From 9d0a01012d0ce99ddd86d5e9e026975cc8e91608 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 17:41:19 +0100 Subject: [PATCH 01/16] root: use stable version on master This reverts commit 94182f88a43da300e65439d306ecaa5ea0237eb8. --- .bumpversion.cfg | 2 +- .github/workflows/release.yml | 14 +++++++------- authentik/__init__.py | 2 +- docker-compose.yml | 6 +++--- helm/Chart.yaml | 2 +- helm/README.md | 2 +- helm/values.yaml | 2 +- outpost/pkg/version.go | 2 +- web/src/constants.ts | 2 +- website/docs/installation/docker-compose.md | 2 +- website/docs/installation/kubernetes.md | 2 +- website/docs/releases/2021.1.1.md | 2 +- 12 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.bumpversion.cfg b/.bumpversion.cfg index 1777fd7ca..37340a01d 100644 --- a/.bumpversion.cfg +++ b/.bumpversion.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 2021.1.1-rc1 +current_version = 0.14.2-stable tag = True commit = True parse = (?P\d+)\.(?P\d+)\.(?P\d+)\-(?P.*) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3890cab88..9ba09b539 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,11 +18,11 @@ jobs: - name: Building Docker Image run: docker build --no-cache - -t beryju/authentik:2021.1.1-rc1 + -t beryju/authentik:0.14.2-stable -t beryju/authentik:latest -f Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik:2021.1.1-rc1 + run: docker push beryju/authentik:0.14.2-stable - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik:latest build-proxy: @@ -48,11 +48,11 @@ jobs: cd outpost/ docker build \ --no-cache \ - -t beryju/authentik-proxy:2021.1.1-rc1 \ + -t beryju/authentik-proxy:0.14.2-stable \ -t beryju/authentik-proxy:latest \ -f proxy.Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik-proxy:2021.1.1-rc1 + run: docker push beryju/authentik-proxy:0.14.2-stable - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik-proxy:latest build-static: @@ -69,11 +69,11 @@ jobs: cd web/ docker build \ --no-cache \ - -t beryju/authentik-static:2021.1.1-rc1 \ + -t beryju/authentik-static:0.14.2-stable \ -t beryju/authentik-static:latest \ -f Dockerfile . - name: Push Docker Container to Registry (versioned) - run: docker push beryju/authentik-static:2021.1.1-rc1 + run: docker push beryju/authentik-static:0.14.2-stable - name: Push Docker Container to Registry (latest) run: docker push beryju/authentik-static:latest test-release: @@ -107,5 +107,5 @@ jobs: SENTRY_PROJECT: authentik SENTRY_URL: https://sentry.beryju.org with: - tagName: 2021.1.1-rc1 + tagName: 0.14.2-stable environment: beryjuorg-prod diff --git a/authentik/__init__.py b/authentik/__init__.py index c5383079b..aaad65fe8 100644 --- a/authentik/__init__.py +++ b/authentik/__init__.py @@ -1,2 +1,2 @@ """authentik""" -__version__ = "2021.1.1-rc1" +__version__ = "0.14.2-stable" diff --git a/docker-compose.yml b/docker-compose.yml index 8da862643..a3653d32a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,7 +19,7 @@ services: networks: - internal server: - image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.1-rc1} + image: beryju/authentik:${AUTHENTIK_TAG:-0.14.2-stable} command: server environment: AUTHENTIK_REDIS__HOST: redis @@ -45,7 +45,7 @@ services: env_file: - .env worker: - image: beryju/authentik:${AUTHENTIK_TAG:-2021.1.1-rc1} + image: beryju/authentik:${AUTHENTIK_TAG:-0.14.2-stable} command: worker networks: - internal @@ -62,7 +62,7 @@ services: env_file: - .env static: - image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.1.1-rc1} + image: beryju/authentik-static:${AUTHENTIK_TAG:-0.14.2-stable} networks: - internal labels: diff --git a/helm/Chart.yaml b/helm/Chart.yaml index 3e359eeff..2ad9ead3e 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -4,7 +4,7 @@ name: authentik home: https://goauthentik.io sources: - https://github.com/BeryJu/authentik -version: "2021.1.1-rc1" +version: "0.14.2-stable" icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg dependencies: - name: postgresql diff --git a/helm/README.md b/helm/README.md index 3c1244052..a2df9d6cc 100644 --- a/helm/README.md +++ b/helm/README.md @@ -4,7 +4,7 @@ |-----------------------------------|-------------------------|-------------| | image.name | beryju/authentik | Image used to run the authentik server and worker | | image.name_static | beryju/authentik-static | Image used to run the authentik static server (CSS and JS Files) | -| image.tag | 2021.1.1-rc1 | Image tag | +| image.tag | 0.14.2-stable | Image tag | | image.pullPolicy | IfNotPresent | Image Pull Policy used for all deployments | | serverReplicas | 1 | Replicas for the Server