py b/authentik/stages/authenticator_static/apps.py index 301ad9983..09c6202d6 100644 --- a/authentik/stages/authenticator_static/apps.py +++ b/authentik/stages/authenticator_static/apps.py @@ -10,6 +10,6 @@ class AuthentikStageAuthenticatorStaticConfig(ManagedAppConfig): verbose_name = "authentik Stages.Authenticator.Static" default = True - def reconcile_load_stages_authenticator_static_signals(self): + def reconcile_global_load_stages_authenticator_static_signals(self): """Load stages.authenticator_static signals""" self.import_module("authentik.stages.authenticator_static.signals") diff --git a/authentik/stages/email/apps.py b/authentik/stages/email/apps.py index 13c9f7ff8..ba748c18f 100644 --- a/authentik/stages/email/apps.py +++ b/authentik/stages/email/apps.py @@ -14,6 +14,6 @@ class AuthentikStageEmailConfig(ManagedAppConfig): verbose_name = "authentik Stages.Email" default = True - def reconcile_load_stages_emails_tasks(self): + def reconcile_global_load_stages_emails_tasks(self): """Load stages.emails tasks""" self.import_module("authentik.stages.email.tasks") diff --git a/authentik/tenants/apps.py b/authentik/tenants/apps.py index f08390300..bbb66e20a 100644 --- a/authentik/tenants/apps.py +++ b/authentik/tenants/apps.py @@ -27,10 +27,7 @@ class AuthentikTenantsConfig(ManagedAppConfig): verbose_name = "authentik Tenants" default = True - def ready(self): - post_migrate.connect(reconcile_default_tenant) - super().ready() - - def reconcile_default_tenant(self): + def reconcile_global_default_tenant(self): """Make sure default tenant exists, especially after a migration""" + post_migrate.connect(reconcile_default_tenant) reconcile_default_tenant()