trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

move path config into paths. object 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-12-25 19:35:44 +01:00
parent ee75357059
commit ae0d28abde
No known key found for this signature in database
12 changed files with 33 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Dockerfile
View File

@ -131,10 +131,10 @@ RUN apt-get update && \
apt-get clean && \ apt-get clean && \
rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && \ rm -rf /tmp/* /var/lib/apt/lists/* /var/tmp/ && \
adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \ adduser --system --no-create-home --uid 1000 --group --home /authentik authentik && \
mkdir -p /certs /media /blueprints && \ mkdir -p /data/certs /data/media /data/blueprints && \
mkdir -p /authentik/.ssh && \ mkdir -p /authentik/.ssh && \
mkdir -p /ak-root && \ mkdir -p /ak-root && \
chown authentik:authentik /certs /media /authentik/.ssh /ak-root chown authentik:authentik /data/certs /data/media /authentik/.ssh /ak-root
COPY ./authentik/ /ak-root/authentik COPY ./authentik/ /ak-root/authentik
COPY ./pyproject.toml /ak-root COPY ./pyproject.toml /ak-root
@ -143,7 +143,7 @@ COPY ./schemas /ak-root/schemas
COPY ./locale /ak-root/locale COPY ./locale /ak-root/locale
COPY ./tests /ak-root/tests COPY ./tests /ak-root/tests
COPY ./manage.py /ak-root/ COPY ./manage.py /ak-root/
COPY ./blueprints /blueprints COPY ./blueprints /data/blueprints
COPY ./lifecycle/ /ak-root/lifecycle COPY ./lifecycle/ /ak-root/lifecycle
COPY --from=go-builder /go/authentik /bin/authentik COPY --from=go-builder /go/authentik /bin/authentik
COPY --from=python-deps /ak-root/venv /ak-root/venv COPY --from=python-deps /ak-root/venv /ak-root/venv
@ -151,7 +151,7 @@ COPY --from=python-deps /work/venv /ak-root/venv
COPY --from=web-builder /work/web/dist/ /ak-root/web/dist/ COPY --from=web-builder /work/web/dist/ /ak-root/web/dist/
COPY --from=web-builder /work/web/authentik/ /ak-root/web/authentik/ COPY --from=web-builder /work/web/authentik/ /ak-root/web/authentik/
COPY --from=website-builder /work/website/help/ /ak-root/website/help/ COPY --from=website-builder /work/website/help/ /ak-root/website/help/
COPY --from=geoip /usr/share/GeoIP /ak-root/geoip COPY --from=geoip /usr/share/GeoIP /data/geoip
USER 1000 USER 1000

4
authentik/blueprints/migrations/0001_initial.py
View File

@ -30,7 +30,7 @@ def check_blueprint_v1_file(BlueprintInstance: type, path: Path):
return return
blueprint_file.seek(0) blueprint_file.seek(0)
instance: BlueprintInstance = BlueprintInstance.objects.filter(path=path).first() instance: BlueprintInstance = BlueprintInstance.objects.filter(path=path).first()
rel_path = path.relative_to(Path(CONFIG.get("blueprints_dir"))) rel_path = path.relative_to(Path(CONFIG.get("paths.blueprints")))
meta = None meta = None
if metadata: if metadata:
meta = from_dict(BlueprintMetadata, metadata) meta = from_dict(BlueprintMetadata, metadata)
@ -55,7 +55,7 @@ def migration_blueprint_import(apps: Apps, schema_editor: BaseDatabaseSchemaEdit
Flow = apps.get_model("authentik_flows", "Flow") Flow = apps.get_model("authentik_flows", "Flow")
db_alias = schema_editor.connection.alias db_alias = schema_editor.connection.alias
for file in glob(f"{CONFIG.get('blueprints_dir')}/**/*.yaml", recursive=True): for file in glob(f"{CONFIG.get('paths.blueprints')}/**/*.yaml", recursive=True):
check_blueprint_v1_file(BlueprintInstance, Path(file)) check_blueprint_v1_file(BlueprintInstance, Path(file))
for blueprint in BlueprintInstance.objects.using(db_alias).all(): for blueprint in BlueprintInstance.objects.using(db_alias).all():