deployment | | workerReplicas | 1 | Replicas for the Worker deployment | diff --git a/helm/values.yaml b/helm/values.yaml index 40b27c282..d66d2ef38 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -5,7 +5,7 @@ image: name: beryju/authentik name_static: beryju/authentik-static name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended - tag: 2021.1.1-rc1 + tag: 0.14.2-stable pullPolicy: IfNotPresent serverReplicas: 1 diff --git a/outpost/pkg/version.go b/outpost/pkg/version.go index 6a9ab988b..74de3f093 100644 --- a/outpost/pkg/version.go +++ b/outpost/pkg/version.go @@ -1,3 +1,3 @@ package pkg -const VERSION = "2021.1.1-rc1" +const VERSION = "0.14.2-stable" diff --git a/web/src/constants.ts b/web/src/constants.ts index 5159f9756..1d1f668e9 100644 --- a/web/src/constants.ts +++ b/web/src/constants.ts @@ -28,4 +28,4 @@ export const ColorStyles = css` background-color: var(--pf-global--danger-color--100); } `; -export const VERSION = "2021.1.1-rc1"; +export const VERSION = "0.14.2-stable"; diff --git a/website/docs/installation/docker-compose.md b/website/docs/installation/docker-compose.md index 5c5a08a1d..87005f5f2 100644 --- a/website/docs/installation/docker-compose.md +++ b/website/docs/installation/docker-compose.md @@ -15,7 +15,7 @@ Download the latest `docker-compose.yml` from [here](https://raw.githubuserconte To optionally enable error-reporting, run `echo AUTHENTIK_ERROR_REPORTING__ENABLED=true >> .env` -To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.1.1-rc1 >> .env` +To optionally deploy a different version run `echo AUTHENTIK_TAG=0.14.2-stable >> .env` If this is a fresh authentik install run the following commands to generate a password: diff --git a/website/docs/installation/kubernetes.md b/website/docs/installation/kubernetes.md index 5bbb371c1..79722fc04 100644 --- a/website/docs/installation/kubernetes.md +++ b/website/docs/installation/kubernetes.md @@ -24,7 +24,7 @@ image: name: beryju/authentik name_static: beryju/authentik-static name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended - tag: 2021.1.1-rc1 + tag: 0.14.2-stable serverReplicas: 1 workerReplicas: 1 diff --git a/website/docs/releases/2021.1.1.md b/website/docs/releases/2021.1.1.md index 4c4087cfa..db7a3141a 100644 --- a/website/docs/releases/2021.1.1.md +++ b/website/docs/releases/2021.1.1.md @@ -33,7 +33,7 @@ This release does not introduce any new requirements. ### docker-compose -Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.1.1/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`. +Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.1/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`. ### Kubernetes From cbf246694cb55878c6c61c137698efaaf72aa4bb Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 18:56:24 +0100 Subject: [PATCH 02/16] helm: fix typos --- helm/templates/configmap.yaml | 2 +- helm/templates/secret.yaml | 6 +++--- helm/templates/web-deployment.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml index 6a3a3c796..ef6b8c2fb 100644 --- a/helm/templates/configmap.yaml +++ b/helm/templates/configmap.yaml @@ -20,7 +20,7 @@ data: OUTPOSTS__DOCKER_IMAGE_BASE: "{{ .Values.image.name_outposts }}" EMAIL__HOST: "{{ .Values.config.email.host }}" EMAIL__PORT: "{{ .Values.config.email.port }}" - EMAIL__USERNAM: "{{ .Values.config.email.username }}" + EMAIL__USERNAME: "{{ .Values.config.email.username }}" EMAIL__USE_TLS: "{{ .Values.config.email.use_tls }}" EMAIL__USE_SSL: "{{ .Values.config.email.use_ssl }}" EMAIL__TIMEOUT: "{{ .Values.config.email.timeout }}" diff --git a/helm/templates/secret.yaml b/helm/templates/secret.yaml index 90a5d1043..bf2a5bce6 100644 --- a/helm/templates/secret.yaml +++ b/helm/templates/secret.yaml @@ -6,11 +6,11 @@ metadata: data: monitoring_username: bW9uaXRvcg== # monitor in base64 {{- if .Values.config.secretKey }} - SECRET_KEY: {{ .Values.config.secretKey | b64enc | quote }} + secret_key: {{ .Values.config.secretKey | b64enc | quote }} {{- else }} - SECRET_KEY: {{ randAlphaNum 50 | b64enc | quote}} + secret_key: {{ randAlphaNum 50 | b64enc | quote}} {{- end }} {{- if .Values.backup }} POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secretKey }}" {{- end}} - EMAIL__PASSWOR: "{{ .Values.config.email.password }}" + EMAIL__PASSWORD: "{{ .Values.config.email.password }}" diff --git a/helm/templates/web-deployment.yaml b/helm/templates/web-deployment.yaml index 392787a12..2a77c56bd 100644 --- a/helm/templates/web-deployment.yaml +++ b/helm/templates/web-deployment.yaml @@ -117,7 +117,7 @@ spec: memory: 300M limits: cpu: 300m - memory: 600MiB + memory: 600M volumes: - name: authentik-uploads persistentVolumeClaim: From 55aab5660bc0277592fbf8d53f4d9e0bc46abc21 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 19:04:42 +0100 Subject: [PATCH 03/16] core: increase application cache duration --- authentik/core/api/applications.