recovery: add create_admin_group management command
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
61b5b36192
commit
c4e029ffe2
30
authentik/recovery/management/commands/create_admin_group.py
Normal file
30
authentik/recovery/management/commands/create_admin_group.py
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
"""authentik recovery create_admin_group"""
|
||||||
|
from django.core.management.base import BaseCommand
|
||||||
|
from django.utils.translation import gettext as _
|
||||||
|
|
||||||
|
from authentik.core.models import Group, User
|
||||||
|
|
||||||
|
|
||||||
|
class Command(BaseCommand):
|
||||||
|
"""Create admin group if the default group gets deleted"""
|
||||||
|
|
||||||
|
help = _("Create admin group if the default group gets deleted.")
|
||||||
|
|
||||||
|
def add_arguments(self, parser):
|
||||||
|
parser.add_argument("user", action="store", help="User to add to the admin group.")
|
||||||
|
|
||||||
|
def handle(self, *args, **options):
|
||||||
|
"""Create admin group if the default group gets deleted"""
|
||||||
|
username = options.get("user")
|
||||||
|
user = User.objects.filter(username=username).first()
|
||||||
|
if not user:
|
||||||
|
self.stderr.write(f"User '{username}' not found.")
|
||||||
|
return
|
||||||
|
group, _ = Group.objects.update_or_create(
|
||||||
|
name="authentik Admins",
|
||||||
|
defaults={
|
||||||
|
"is_superuser": True,
|
||||||
|
},
|
||||||
|
)
|
||||||
|
group.users.add(user)
|
||||||
|
self.stdout.write(f"User '{username}' successfully added to the group 'authentik Admins'.")
|
|
@ -7,12 +7,9 @@ from django.urls import reverse
|
||||||
from django.utils.text import slugify
|
from django.utils.text import slugify
|
||||||
from django.utils.timezone import now
|
from django.utils.timezone import now
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
from structlog.stdlib import get_logger
|
|
||||||
|
|
||||||
from authentik.core.models import Token, TokenIntents, User
|
from authentik.core.models import Token, TokenIntents, User
|
||||||
|
|
||||||
LOGGER = get_logger()
|
|
||||||
|
|
||||||
|
|
||||||
class Command(BaseCommand):
|
class Command(BaseCommand):
|
||||||
"""Create Token used to recover access"""
|
"""Create Token used to recover access"""
|
||||||
|
|
17
website/docs/troubleshooting/missing_admin_group.md
Normal file
17
website/docs/troubleshooting/missing_admin_group.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
title: Missing admin group
|
||||||
|
---
|
||||||
|
|
||||||
|
If all of the Admin groups have been deleted, or misconfigured during sync, you can use the following command to gain access back.
|
||||||
|
|
||||||
|
Run the following command, where *username* is the user you want to add to the newly created group:
|
||||||
|
|
||||||
|
```
|
||||||
|
docker-compose run --rm server create_admin_group username
|
||||||
|
```
|
||||||
|
|
||||||
|
or, for Kubernetes, run
|
||||||
|
|
||||||
|
```
|
||||||
|
kubectl exec -it deployment/authentik-worker -c authentik -- ak create_admin_group username
|
||||||
|
```
|
|
@ -210,6 +210,7 @@ module.exports = {
|
||||||
"troubleshooting/login",
|
"troubleshooting/login",
|
||||||
"troubleshooting/image_upload_backup",
|
"troubleshooting/image_upload_backup",
|
||||||
"troubleshooting/missing_permission",
|
"troubleshooting/missing_permission",
|
||||||
|
"troubleshooting/missing_admin_group",
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
],
|
],
|
||||||
|
|
Reference in a new issue