Merge branch 'master' into next
This commit is contained in:
commit
fef5a5ca52
|
@ -13,6 +13,7 @@ redis:
|
||||||
ws_db: 2
|
ws_db: 2
|
||||||
|
|
||||||
debug: false
|
debug: false
|
||||||
|
|
||||||
log_level: info
|
log_level: info
|
||||||
|
|
||||||
# Error reporting, sends stacktrace to sentry.beryju.org
|
# Error reporting, sends stacktrace to sentry.beryju.org
|
||||||
|
|
|
@ -26,5 +26,5 @@ def invalidate_policy_cache(sender, instance, **_):
|
||||||
cache.delete_many(keys)
|
cache.delete_many(keys)
|
||||||
LOGGER.debug("Invalidating policy cache", policy=instance, keys=total)
|
LOGGER.debug("Invalidating policy cache", policy=instance, keys=total)
|
||||||
# Also delete user application cache
|
# Also delete user application cache
|
||||||
keys = cache.keys(user_app_cache_key("*"))
|
keys = cache.keys(user_app_cache_key("*")) or []
|
||||||
cache.delete_many(keys)
|
cache.delete_many(keys)
|
||||||
|
|
|
@ -15,9 +15,11 @@ class OAuthSourceForm(forms.ModelForm):
|
||||||
self.fields["authentication_flow"].queryset = Flow.objects.filter(
|
self.fields["authentication_flow"].queryset = Flow.objects.filter(
|
||||||
designation=FlowDesignation.AUTHENTICATION
|
designation=FlowDesignation.AUTHENTICATION
|
||||||
)
|
)
|
||||||
|
self.fields["authentication_flow"].required = True
|
||||||
self.fields["enrollment_flow"].queryset = Flow.objects.filter(
|
self.fields["enrollment_flow"].queryset = Flow.objects.filter(
|
||||||
designation=FlowDesignation.ENROLLMENT
|
designation=FlowDesignation.ENROLLMENT
|
||||||
)
|
)
|
||||||
|
self.fields["enrollment_flow"].required = True
|
||||||
if hasattr(self.Meta, "overrides"):
|
if hasattr(self.Meta, "overrides"):
|
||||||
for overide_field, overide_value in getattr(self.Meta, "overrides").items():
|
for overide_field, overide_value in getattr(self.Meta, "overrides").items():
|
||||||
self.fields[overide_field].initial = overide_value
|
self.fields[overide_field].initial = overide_value
|
||||||
|
|
|
@ -4,6 +4,7 @@ from typing import Any, Optional
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.http import Http404, HttpRequest, HttpResponse
|
from django.http import Http404, HttpRequest, HttpResponse
|
||||||
|
from django.http.response import HttpResponseBadRequest
|
||||||
from django.shortcuts import redirect
|
from django.shortcuts import redirect
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
@ -151,6 +152,8 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||||
PLAN_CONTEXT_REDIRECT: final_redirect,
|
PLAN_CONTEXT_REDIRECT: final_redirect,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
if not flow:
|
||||||
|
return HttpResponseBadRequest()
|
||||||
# We run the Flow planner here so we can pass the Pending user in the context
|
# We run the Flow planner here so we can pass the Pending user in the context
|
||||||
planner = FlowPlanner(flow)
|
planner = FlowPlanner(flow)
|
||||||
plan = planner.plan(self.request, kwargs)
|
plan = planner.plan(self.request, kwargs)
|
||||||
|
@ -233,6 +236,9 @@ class OAuthCallback(OAuthClientMixin, View):
|
||||||
PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
|
PLAN_CONTEXT_SOURCES_OAUTH_ACCESS: access,
|
||||||
}
|
}
|
||||||
# We run the Flow planner here so we can pass the Pending user in the context
|
# We run the Flow planner here so we can pass the Pending user in the context
|
||||||
|
if not source.enrollment_flow:
|
||||||
|
LOGGER.warning("source has no enrollment flow", source=source)
|
||||||
|
return HttpResponseBadRequest()
|
||||||
planner = FlowPlanner(source.enrollment_flow)
|
planner = FlowPlanner(source.enrollment_flow)
|
||||||
plan = planner.plan(self.request, context)
|
plan = planner.plan(self.request, context)
|
||||||
plan.append(in_memory_stage(PostUserEnrollmentStage))
|
plan.append(in_memory_stage(PostUserEnrollmentStage))
|
||||||
|
|
|
@ -19,7 +19,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
server:
|
server:
|
||||||
image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3}
|
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
|
||||||
command: server
|
command: server
|
||||||
environment:
|
environment:
|
||||||
AUTHENTIK_REDIS__HOST: redis
|
AUTHENTIK_REDIS__HOST: redis
|
||||||
|
@ -47,7 +47,7 @@ services:
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
worker:
|
worker:
|
||||||
image: beryju/authentik:${AUTHENTIK_TAG:-2021.3.3}
|
image: ${AUTHENTIK_IMAGE:-beryju/authentik}:${AUTHENTIK_TAG:-2021.3.3}
|
||||||
command: worker
|
command: worker
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
|
@ -66,7 +66,7 @@ services:
|
||||||
env_file:
|
env_file:
|
||||||
- .env
|
- .env
|
||||||
static:
|
static:
|
||||||
image: beryju/authentik-static:${AUTHENTIK_TAG:-2021.3.3}
|
image: ${AUTHENTIK_IMAGE_STATIC:-beryju/authentik-static}:${AUTHENTIK_TAG:-2021.3.3}
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
labels:
|
labels:
|
||||||
|
|
43
website/docs/installation/beta.mdx
Normal file
43
website/docs/installation/beta.mdx
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
---
|
||||||
|
title: Beta versions
|
||||||
|
---
|
||||||
|
|
||||||
|
You can test upcoming authentik versions by switching to the *next* images. These beta versions supported upgrades from the latest stable version, and have a supported upgrade plan to the next stable version.