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/authentik/core/api/applications.py b/authentik/core/api/applications.py index 621edf7a4..e487c069b 100644 --- a/authentik/core/api/applications.py +++ b/authentik/core/api/applications.py @@ -86,7 +86,11 @@ class ApplicationViewSet(ModelViewSet): engine.build() if engine.passing: allowed_applications.append(application) - cache.set(user_app_cache_key(self.request.user.pk), allowed_applications) + cache.set( + user_app_cache_key(self.request.user.pk), + allowed_applications, + timeout=86400, + ) serializer = self.get_serializer(allowed_applications, many=True) return self.get_paginated_response(serializer.data) From 222cece3e1307a47aef4d2e9793dc53882837764 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 19:22:01 +0100 Subject: [PATCH 04/16] outposts: add message to outpost_service_connection_monitor task --- authentik/outposts/tasks.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/authentik/outposts/tasks.py b/authentik/outposts/tasks.py index da05a41cf..8ce64c77a 100644 --- a/authentik/outposts/tasks.py +++ b/authentik/outposts/tasks.py @@ -49,9 +49,15 @@ def outpost_service_connection_state(connection_pk: Any): @CELERY_APP.task(bind=True, base=MonitoredTask) def outpost_service_connection_monitor(self: MonitoredTask): """Regularly check the state of Outpost Service Connections""" - for connection in OutpostServiceConnection.objects.all(): + connections = OutpostServiceConnection.objects.all() + for connection in connections.iterator(): outpost_service_connection_state.delay(connection.pk) - self.set_status(TaskResult(TaskResultStatus.SUCCESSFUL)) + self.set_status( + TaskResult( + TaskResultStatus.SUCCESSFUL, + [f"Successfully updated {len(connections)} connections."], + ) + ) @CELERY_APP.task(bind=True, base=MonitoredTask) From b86d4a455d09f501265772dcbdc05fde52509e79 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 19:59:19 +0100 Subject: [PATCH 05/16] policies: use custom context for fork instead of changing global context --- authentik/policies/process.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/authentik/policies/process.py b/authentik/policies/process.py index 225fb2b6f..da6a58be3 100644 --- a/authentik/policies/process.py +++ b/authentik/policies/process.py @@ -1,5 +1,5 @@ """authentik policy task""" -from multiprocessing import Process +from multiprocessing import get_context from multiprocessing.connection import Connection from traceback import format_tb from typing import Optional @@ -28,7 +28,11 @@ def cache_key(binding: PolicyBinding, request: PolicyRequest) -> str: return prefix -class PolicyProcess(Process): +FORK_CTX = get_context("fork") +PROCESS_CLASS = FORK_CTX.Process + + +class PolicyProcess(PROCESS_CLASS): """Evaluate a single policy within a seprate process""" connection: Connection From d19bfebce30d41094d02e11edee5c312b813ba9a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 19:59:58 +0100 Subject: [PATCH 06/16] policies: detect when running in a daemon process and run policies sync --- authentik/policies/engine.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/authentik/policies/engine.py b/authentik/policies/engine.py index 92acd0d6a..1f38356d9 100644 --- a/authentik/policies/engine.py +++ b/authentik/policies/engine.py @@ -1,6 +1,6 @@ """authentik policy engine""" from enum import Enum -from multiprocessing import Pipe, set_start_method +from multiprocessing import Pipe, current_process from multiprocessing.connection import Connection from typing import Iterator, List, Optional @@ -16,9 +16,7 @@ from authentik.policies.process import PolicyProcess, cache_key from authentik.policies.types import PolicyRequest, PolicyResult LOGGER = get_logger() -# This is only really needed for macOS, because Python 3.8 changed the default to spawn -# spawn causes issues with objects that aren't picklable, and also the django setup -set_start_method("fork") +CURRENT_PROCESS = current_process() class PolicyProcessInfo: @@ -117,14 +115,19 @@ class PolicyEngine: LOGGER.debug("P_ENG: Evaluating policy", policy=binding.policy) our_end, task_end = Pipe(False) task = PolicyProcess(binding, self.request, task_end) + task.daemon = False LOGGER.debug("P_ENG: Starting Process", policy=binding.policy) - task.start() + if CURRENT_PROCESS._config.get("daemon"): + task.run() + else: + task.start() self.