2
authentik/blueprints/models.py
View File

@ -82,7 +82,7 @@ class BlueprintInstance(SerializerModel, ManagedModel, CreatedUpdatedModel):
def retrieve_file(self) -> str: def retrieve_file(self) -> str:
"""Get blueprint from path""" """Get blueprint from path"""
try: try:
base = Path(CONFIG.get("blueprints_dir")) base = Path(CONFIG.get("paths.blueprints"))
full_path = base.joinpath(Path(self.path)).resolve() full_path = base.joinpath(Path(self.path)).resolve()
if not str(full_path).startswith(str(base.resolve())): if not str(full_path).startswith(str(base.resolve())):
raise BlueprintRetrievalFailed("Invalid blueprint path") raise BlueprintRetrievalFailed("Invalid blueprint path")

2
authentik/blueprints/tests/test_v1_api.py
View File

@ -19,7 +19,7 @@ class TestBlueprintsV1API(APITestCase):
self.user = create_test_admin_user() self.user = create_test_admin_user()
self.client.force_login(self.user) self.client.force_login(self.user)
@CONFIG.patch("blueprints_dir", TMP) @CONFIG.patch("paths.blueprints", TMP)
def test_api_available(self): def test_api_available(self):
"""Test valid file""" """Test valid file"""
with NamedTemporaryFile(mode="w+", suffix=".yaml", dir=TMP) as file: with NamedTemporaryFile(mode="w+", suffix=".yaml", dir=TMP) as file:

10
authentik/blueprints/tests/test_v1_tasks.py
View File

@ -16,7 +16,7 @@ TMP = mkdtemp("authentik-blueprints")
class TestBlueprintsV1Tasks(TransactionTestCase): class TestBlueprintsV1Tasks(TransactionTestCase):
"""Test Blueprints v1 Tasks""" """Test Blueprints v1 Tasks"""
@CONFIG.patch("blueprints_dir", TMP) @CONFIG.patch("paths.blueprints", TMP)
def test_invalid_file_syntax(self): def test_invalid_file_syntax(self):
"""Test syntactically invalid file""" """Test syntactically invalid file"""
with NamedTemporaryFile(suffix=".yaml", dir=TMP) as file: with NamedTemporaryFile(suffix=".yaml", dir=TMP) as file:
@ -25,7 +25,7 @@ class TestBlueprintsV1Tasks(TransactionTestCase):
blueprints = blueprints_find() blueprints = blueprints_find()
self.assertEqual(blueprints, []) self.assertEqual(blueprints, [])
@CONFIG.patch("blueprints_dir", TMP) @CONFIG.patch("paths.blueprints", TMP)
def test_invalid_file_version(self): def test_invalid_file_version(self):
"""Test invalid file""" """Test invalid file"""
with NamedTemporaryFile(suffix=".yaml", dir=TMP) as file: with NamedTemporaryFile(suffix=".yaml", dir=TMP) as file:
@ -34,7 +34,7 @@ class TestBlueprintsV1Tasks(TransactionTestCase):
blueprints = blueprints_find() blueprints = blueprints_find()
self.assertEqual(blueprints, []) self.assertEqual(blueprints, [])
@CONFIG.patch("blueprints_dir", TMP) @CONFIG.patch("paths.blueprints", TMP)
def test_valid(self): def test_valid(self):
"""Test valid file""" """Test valid file"""
blueprint_id = generate_id() blueprint_id = generate_id()
@ -64,7 +64,7 @@ class TestBlueprintsV1Tasks(TransactionTestCase):
}, },
) )
@CONFIG.patch("blueprints_dir", TMP) @CONFIG.patch("paths.blueprints", TMP)
def test_valid_updated(self): def test_valid_updated(self):
"""Test valid file""" """Test valid file"""
BlueprintInstance.objects.filter(name="foo").delete() BlueprintInstance.objects.filter(name="foo").delete()
@ -123,7 +123,7 @@ class TestBlueprintsV1Tasks(TransactionTestCase):
}, },
) )
@CONFIG.patch("blueprints_dir", TMP) @CONFIG.patch("paths.blueprints", TMP)
def test_valid_disabled(self): def test_valid_disabled(self):
"""Test valid file""" """Test valid file"""
with NamedTemporaryFile(mode="w+", suffix=".yaml", dir=TMP) as file: with NamedTemporaryFile(mode="w+", suffix=".yaml", dir=TMP) as file:

