From c4e029ffe22b1ea5eb3104053d2a8682abc357a3 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 7 Nov 2021 21:53:21 +0100 Subject: [PATCH] recovery: add create_admin_group management command Signed-off-by: Jens Langhammer --- .../management/commands/create_admin_group.py | 30 +++++++++++++++++++ .../commands/create_recovery_key.py | 3 -- .../troubleshooting/missing_admin_group.md | 17 +++++++++++ website/sidebars.js | 1 + 4 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 authentik/recovery/management/commands/create_admin_group.py create mode 100644 website/docs/troubleshooting/missing_admin_group.md diff --git a/authentik/recovery/management/commands/create_admin_group.py b/authentik/recovery/management/commands/create_admin_group.py new file mode 100644 index 000000000..e5e9e2f5b --- /dev/null +++ b/authentik/recovery/management/commands/create_admin_group.py @@ -0,0 +1,30 @@ +"""authentik recovery create_admin_group""" +from django.core.management.base import BaseCommand +from django.utils.translation import gettext as _ + +from authentik.core.models import Group, User + + +class Command(BaseCommand): + """Create admin group if the default group gets deleted""" + + help = _("Create admin group if the default group gets deleted.") + + def add_arguments(self, parser): + parser.add_argument("user", action="store", help="User to add to the admin group.") + + def handle(self, *args, **options): + """Create admin group if the default group gets deleted""" + username = options.get("user") + user = User.objects.filter(username=username).first() + if not user: + self.stderr.write(f"User '{username}' not found.") + return + group, _ = Group.objects.update_or_create( + name="authentik Admins", + defaults={ + "is_superuser": True, + }, + ) + group.users.add(user) + self.stdout.write(f"User '{username}' successfully added to the group 'authentik Admins'.") diff --git a/authentik/recovery/management/commands/create_recovery_key.py b/authentik/recovery/management/commands/create_recovery_key.py index cd87f36f2..cf9eca632 100644 --- a/authentik/recovery/management/commands/create_recovery_key.py +++ b/authentik/recovery/management/commands/create_recovery_key.py @@ -7,12 +7,9 @@ from django.urls import reverse from django.utils.text import slugify from django.utils.timezone import now from django.utils.translation import gettext as _ -from structlog.stdlib import get_logger from authentik.core.models import Token, TokenIntents, User -LOGGER = get_logger() - class Command(BaseCommand): """Create Token used to recover access""" diff --git a/website/docs/troubleshooting/missing_admin_group.md b/website/docs/troubleshooting/missing_admin_group.md new file mode 100644 index 000000000..82b3d5c58 --- /dev/null +++ b/website/docs/troubleshooting/missing_admin_group.md @@ -0,0 +1,17 @@ +--- +title: Missing admin group +--- + +If all of the Admin groups have been deleted, or misconfigured during sync, you can use the following command to gain access back. + +Run the following command, where *username* is the user you want to add to the newly created group: + +``` +docker-compose run --rm server create_admin_group username +``` + +or, for Kubernetes, run + +``` +kubectl exec -it deployment/authentik-worker -c authentik -- ak create_admin_group username +``` diff --git a/website/sidebars.js b/website/sidebars.js index 2988d0ebe..daca177e5 100644 --- a/website/sidebars.js +++ b/website/sidebars.js @@ -210,6 +210,7 @@ module.exports = { "troubleshooting/login", "troubleshooting/image_upload_backup", "troubleshooting/missing_permission", + "troubleshooting/missing_admin_group", ], }, ],