__processes.append( PolicyProcessInfo(process=task, connection=our_end, binding=binding) ) # If all policies are cached, we have an empty list here. for proc_info in self.__processes: - proc_info.process.join(proc_info.binding.timeout) + if proc_info.process.is_alive(): + proc_info.process.join(proc_info.binding.timeout) # Only call .recv() if no result is saved, otherwise we just deadlock here if not proc_info.result: proc_info.result = proc_info.connection.recv() From 4e884e80ab0175662599dfb5f99d5a6966cd37bd Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 20:09:37 +0100 Subject: [PATCH 07/16] web: fix sidebar overlaying background --- web/src/authentik.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/src/authentik.css b/web/src/authentik.css index d7142cc17..febe66002 100644 --- a/web/src/authentik.css +++ b/web/src/authentik.css @@ -81,7 +81,7 @@ select[multiple] { font-size: var(--pf-global--FontSize--sm); } -.pf-c-page__main { +.pf-c-page__main, .pf-c-drawer__content, .pf-c-page__drawer { z-index: auto !important; } From 90220e911ffedd51166a519cfb2740b76a73bbe8 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 20:18:45 +0100 Subject: [PATCH 08/16] stages/password: catch importerror during authentic() --- authentik/stages/password/stage.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/authentik/stages/password/stage.py b/authentik/stages/password/stage.py index 6af83a16e..ee6d15b52 100644 --- a/authentik/stages/password/stage.py +++ b/authentik/stages/password/stage.py @@ -31,7 +31,11 @@ def authenticate( Customized version of django's authenticate, which accepts a list of backends""" for backend_path in backends: - backend: BaseBackend = path_to_class(backend_path)() + try: + backend: BaseBackend = path_to_class(backend_path)() + except ImportError: + LOGGER.warning("Failed to import backend", path=backend_path) + continue LOGGER.debug("Attempting authentication...", backend=backend) user = backend.authenticate(request, **credentials) if user is None: From d5f35798dc103930451196b00c59a2c9369a4bbc Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 23:01:58 +0100 Subject: [PATCH 09/16] helm: fix old reference to static secret_key --- helm/templates/secret.yaml | 4 ++-- helm/templates/web-deployment.yaml | 8 +++----- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/helm/templates/secret.yaml b/helm/templates/secret.yaml index bf2a5bce6..abb8ae59b 100644 --- a/helm/templates/secret.yaml +++ b/helm/templates/secret.yaml @@ -6,9 +6,9 @@ metadata: data: monitoring_username: bW9uaXRvcg== # monitor in base64 {{- if .Values.config.secretKey }} - secret_key: {{ .Values.config.secretKey | b64enc | quote }} + SECRET_KEY: {{ .Values.config.secretKey | b64enc | quote }} {{- else }} - secret_key: {{ randAlphaNum 50 | b64enc | quote}} + SECRET_KEY: {{ randAlphaNum 50 | b64enc | quote}} {{- end }} {{- if .Values.backup }} POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secretKey }}" diff --git a/helm/templates/web-deployment.yaml b/helm/templates/web-deployment.yaml index 2a77c56bd..cf80508bd 100644 --- a/helm/templates/web-deployment.yaml +++ b/helm/templates/web-deployment.yaml @@ -74,12 +74,10 @@ spec: - configMapRef: name: {{ include "authentik.fullname" . }}-config prefix: AUTHENTIK_ + - secretRef: + name: {{ include "authentik.fullname" . }}-secret-key + prefix: AUTHENTIK_ env: - - name: AUTHENTIK_SECRET_KEY - valueFrom: - secretKeyRef: - name: "{{ include "authentik.fullname" . }}-secret-key" - key: "secret_key" - name: AUTHENTIK_REDIS__PASSWORD valueFrom: secretKeyRef: From 175d3b3377577b2b1c5cf394c5f8b2f0d5c94478 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 23:02:14 +0100 Subject: [PATCH 10/16] helm: fix s3 secret key and email password not being base64 encoded --- helm/templates/secret.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/templates/secret.yaml b/helm/templates/secret.yaml index abb8ae59b..b972b0bf4 100644 --- a/helm/templates/secret.yaml +++ b/helm/templates/secret.yaml @@ -11,6 +11,6 @@ data: SECRET_KEY: {{ randAlphaNum 50 | b64enc | quote}} {{- end }} {{- if .Values.backup }} - POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secretKey }}" + POSTGRESQL__S3_BACKUP__SECRET_KEY: "{{ .Values.backup.secretKey | b64enc }}" {{- end}} - EMAIL__PASSWORD: "{{ .Values.config.email.password }}" + EMAIL__PASSWORD: "{{ .Values.config.email.password | b64enc }}" From 8ffa3e5885daa1d81be2e5d6cc2d00cf861ede0a Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 23:31:34 +0100 Subject: [PATCH 11/16] policies: fix logic error for sync mode --- authentik/policies/engine.