|
||||||
|
|
||||||
|
import Tabs from '@theme/Tabs';
|
||||||
|
import TabItem from '@theme/TabItem';
|
||||||
|
|
||||||
|
<Tabs
|
||||||
|
defaultValue="docker-compose"
|
||||||
|
values={[
|
||||||
|
{label: 'docker-compose', value: 'docker-compose'},
|
||||||
|
{label: 'Kubernetes', value: 'kubernetes'},
|
||||||
|
]}>
|
||||||
|
<TabItem value="docker-compose">
|
||||||
|
Add the following block to your `.env` file:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
AUTHENTIK_IMAGE=docker.beryju.org/authentik/server
|
||||||
|
AUTHENTIK_IMAGE_STATIC=docker.beryju.org/authentik/static
|
||||||
|
AUTHENTIK_TAG=gh-next
|
||||||
|
AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE=docker.beryju.org/authentik
|
||||||
|
```
|
||||||
|
|
||||||
|
Afterwards, run the upgrade commands from the [release notes](../releases/next)
|
||||||
|
</TabItem>
|
||||||
|
<TabItem value="kubernetes">
|
||||||
|
Add the following block to your `values.yml` file:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
image:
|
||||||
|
name: docker.beryju.org/authentik/server
|
||||||
|
name_static: docker.beryju.org/authentik/static
|
||||||
|
name_outposts: docker.beryju.org/authentik
|
||||||
|
tag: gh-next
|
||||||
|
# pullPolicy: Always to ensure you always get the latest version
|
||||||
|
pullPolicy: Always
|
||||||
|
```
|
||||||
|
|
||||||
|
Afterwards, run the upgrade commands from the [release notes](../releases/next)
|
||||||
|
</TabItem>
|
||||||
|
</Tabs>
|
84
website/docs/installation/docker-compose-config.md
Normal file
84
website/docs/installation/docker-compose-config.md
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
---
|
||||||
|
title: docker-compose configuration
|
||||||
|
---
|
||||||
|
|
||||||
|
These are all the configuration options you can set via docker-compose. These don't apply to Kubernetes, as those settings are configured via helm.
|
||||||
|
|
||||||
|
Append any of the following keys to your `.env` file, and run `docker-compose up -d` to apply them.
|
||||||
|
|
||||||
|
## AUTHENTIK_LOG_LEVEL
|
||||||
|
|
||||||
|
Log level for the server and worker containers. Possible values: debug, info, warning, error
|
||||||
|
Defaults to `info`.
|
||||||
|
|
||||||
|
## AUTHENTIK_ERROR_REPORTING
|
||||||
|
|
||||||
|
- AUTHENTIK_ERROR_REPORTING__ENABLED
|
||||||
|
|
||||||
|
Enable error reporting. Defaults to `false`.
|
||||||
|
|
||||||
|
Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent.
|
||||||
|
|
||||||
|
- AUTHENTIK_ERROR_REPORTING__ENVIRONMENT
|
||||||
|
|
||||||
|
Unique environment that is attached to your error reports, should be set to your email address for example. Defaults to `customer`.
|
||||||
|
|
||||||
|
- AUTHENTIK_ERROR_REPORTING__SEND_PII
|
||||||
|
|
||||||
|
Whether or not to send personal data, like usernames. Defaults to `false`.
