Commit Graph

144 Commits

Author SHA1 Message Date
Marc 'risson' Schmitt bfc36bc993
store files per-tenant
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-12-04 10:11:59 +01:00
Marc 'risson' Schmitt a4fd37e429
task fixes, creation of tenant now works by cloning a template schema, some other small stuff
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-11-21 18:24:23 +01:00
Marc 'risson' Schmitt 77d8877efe
tenants -> brands, init new tenant model, migrate some config to tenants
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-11-21 18:23:58 +01:00
Jens L 220d739fef
lifecycle: rework otp_merge migration (#7359)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-28 17:56:04 +02:00
Jens L 940492a5e1
lifecycle: fix otp merge migration (#7315)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-26 20:05:33 +02:00
dependabot[bot] 87f2b37348
core: bump pylint from 2.17.7 to 3.0.2 (#7270)
* core: bump pylint from 2.17.7 to 3.0.2

Bumps [pylint](https://github.com/pylint-dev/pylint) from 2.17.7 to 3.0.2.
- [Release notes](https://github.com/pylint-dev/pylint/releases)
- [Commits](https://github.com/pylint-dev/pylint/compare/v2.17.7...v3.0.2)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix pylint warning

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-10-24 12:37:37 +02:00
Jens L 6fb7586b00
lifecycle: fix otp_merge migration again (#7244)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-20 14:27:57 +02:00
Jens L 0697e3d5a4
rbac: revisions (#7188)
* improve system migration logging

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix filter for internal service accounts

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* merge migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* bump go api

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* sources/ldap: check if we need to connect to ldap before connecting

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-16 19:42:19 +02:00
Jens L dce913496e
lifecycle: re-fix system migrations (#7185)
fix system migrations?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-16 17:28:53 +02:00
Jens L a22bc5a261
lifecycle: fix install_id migration not running (#7116)
* lifecycle: fix install_id migration not running

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ldap test?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* idk if this works

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-09 19:52:06 +02:00
Jens L b90ed6bab3
lifecycle: improve reliability of system migrations (#7089)
* lifecycle: improve reliability of system migrations

better transaction handling which allows for re-trying migrations without needing manual intervention

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove explicit commit

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-06 18:56:10 +02:00
Jens Langhammer 090d2d8362
Revert "lifecycle: improve reliability of system migrations"
This reverts commit 3b8b307c4d.
2023-10-06 15:46:45 +02:00
Jens Langhammer 3b8b307c4d
lifecycle: improve reliability of system migrations
better transaction handling which allows for re-trying migrations without needing manual intervention

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-06 13:51:23 +02:00
Jens L a0f607b5ac
web/flows: bottom-align about text on flows page (#7051)
* web/flows: bottom-align about text on flows page

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix a bunch of typos

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-03 14:10:10 +02:00
Marc 'risson' Schmitt a7a4b18082 fix ak test-all dependencies
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-09-11 15:44:26 +02:00
Jens L 6612f729ec
stages/authenticator: vendor otp (#6741)
* initial import

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update imports

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove email and hotp for now

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove things we don't need and clean up

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial merge static

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial merge totp

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more fixes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix migrations

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update webui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add system migration

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more cleanup, add doctests to test_runner

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* more cleanup

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fixup more lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup last tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update docstrings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* implement SerializerModel

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix web format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-04 11:45:14 +02:00
Jens L fd561ac802
root: connect to backend via socket (#6720)
* root: connect to gunicorn via socket

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* put socket in temp folder

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use non-socket connection for debug

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* don't hardcode local url

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix dev_server missing websocket

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* dedupe logging config between gunicorn and main app

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* slight refactor for proxy errors

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-09-02 17:58:37 +02:00
Jens L cc6824fd7c
core: bump django from 4.1.7 to 4.2 (#5238)
* core: bump django from 4.1.7 to 4.2 (#5151)

* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start changelog

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* initial postgres upgrade guide

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update header

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
2023-08-01 19:30:28 +02:00
Jens L 561e6956fe
root: add get_int to config loader instead of casting to int everywhere (#6436)
* root: add get_int to config loader instead of casting to int everywhere

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve error handling, add test

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-31 19:34:59 +02:00
Jens L 2f469d2709
root: partial Live-updating config (#5959)
* stages/email: directly use email credentials from config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use custom database backend that supports dynamic credentials

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add crude config reloader

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make method names for CONFIG clearer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* replace config.set with environ

Not sure if this is the cleanest way, but it persists through a config reload

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add set for @patch

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* even more crudeness

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* clean up some old stuff?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup old things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix flow e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-19 23:13:22 +02:00
Jens L a987846c76
root: celery refactor (#6095)
* root: celery refactor

cleanup deprecation messages by configuring celery with a single object

run celery as django management command

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* improve debug experience

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add debugpy to dev dependencies

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix task_always_eager

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-28 16:44:50 +02:00
Jens L 5b0cc3672b
root: add method to get install_id without django being loaded (#5755)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-25 18:52:21 +02:00
Jens L 0d0bb1a559
root: add install ID (#5717)
* root: add install ID