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authentik/policies/engine.py b/authentik/policies/engine.py index 1f38356d9..8a13ae29a 100644 --- a/authentik/policies/engine.py +++ b/authentik/policies/engine.py @@ -117,7 +117,7 @@ class PolicyEngine: task = PolicyProcess(binding, self.request, task_end) task.daemon = False LOGGER.debug("P_ENG: Starting Process", policy=binding.policy) - if CURRENT_PROCESS._config.get("daemon"): + if not CURRENT_PROCESS._config.get("daemon"): task.run() else: task.start() From 204792b750e693eb2365da052a8e48211e683e43 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 17 Jan 2021 23:31:58 +0100 Subject: [PATCH 12/16] stages/email: fix email task not falling back to use_global_settings --- authentik/events/models.py | 2 +- authentik/stages/email/tasks.py | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/authentik/events/models.py b/authentik/events/models.py index 8fcfe3b3a..2e5875f46 100644 --- a/authentik/events/models.py +++ b/authentik/events/models.py @@ -282,7 +282,7 @@ class NotificationTransport(models.Model): try: # pyright: reportGeneralTypeIssues=false return send_mail(mail.__dict__) # pylint: disable=no-value-for-parameter - except (SMTPException, ConnectionError) as exc: + except (SMTPException, ConnectionError, OSError) as exc: raise NotificationTransportError from exc def __str__(self) -> str: diff --git a/authentik/stages/email/tasks.py b/authentik/stages/email/tasks.py index 0c62ab511..84cb73134 100644 --- a/authentik/stages/email/tasks.py +++ b/authentik/stages/email/tasks.py @@ -31,6 +31,7 @@ def send_mails(stage: EmailStage, *messages: list[EmailMultiAlternatives]): autoretry_for=( SMTPException, ConnectionError, + OSError, ), retry_backoff=True, base=MonitoredTask, @@ -44,7 +45,7 @@ def send_mail( self.set_uid(slugify(message_id.replace(".", "_").replace("@", "_"))) try: if not email_stage_pk: - stage: EmailStage = EmailStage() + stage: EmailStage = EmailStage(use_global_settings=True) else: stage: EmailStage = EmailStage.objects.get(pk=email_stage_pk) backend = stage.backend From fd9097983232570fa77f0878ab299803dcf14fd1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jan 2021 07:46:14 +0100 Subject: [PATCH 13/16] build(deps): bump rollup from 2.36.1 to 2.36.2 in /web (#475) Bumps [rollup](https://github.com/rollup/rollup) from 2.36.1 to 2.36.2. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v2.36.1...v2.36.2) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 6 +++--- web/package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index 1b7b52024..cffaed54e 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -2674,9 +2674,9 @@ } }, "rollup": { - "version": "2.36.1", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.36.1.tgz", - "integrity": "sha512-eAfqho8dyzuVvrGqpR0ITgEdq0zG2QJeWYh+HeuTbpcaXk8vNFc48B7bJa1xYosTCKx0CuW+447oQOW8HgBIZQ==", + "version": "2.36.2", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.36.2.tgz", + "integrity": "sha512-qjjiuJKb+/8n0EZyQYVW+gFU4bNRBcZaXVzUgSVrGw0HlQBlK2aWyaOMMs1Ufic1jV69b9kW3u3i9B+hISDm3A==", "requires": { "fsevents": "~2.1.2" } diff --git a/web/package.json b/web/package.json index 2864f8e4f..f3098cb75 100644 --- a/web/package.json +++ b/web/package.json @@ -19,7 +19,7 @@ "flowchart.js": "^1.15.0", "lit-element": "^2.4.0", "lit-html": "^1.3.0", - "rollup": "^2.36.1", + "rollup": "^2.36.2", "rollup-plugin-copy": "^3.3.0", "rollup-plugin-cssimport": "^1.0.2", "rollup-plugin-external-globals": "^0.6.1", From 9532c4df9d7bc621248ae53d24d169535205fe02 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jan 2021 07:46:26 +0100 Subject: [PATCH 14/16] build(deps-dev): bump eslint from 7.17.0 to 7.18.0 in /web (#474) Bumps [eslint](https://github.com/eslint/eslint) from 7.17.0 to 7.18.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v7.17.0...v7.18.0) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web/package-lock.json | 30 +++++++++++++++--------------- web/package.json | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/web/package-lock.json b/web/package-lock.json index cffaed54e..2b5ac2d81 100644 --- a/web/package-lock.json +++ b/web/package-lock.json @@ -38,9 +38,9 @@ } }, "@eslint/eslintrc": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.2.2.tgz", - "integrity": "sha512-EfB5OHNYp1F4px/LI/FEnGylop7nOqkQ1LRzCM0KccA2U8tvV8w01KBv37LbO7nW4H+YhKyo2LcJhRwjjV17QQ==", + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.3.0.tgz", + "integrity": "sha512-1JTKgrOKAHVivSvOYw+sJOunkBjUOvjqWk1DPja7ZFhIS2mX/4EgTT8M7eTK9jrKhL/FvXXEbQwIs3pg1xp3dg==", "dev": true, "requires": { "ajv": "^6.12.4", @@ -50,7 +50,7 @@ "ignore": "^4.0.6", "import-fresh": "^3.2.1", "js-yaml": "^3.13.1", - "lodash": "^4.17.19", + "lodash": "^4.17.20", "minimatch": "^3.0.4", "strip-json-comments": "^3.1.1" }, @@ -1074,13 +1074,13 @@ "dev": true }, "eslint": { - "version": "7.17.