From e13e7bfb8ef4e114586c26df1442be5257983dbe Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 4 Aug 2023 00:03:58 +0200 Subject: [PATCH] add new "must_created" state to blueprints to prevent overwriting objects Signed-off-by: Jens Langhammer --- .../commands/make_blueprint_schema.py | 3 +- authentik/blueprints/v1/common.py | 1 + authentik/blueprints/v1/importer.py | 13 +- .../core/api/transactional_applications.py | 4 +- blueprints/schema.json | 213 ++++++++++++------ schema.yml | 66 +++--- .../developer-docs/docs/templates/index.md | 2 +- 7 files changed, 193 insertions(+), 109 deletions(-) diff --git a/authentik/blueprints/management/commands/make_blueprint_schema.py b/authentik/blueprints/management/commands/make_blueprint_schema.py index 5ca5d4eca..f75b6ab0b 100644 --- a/authentik/blueprints/management/commands/make_blueprint_schema.py +++ b/authentik/blueprints/management/commands/make_blueprint_schema.py @@ -9,6 +9,7 @@ from rest_framework.fields import Field, JSONField, UUIDField from rest_framework.serializers import Serializer from structlog.stdlib import get_logger +from authentik.blueprints.v1.common import BlueprintEntryDesiredState from authentik.blueprints.v1.importer import SERIALIZER_CONTEXT_BLUEPRINT, is_model_allowed from authentik.blueprints.v1.meta.registry import BaseMetaModel, registry from authentik.lib.models import SerializerModel @@ -110,7 +111,7 @@ class Command(BaseCommand): "id": {"type": "string"}, "state": { "type": "string", - "enum": ["absent", "present", "created"], + "enum": [s.value for s in BlueprintEntryDesiredState], "default": "present", }, "conditions": {"type": "array", "items": {"type": "boolean"}}, diff --git a/authentik/blueprints/v1/common.py b/authentik/blueprints/v1/common.py index 9eda93300..f00c27bc0 100644 --- a/authentik/blueprints/v1/common.py +++ b/authentik/blueprints/v1/common.py @@ -52,6 +52,7 @@ class BlueprintEntryDesiredState(Enum): ABSENT = "absent" PRESENT = "present" CREATED = "created" + MUST_CREATED = "must_created" @dataclass diff --git a/authentik/blueprints/v1/importer.py b/authentik/blueprints/v1/importer.py index c528d6fd1..fd47e06ae 100644 --- a/authentik/blueprints/v1/importer.py +++ b/authentik/blueprints/v1/importer.py @@ -202,6 +202,13 @@ class Importer: ) serializer_kwargs["instance"] = model_instance serializer_kwargs["partial"] = True + elif model_instance and entry.state == BlueprintEntryDesiredState.MUST_CREATED: + raise EntryInvalidError( + ( + f"state is set to {BlueprintEntryDesiredState.MUST_CREATED}" + " and object exists already" + ) + ) else: self.logger.debug( "initialised new serializer instance", model=model, **updated_identifiers @@ -269,7 +276,11 @@ class Importer: continue state = entry.get_state(self._import) - if state in [BlueprintEntryDesiredState.PRESENT, BlueprintEntryDesiredState.CREATED]: + if state in [ + BlueprintEntryDesiredState.PRESENT, + BlueprintEntryDesiredState.CREATED, + BlueprintEntryDesiredState.MUST_CREATED, + ]: instance = serializer.instance if ( instance diff --git a/authentik/core/api/transactional_applications.py b/authentik/core/api/transactional_applications.py index 2f3110029..fa48d0523 100644 --- a/authentik/core/api/transactional_applications.py +++ b/authentik/core/api/transactional_applications.py @@ -96,7 +96,7 @@ class TransactionalApplicationView(APIView): blueprint.entries.append( BlueprintEntry( model=data.validated_data["provider_model"], - state=BlueprintEntryDesiredState.PRESENT, + state=BlueprintEntryDesiredState.MUST_CREATED, identifiers={ "name": data.validated_data["provider"]["name"], }, @@ -109,7 +109,7 @@ class TransactionalApplicationView(APIView): blueprint.entries.append( BlueprintEntry( model="authentik_core.application", - state=BlueprintEntryDesiredState.PRESENT, + state=BlueprintEntryDesiredState.MUST_CREATED, identifiers={ "slug": data.validated_data["app"]["slug"], }, diff --git a/blueprints/schema.json b/blueprints/schema.json index 7637beec4..0a3b9690e 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -59,7 +59,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -95,7 +96,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -131,7 +133,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -167,7 +170,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -203,7 +207,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -239,7 +244,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -275,7 +281,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -311,7 +318,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -347,7 +355,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -383,7 +392,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -419,7 +429,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -455,7 +466,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -491,7 +503,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -527,7 +540,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -563,7 +577,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -599,7 +614,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -635,7 +651,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -671,7 +688,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -707,7 +725,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -743,7 +762,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -779,7 +799,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -815,7 +836,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -851,7 +873,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -887,7 +910,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -923,7 +947,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -959,7 +984,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -995,7 +1021,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1031,7 +1058,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1067,7 +1095,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1103,7 +1132,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1139,7 +1169,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1175,7 +1206,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1211,7 +1243,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1247,7 +1280,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1283,7 +1317,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1319,7 +1354,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1355,7 +1391,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1391,7 +1428,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1427,7 +1465,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1463,7 +1502,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1499,7 +1539,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1535,7 +1576,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1571,7 +1613,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1607,7 +1650,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1643,7 +1687,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1679,7 +1724,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1715,7 +1761,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1751,7 +1798,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1787,7 +1835,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1823,7 +1872,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1859,7 +1909,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1895,7 +1946,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1931,7 +1983,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -1967,7 +2020,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2003,7 +2057,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2039,7 +2094,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2075,7 +2131,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2111,7 +2168,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2147,7 +2205,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2183,7 +2242,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2219,7 +2279,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2255,7 +2316,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2291,7 +2353,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2327,7 +2390,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2363,7 +2427,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2399,7 +2464,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2435,7 +2501,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2471,7 +2538,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2507,7 +2575,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2543,7 +2612,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, @@ -2579,7 +2649,8 @@ "enum": [ "absent", "present", - "created" + "created", + "must_created" ], "default": "present" }, diff --git a/schema.yml b/schema.yml index 18f781b7d..96d20c5fe 100644 --- a/schema.yml +++ b/schema.yml @@ -3088,39 +3088,6 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' - /core/applications/create_transactional/: - put: - operationId: core_applications_create_transactional_update - description: Convert data into a blueprint, validate it and apply it - tags: - - core - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/TransactionApplicationRequest' - required: true - security: - - authentik: [] - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/TransactionApplicationResponse' - description: '' - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/ValidationError' - description: '' - '403': - content: - application/json: - schema: - $ref: '#/components/schemas/GenericError' - description: '' /core/authenticated_sessions/: get: operationId: core_authenticated_sessions_list @@ -4382,6 +4349,39 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' + /core/transactional/applications/: + put: + operationId: core_transactional_applications_update + description: Convert data into a blueprint, validate it and apply it + tags: + - core + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/TransactionApplicationRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/TransactionApplicationResponse' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' /core/user_consent/: get: operationId: core_user_consent_list diff --git a/website/developer-docs/docs/templates/index.md b/website/developer-docs/docs/templates/index.md index 7ae832890..9645e706d 100644 --- a/website/developer-docs/docs/templates/index.md +++ b/website/developer-docs/docs/templates/index.md @@ -8,7 +8,7 @@ The most common types are: - [**Procedural**](./procedural.md): these are How To docs, the HOW information, with step-by-step instructions for accomplishing a task. This is what most people are looking for when they open the docs... and best practice is to separate the procedural docs from long, lengthy conceptual or reference docs. -- **Conceptual**: these docs provide the WHY information, and explain when to use a feature (or when not to!), and general concepts behind the fature or functioanlity. +- **Conceptual**: these docs provide the WHY information, and explain when to use a feature (or when not to!), and general concepts behind the feature or functioanlity. - **Reference**: this is typically tables or lists of reference information, such as configuration values, or most commmonly APIs.