6
authentik/blueprints/v1/tasks.py
View File

@ -62,7 +62,7 @@ def start_blueprint_watcher():
if _file_watcher_started: if _file_watcher_started:
return return
observer = Observer() observer = Observer()
observer.schedule(BlueprintEventHandler(), CONFIG.get("blueprints_dir"), recursive=True) observer.schedule(BlueprintEventHandler(), CONFIG.get("paths.blueprints"), recursive=True)
observer.start() observer.start()
_file_watcher_started = True _file_watcher_started = True
@ -75,7 +75,7 @@ class BlueprintEventHandler(FileSystemEventHandler):
return return
if event.is_directory: if event.is_directory:
return return
root = Path(CONFIG.get("blueprints_dir")).absolute() root = Path(CONFIG.get("paths.blueprints")).absolute()
path = Path(event.src_path).absolute() path = Path(event.src_path).absolute()
rel_path = str(path.relative_to(root)) rel_path = str(path.relative_to(root))
if isinstance(event, FileCreatedEvent): if isinstance(event, FileCreatedEvent):
@ -101,7 +101,7 @@ def blueprints_find_dict():
def blueprints_find() -> list[BlueprintFile]: def blueprints_find() -> list[BlueprintFile]:
"""Find blueprints and return valid ones""" """Find blueprints and return valid ones"""
blueprints = [] blueprints = []
root = Path(CONFIG.get("blueprints_dir")) root = Path(CONFIG.get("paths.blueprints"))
for path in root.rglob("**/*.yaml"): for path in root.rglob("**/*.yaml"):
rel_path = path.relative_to(root) rel_path = path.relative_to(root)
# Check if any part in the path starts with a dot and assume a hidden file # Check if any part in the path starts with a dot and assume a hidden file

2
authentik/crypto/tasks.py
View File

@ -46,7 +46,7 @@ def certificate_discovery(self: MonitoredTask):
certs = {} certs = {}
private_keys = {} private_keys = {}
discovered = 0 discovered = 0
for file in glob(CONFIG.get("cert_discovery_dir") + "/**", recursive=True): for file in glob(CONFIG.get("path.cert_discovery") + "/**", recursive=True):
path = Path(file) path = Path(file)
if not path.exists(): if not path.exists():
continue continue

2
authentik/crypto/tests.py
View File

@ -265,7 +265,7 @@ class TestCrypto(APITestCase):
_cert.write(builder.certificate) _cert.write(builder.certificate)
with open(f"{temp_dir}/foo.bar/privkey.pem", "w+", encoding="utf-8") as _key: with open(f"{temp_dir}/foo.bar/privkey.pem", "w+", encoding="utf-8") as _key:
_key.write(builder.private_key) _key.write(builder.private_key)
with CONFIG.patch("cert_discovery_dir", temp_dir): with CONFIG.patch("path.cert_discovery", temp_dir):
certificate_discovery() # pylint: disable=no-value-for-parameter certificate_discovery() # pylint: disable=no-value-for-parameter
keypair: CertificateKeyPair = CertificateKeyPair.objects.filter( keypair: CertificateKeyPair = CertificateKeyPair.objects.filter(
managed=MANAGED_DISCOVERED % "foo" managed=MANAGED_DISCOVERED % "foo"