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.17.0.tgz", - "integrity": "sha512-zJk08MiBgwuGoxes5sSQhOtibZ75pz0J35XTRlZOk9xMffhpA9BTbQZxoXZzOl5zMbleShbGwtw+1kGferfFwQ==", + "version": "7.18.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.18.0.tgz", + "integrity": "sha512-fbgTiE8BfUJZuBeq2Yi7J3RB3WGUQ9PNuNbmgi6jt9Iv8qrkxfy19Ds3OpL1Pm7zg3BtTVhvcUZbIRQ0wmSjAQ==", "dev": true, "requires": { "@babel/code-frame": "^7.0.0", - "@eslint/eslintrc": "^0.2.2", + "@eslint/eslintrc": "^0.3.0", "ajv": "^6.10.0", "chalk": "^4.0.0", "cross-spawn": "^7.0.2", @@ -1104,7 +1104,7 @@ "js-yaml": "^3.13.1", "json-stable-stringify-without-jsonify": "^1.0.1", "levn": "^0.4.1", - "lodash": "^4.17.19", + "lodash": "^4.17.20", "minimatch": "^3.0.4", "natural-compare": "^1.4.0", "optionator": "^0.9.1", @@ -3191,9 +3191,9 @@ } }, "table": { - "version": "6.0.6", - "resolved": "https://registry.npmjs.org/table/-/table-6.0.6.tgz", - "integrity": "sha512-OInCtPmDNieVBkVFi6C8RwU2S2H0h8mF3e3TQK4nreaUNCpooQUkI+A/KuEkm5FawfhWIfNqG+qfelVVR+V00g==", + "version": "6.0.7", + "resolved": "https://registry.npmjs.org/table/-/table-6.0.7.tgz", + "integrity": "sha512-rxZevLGTUzWna/qBLObOe16kB2RTnnbhciwgPbMMlazz1yZGVEgnZK762xyVdVznhqxrfCeBMmMkgOOaPwjH7g==", "dev": true, "requires": { "ajv": "^7.0.2", @@ -3415,9 +3415,9 @@ "dev": true }, "uri-js": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.0.tgz", - "integrity": "sha512-B0yRTzYdUCCn9n+F4+Gh4yIDtMQcaJsmYBDsTSG8g/OejKBodLQ2IHfN3bM7jUsRXndopT7OIXWdYqc1fjmV6g==", + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", "dev": true, "requires": { "punycode": "^2.1.0" diff --git a/web/package.json b/web/package.json index f3098cb75..e5c3b6548 100644 --- a/web/package.json +++ b/web/package.json @@ -29,7 +29,7 @@ "@rollup/plugin-typescript": "^8.1.0", "@typescript-eslint/eslint-plugin": "^4.13.0", "@typescript-eslint/parser": "^4.13.0", - "eslint": "^7.17.0", + "eslint": "^7.18.0", "eslint-config-google": "^0.14.0", "eslint-plugin-lit": "^1.3.0", "rollup-plugin-commonjs": "^10.1.0", From 32667f37d1f59e4dc1dc568f54520fe2ab1a0511 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Jan 2021 07:46:37 +0100 Subject: [PATCH 15/16] build(deps): bump boto3 from 1.16.55 to 1.16.56 (#473) Bumps [boto3](https://github.com/boto/boto3) from 1.16.55 to 1.16.56. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.16.55...1.16.56) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Pipfile.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Pipfile.lock b/Pipfile.lock index 9d9c1fedd..f77949d16 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -74,18 +74,18 @@ }, "boto3": { "hashes": [ - "sha256:b5052144034e490358c659d0e480c17a4e604fd3aee9a97ddfe6e361a245a4a5", - "sha256:efd6c96c98900e9fbf217f13cb58f59b793e51f69a1ce61817eefd31f17c6ef5" + "sha256:3f26aad4c6b238055d17fd662620284ffb4ced542ed9a2f7f9df65d97a3f1190", + "sha256:47151ed571c316458f4931cd2422995ba0c9f6818c5df7d75f49fc845208e42e" ], "index": "pypi", - "version": "==1.16.55" + "version": "==1.16.56" }, "botocore": { "hashes": [ - "sha256:760d0c16c1474c2a46e3fa45e33ae7457b5cab7410737ab1692340ade764cc73", - "sha256:b34327d84b3bb5620fb54603677a9a973b167290c2c1e7ab69c4a46b201c6d46" + "sha256:01496e4c2c06aab79689f2c345a0e2cceb5fe1da7858a7e7df189bcf97703223", + "sha256:a37d073c2f166753cc3799e77d87d4096e24433fcca5e7c8cc8e77e5dbfe60e9" ], - "version": "==1.19.55" + "version": "==1.19.56" }, "cachetools": { "hashes": [ From 3d3a0cd9e3238584ff44f1fe6f1cf5313f3d494b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 18 Jan 2021 09:34:48 +0100 Subject: [PATCH 16/16] events: create event when system task fails --- authentik/admin/api/tasks.py | 2 +- authentik/admin/tasks.py | 2 +- authentik/admin/views/tasks.py | 2 +- authentik/core/tasks.py | 2 +- authentik/events/models.py | 6 +++++- .../{lib/tasks.py => events/monitored_tasks.py} | 16 ++++++++++++++++ authentik/events/tasks.py | 2 +- authentik/events/tests/test_notifications.py | 2 +- authentik/outposts/tasks.py | 2 +- authentik/policies/reputation/tasks.py | 2 +- authentik/sources/ldap/tasks.py | 2 +- authentik/sources/saml/tasks.py | 2 +- authentik/stages/email/tasks.py | 2 +- swagger.yaml | 4 ++++ 14 files