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add fallback when no migrations table exists

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-22 17:24:12 +02:00
Jens L 54d508ae8c
ci: fix pyright errors (#5392)
* ci: fix pyright errors

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix error in oauth 1 source

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove redundant blueprint fixtures

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-27 17:33:47 +03:00
Jens L 94ae490284
lifecycle: migrate internal healthcheck to use go (#5322)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-20 19:46:49 +03:00
Jens L dfa80543b5
root: add ruff linter (#5240)
* root: add ruff linter

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually add ruff

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix lint

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-18 13:28:19 +02:00
Jens L 1a4c640835
lifecycle: fix worker healthcheck (#5259)
closes #5258

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 14:39:31 +02:00
Jens L 38bf0ee740
lifecycle: re-add exec to ak wrapper (#5253)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-14 13:52:11 +02:00
Jens L f84a10b59b
core: revert django update (#5236)
* Revert "core: bump django from 4.1.7 to 4.2 (#5151)"

This reverts commit 18a4eac527.

* run unittests with postgres 11 and 12

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-13 14:10:12 +02:00
dependabot[bot] 18a4eac527
core: bump django from 4.1.7 to 4.2 (#5151)
* core: bump django from 4.1.7 to 4.2

Bumps [django](https://github.com/django/django) from 4.1.7 to 4.2.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/4.1.7...4.2)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* upgrade to psycopg3, use custom engine for prometheus metrics

See https://github.com/korfuri/django-prometheus/issues/350

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make scripts use pscopg3

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-04-11 15:00:27 +02:00
Jens L 02f75a92ce
lifecycle: don't use celery ping for worker healthcheck (#5153)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-03 18:15:31 +02:00
Ongy adcd11b1f8
core: extend postgres configuration (#5138)
Add postgres configuration options to control
TLS verification and client certificates.
2023-04-02 17:39:36 +02:00
Jens L 9666d407b4
lifecycle: also migrate before starting worker, trap exit to cleanup mode (#5123)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-03-30 14:04:38 +02:00
dependabot[bot] 18cfe67719
core: bump black from 22.12.0 to 23.1.0 (#4584)
* core: bump black from 22.12.0 to 23.1.0

Bumps [black](https://github.com/psf/black) from 22.12.0 to 23.1.0.
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](https://github.com/psf/black/compare/22.12.0...23.1.0)

---
updated-dependencies:
- dependency-name: black
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* re-format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-02-01 11:31:32 +01:00
Jens L 9568f4dbd6
root: improve code style (#4436)
* cleanup pylint comments

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* remove more

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix url name

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* *: use ExtractHour instead of ExtractDay

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-15 17:02:31 +01:00
Jens L e6b5810e03
polices/hibp: remove deprecated (#4363)
* remove hibp

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save event matcher apps in migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup migrations

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update docs, update some phrasing

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2023-01-05 13:19:26 +01:00
Jens Langhammer 6ca1654129 lifecycle: don't set user/group in gunicorn
closes #4098 closes #3236

the user and group are inherited from the parent process so this isnt required

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-02 12:42:55 +02:00
Jens L 55aa1897af
root: use single redis db (#4009)
* use single redis db

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* cleanup prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ensure __str__ always returns string

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix remaining old prefixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add release notes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-15 14:31:29 +01:00
Jens Langhammer ee6dc45a30 lifecycle: fix incorrect messages looped
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-12 16:50:03 +01:00
Jens Langhammer 6882445937 *: handle PermissionError when saving files, ensure permission bits are set correctly
closes #3817

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-10-19 20:24:28 +02:00
Jens L b16a3d5697
internal: use config system for workers/threads, document the settings (#3626)
use config system for workers/threads, document the settings

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-21 09:59:03 +02:00
Jens Langhammer 28835fbca7 root: re-use custom log helper from config and cleanup duplicate functions
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-09-10 13:24:31 +02:00
Jens L 62f93c83d4
ci: update pyright (#3546) 2022-09-07 00:23:25 +02:00
Jens Langhammer d8a68407f9 lifecycle: add worker-status command to debug worker cpu usage issues
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

#3125
2022-08-18 20:13:30 +02:00
Jens L ec42d378ab
blueprints/cleanup (#3369) 2022-08-05 08:39:00 +02:00
Jens L db1dd196e0
lifecycle: optimise container lifecycle and process signals (#3332)
* add dumb-init, use exec in wrapper

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix exec?

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-30 22:41:29 +02:00
Jens Langhammer 658dc63c4c lifecycle: revert waiting for lock, launch managed reconcile on app import
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 12:06:57 +02:00
Jens Langhammer 4edec5f666 lifecycle: connect to database first
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-19 10:54:56 +02:00
Jens L e9d9d658c4
lifecycle: make worker wait for migrations to be done (#3254)
* lifecycle: make worker wait for migrations to be done

* retry managed reconcile task
2022-07-15 19:44:45 +02:00
Jens Langhammer d56ddb16b1 lifecycle: fix confusing success messages in startup healthiness check
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-06-20 21:26:21 +02:00