13
authentik/lib/default.yml
View File

@ -54,7 +54,10 @@ cache:
# url: "" # url: ""
paths: paths:
media: ./media media: /data/media
cert_discovery: /data/certs
email_templates: /data/email-templates
blueprints: /data/blueprints
debug: false debug: false
remote_debug: false remote_debug: false
@ -78,7 +81,6 @@ email:
use_ssl: false use_ssl: false
timeout: 10 timeout: 10
from: authentik@localhost from: authentik@localhost
template_dir: /templates
throttle: throttle:
providers: providers:
@ -110,8 +112,8 @@ disable_startup_analytics: false
avatars: env://AUTHENTIK_AUTHENTIK__AVATARS?gravatar,initials avatars: env://AUTHENTIK_AUTHENTIK__AVATARS?gravatar,initials
events: events:
context_processors: context_processors:
geoip: "/ak-root/geoip/GeoLite2-City.mmdb" geoip: "/data/geoip/GeoLite2-City.mmdb"
asn: "/ak-root/geoip/GeoLite2-ASN.mmdb" asn: "/data/geoip/GeoLite2-ASN.mmdb"
footer_links: [] footer_links: []
@ -120,12 +122,9 @@ default_user_change_email: false
default_user_change_username: false default_user_change_username: false
gdpr_compliance: true gdpr_compliance: true
cert_discovery_dir: /certs
default_token_length: 60 default_token_length: 60
impersonation: true impersonation: true
blueprints_dir: /blueprints
web: web:
# No default here as it's set dynamically # No default here as it's set dynamically
# workers: 2 # workers: 2

2
authentik/root/settings.py
View File

@ -237,7 +237,7 @@ ROOT_URLCONF = "authentik.root.urls"
TEMPLATES = [ TEMPLATES = [
{ {
"BACKEND": "django.template.backends.django.DjangoTemplates", "BACKEND": "django.template.backends.django.DjangoTemplates",
"DIRS": [CONFIG.get("email.template_dir")], "DIRS": [CONFIG.get("paths.email_templates")],
"APP_DIRS": True, "APP_DIRS": True,
"OPTIONS": { "OPTIONS": {
"context_processors": [ "context_processors": [

2
authentik/root/test_runner.py
View File

@ -34,7 +34,7 @@ class PytestTestRunner(DiscoverRunner): # pragma: no cover
CONFIG.set("avatars", "none") CONFIG.set("avatars", "none")
CONFIG.set("events.context_processors.geoip", "tests/GeoLite2-City-Test.mmdb") CONFIG.set("events.context_processors.geoip", "tests/GeoLite2-City-Test.mmdb")
CONFIG.set("events.context_processors.asn", "tests/GeoLite2-ASN-Test.mmdb") CONFIG.set("events.context_processors.asn", "tests/GeoLite2-ASN-Test.mmdb")
CONFIG.set("blueprints_dir", "./blueprints") CONFIG.set("paths.blueprints", "./blueprints")
CONFIG.set( CONFIG.set(
"outposts.container_image_base", "outposts.container_image_base",
f"ghcr.io/goauthentik/dev-%(type)s:{get_docker_tag()}", f"ghcr.io/goauthentik/dev-%(type)s:{get_docker_tag()}",

9
scripts/generate_config.py
View File

@ -15,8 +15,13 @@ with open("local.env.yml", "w", encoding="utf-8") as _config:
"outposts": { "outposts": {
"container_image_base": "ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s", "container_image_base": "ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s",
}, },
"blueprints_dir": "./blueprints", "paths.blueprints": "./blueprints",
"cert_discovery_dir": "./certs", "paths": {
"cert_discovery": "./data/certs",
"media": "./data/media",
"email_templates": "./data/email-templates",
"blueprints": "./blueprints",
},
"events": { "events": {
"processors": { "processors": {
"geoip": "tests/GeoLite2-City-Test.mmdb", "geoip": "tests/GeoLite2-City-Test.mmdb",