changed, 36 insertions(+), 12 deletions(-) rename authentik/{lib/tasks.py => events/monitored_tasks.py} (89%) diff --git a/authentik/admin/api/tasks.py b/authentik/admin/api/tasks.py index 3c4075084..ddeed8fb9 100644 --- a/authentik/admin/api/tasks.py +++ b/authentik/admin/api/tasks.py @@ -14,7 +14,7 @@ from rest_framework.response import Response from rest_framework.serializers import Serializer from rest_framework.viewsets import ViewSet -from authentik.lib.tasks import TaskInfo +from authentik.events.monitored_tasks import TaskInfo class TaskSerializer(Serializer): diff --git a/authentik/admin/tasks.py b/authentik/admin/tasks.py index e4c7efed6..336cfa37a 100644 --- a/authentik/admin/tasks.py +++ b/authentik/admin/tasks.py @@ -6,7 +6,7 @@ from structlog.stdlib import get_logger from authentik import __version__ from authentik.events.models import Event, EventAction -from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus +from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.root.celery import CELERY_APP LOGGER = get_logger() diff --git a/authentik/admin/views/tasks.py b/authentik/admin/views/tasks.py index 44b96c8e9..40dfa74c1 100644 --- a/authentik/admin/views/tasks.py +++ b/authentik/admin/views/tasks.py @@ -4,7 +4,7 @@ from typing import Any, Dict from django.views.generic.base import TemplateView from authentik.admin.mixins import AdminRequiredMixin -from authentik.lib.tasks import TaskInfo, TaskResultStatus +from authentik.events.monitored_tasks import TaskInfo, TaskResultStatus class TaskListView(AdminRequiredMixin, TemplateView): diff --git a/authentik/core/tasks.py b/authentik/core/tasks.py index 168255b24..aaf2c3aef 100644 --- a/authentik/core/tasks.py +++ b/authentik/core/tasks.py @@ -11,7 +11,7 @@ from django.utils.timezone import now from structlog.stdlib import get_logger from authentik.core.models import ExpiringModel -from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus +from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.root.celery import CELERY_APP LOGGER = get_logger() diff --git a/authentik/events/models.py b/authentik/events/models.py index 2e5875f46..b28a71423 100644 --- a/authentik/events/models.py +++ b/authentik/events/models.py @@ -22,7 +22,6 @@ from authentik.events.utils import cleanse_dict, get_user, sanitize_dict from authentik.lib.sentry import SentryIgnoredException from authentik.lib.utils.http import get_client_ip from authentik.policies.models import PolicyBindingModel -from authentik.stages.email.tasks import send_mail from authentik.stages.email.utils import TemplateEmailMessage LOGGER = get_logger("authentik.events") @@ -57,6 +56,9 @@ class EventAction(models.TextChoices): POLICY_EXCEPTION = "policy_exception" PROPERTY_MAPPING_EXCEPTION = "property_mapping_exception" + SYSTEM_TASK_EXECUTION = "system_task_execution" + SYSTEM_TASK_EXCEPTION = "system_task_exception" + CONFIGURATION_ERROR = "configuration_error" MODEL_CREATED = "model_created" @@ -280,6 +282,8 @@ class NotificationTransport(models.Model): ) # Email is sent directly here, as the call to send() should have been from a task. try: + from authentik.stages.email.tasks import send_mail + # pyright: reportGeneralTypeIssues=false return send_mail(mail.__dict__) # pylint: disable=no-value-for-parameter except (SMTPException, ConnectionError, OSError) as exc: diff --git a/authentik/lib/tasks.py b/authentik/events/monitored_tasks.py similarity index 89% rename from authentik/lib/tasks.py rename to authentik/events/monitored_tasks.py index 132d03a5e..b6d66bece 100644 --- a/authentik/lib/tasks.py +++ b/authentik/events/monitored_tasks.py @@ -8,6 +8,8 @@ from typing import Any, Dict, List, Optional from celery import Task from django.core.cache import cache +from authentik.events.models import Event, EventAction + class TaskResultStatus(Enum): """Possible states of tasks""" @@ -122,6 +124,13 @@ class MonitoredTask(Task): task_call_args=args, task_call_kwargs=kwargs, ).save(self.result_timeout_hours) + Event.new( + EventAction.SYSTEM_TASK_EXECUTION, + message=( + f"Task {self.__name__} finished successfully: " + "\n".join(self._result.messages) + ), + ).save() return super().after_return(status, retval, task_id, args, kwargs, einfo=einfo) # pylint: disable=too-many-arguments @@ -138,6 +147,13 @@ class MonitoredTask(Task): task_call_args=args, task_call_kwargs=kwargs, ).save(self.result_timeout_hours) + Event.new( + EventAction.SYSTEM_TASK_EXCEPTION, + message=( + f"Task {self.__name__} encountered an error: " + "\n".join(self._result.messages) + ), + ).save() return super().on_failure(exc, task_id, args, kwargs, einfo=einfo) def run(self, *args, **kwargs): diff --git a/authentik/events/tasks.py b/authentik/events/tasks.py index ad13c610b..1f30f73a3 100644 --- a/authentik/events/tasks.py +++ b/authentik/events/tasks.py @@ -9,7 +9,7 @@ from authentik.events.models import ( NotificationTransport, NotificationTransportError, ) -from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus +from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.policies.engine import PolicyEngine, PolicyEngineMode from authentik.policies.models import PolicyBinding from authentik.root.celery import CELERY_APP diff --git a/authentik/events/tests/test_notifications.py b/authentik/events/tests/test_notifications.py index eccf3e182..98c23b5fb 100644 --- a/authentik/events/tests/test_notifications.py +++ b/authentik/events/tests/test_notifications.py @@ -87,4 +87,4 @@ class TestEventsNotifications(TestCase): "authentik.events.models.NotificationTransport.send", execute_mock ): Event.new(EventAction.CUSTOM_PREFIX).save() - self.assertEqual(passes.call_count, 0) + self.assertEqual(passes.call_count, 1) diff --git a/authentik/outposts/tasks.py b/authentik/outposts/tasks.py index 8ce64c77a..b187216f3 100644 --- a/authentik/outposts/tasks.py +++ b/authentik/outposts/tasks.py @@ -8,7 +8,7 @@ from django.db.models.base import Model from django.utils.text import slugify from structlog.stdlib import get_logger -from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus +from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.lib.utils.reflection import path_to_class from authentik.outposts.controllers.base import ControllerException from authentik.outposts.models import ( diff --git a/authentik/policies/reputation/tasks.py b/authentik/policies/reputation/tasks.py index 17781ca1c..a6fcf2b38 100644 --- a/authentik/policies/reputation/tasks.py +++ b/authentik/policies/reputation/tasks.py @@ -3,7 +3,7 @@ from django.core.cache import cache from structlog.stdlib import get_logger from authentik.core.models import User -from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus +from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.policies.reputation.models import IPReputation, UserReputation from authentik.policies.reputation.signals import ( CACHE_KEY_IP_PREFIX, diff --git a/authentik/sources/ldap/tasks.py b/authentik/sources/ldap/tasks.py index fcb47c756..29ac1696f 100644 --- a/authentik/sources/ldap/tasks.py +++ b/authentik/sources/ldap/tasks.py @@ -5,7 +5,7 @@ from django.core.cache import cache from django.utils.text import slugify from ldap3.core.exceptions import LDAPException -from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus +from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.root.celery import CELERY_APP from authentik.sources.ldap.models import LDAPSource from authentik.sources.ldap.sync import LDAPSynchronizer diff --git a/authentik/sources/saml/tasks.py b/authentik/sources/saml/tasks.py index 55dff9c5b..4ebbddba9 100644 --- a/authentik/sources/saml/tasks.py +++ b/authentik/sources/saml/tasks.py @@ -3,7 +3,7 @@ from django.utils.timezone import now from structlog.stdlib import get_logger from authentik.core.models import User -from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus +from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.lib.utils.time import timedelta_from_string from authentik.root.celery import CELERY_APP from authentik.sources.saml.models import SAMLSource diff --git a/authentik/stages/email/tasks.py b/authentik/stages/email/tasks.py index 84cb73134..38fafdeeb 100644 --- a/authentik/stages/email/tasks.py +++ b/authentik/stages/email/tasks.py @@ -9,7 +9,7 @@ from django.core.mail.utils import DNS_NAME from django.utils.text import slugify from structlog.stdlib import get_logger -from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus +from authentik.events.monitored_tasks import MonitoredTask, TaskResult, TaskResultStatus from authentik.root.celery import CELERY_APP from authentik.stages.email.models import EmailStage diff --git a/swagger.yaml b/swagger.yaml index 8e0539760..548a5e4cd 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -7584,6 +7584,8 @@ definitions: - policy_execution - policy_exception - property_mapping_exception + - system_task_execution + - system_task_exception - configuration_error - model_created - model_updated @@ -8300,6 +8302,8 @@ definitions: - policy_execution - policy_exception - property_mapping_exception + - system_task_execution + - system_task_exception - configuration_error - model_created - model_updated