|
||||||
|
|
||||||
|
## AUTHENTIK_EMAIL
|
||||||
|
|
||||||
|
- AUTHENTIK_EMAIL__HOST
|
||||||
|
|
||||||
|
Default: `localhost`
|
||||||
|
|
||||||
|
- AUTHENTIK_EMAIL__PORT
|
||||||
|
|
||||||
|
Default: `25`
|
||||||
|
|
||||||
|
- AUTHENTIK_EMAIL__USERNAME
|
||||||
|
|
||||||
|
Default: `""`
|
||||||
|
|
||||||
|
- AUTHENTIK_EMAIL__PASSWORD
|
||||||
|
|
||||||
|
Default: `""`
|
||||||
|
|
||||||
|
- AUTHENTIK_EMAIL__USE_TLS
|
||||||
|
|
||||||
|
Default: `false`
|
||||||
|
|
||||||
|
- AUTHENTIK_EMAIL__USE_SSL
|
||||||
|
|
||||||
|
Default: `false`
|
||||||
|
|
||||||
|
- AUTHENTIK_EMAIL__TIMEOUT
|
||||||
|
|
||||||
|
Default: `10`
|
||||||
|
|
||||||
|
- AUTHENTIK_EMAIL__FROM
|
||||||
|
|
||||||
|
Default: `authentik@localhost`
|
||||||
|
|
||||||
|
Email address authentik will send from, should have a correct @domain
|
||||||
|
|
||||||
|
## AUTHENTIK_OUTPOSTS
|
||||||
|
|
||||||
|
- AUTHENTIK_OUTPOSTS__DOCKER_IMAGE_BASE
|
||||||
|
|
||||||
|
This is the prefix used for authentik-managed outposts. Default: `beryju/authentik`.
|
||||||
|
|
||||||
|
## AUTHENTIK_AUTHENTIK
|
||||||
|
|
||||||
|
- AUTHENTIK_AUTHENTIK__AVATARS
|
||||||
|
|
||||||
|
Controls which avatars are shown. Defaults to `gravatar`. Can be set to `none` to disable avatars.
|
||||||
|
|
||||||
|
- AUTHENTIK_AUTHENTIK__BRANDING__TITLE
|
||||||
|
|
||||||
|
Branding title used throughout the UI. Defaults to `authentik`.
|
||||||
|
|
||||||
|
- AUTHENTIK_AUTHENTIK__BRANDING__LOGO
|
||||||
|
|
||||||
|
Logo shown in the sidebar and flow executions. Defaults to `/static/dist/assets/icons/icon_left_brand.svg`
|
|
@ -2,6 +2,6 @@
|
||||||
title: Installation
|
title: Installation
|
||||||
---
|
---
|
||||||
|
|
||||||
If you want to try out authentik, or only want a small deployment (< 100 Users), you should use [docker-compose](./docker-compose).
|
If you want to try out authentik, or only want a small deployment you should use [docker-compose](./docker-compose).
|
||||||
|
|
||||||
If you want a larger deployment, or you want High-Availability, you should use [Kubernetes](./kubernetes).
|
If you want a larger deployment, or you want High-Availability, you should use [Kubernetes](./kubernetes).
|
||||||
|
|
|
@ -21,10 +21,10 @@ It is also recommended to configure global email credentials. These are used by
|
||||||
# Values directly affecting authentik
|
# Values directly affecting authentik
|
||||||
###################################
|
###################################
|
||||||
image:
|
image:
|
||||||
name: beryju/authentik
|
name: beryju/authentik
|
||||||
name_static: beryju/authentik-static
|
name_static: beryju/authentik-static
|
||||||
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
|
name_outposts: beryju/authentik # Prefix used for Outpost deployments, Outpost type and version is appended
|
||||||
tag: 2021.3.3
|
tag: 2021.3.3
|
||||||
|
|
||||||
serverReplicas: 1
|
serverReplicas: 1
|
||||||
workerReplicas: 1
|
workerReplicas: 1
|
||||||
|
@ -33,31 +33,38 @@ workerReplicas: 1
|
||||||
kubernetesIntegration: true
|
kubernetesIntegration: true
|
||||||
|
|
||||||
config:
|
config:
|
||||||
# Optionally specify fixed secret_key, otherwise generated automatically
|
# Optionally specify fixed secret_key, otherwise generated automatically
|
||||||
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
# secretKey: _k*@6h2u2@q-dku57hhgzb7tnx*ba9wodcb^s9g0j59@=y(@_o
|
||||||
# Enable error reporting
|
# Enable error reporting
|
||||||
errorReporting:
|
errorReporting:
|
||||||
enabled: false
|
enabled: false
|
||||||
environment: customer
|
environment: customer
|
||||||
sendPii: false
|
sendPii: false
|
||||||
# Log level used by web and worker
|
# Log level used by web and worker
|
||||||
# Can be either debug, info, warning, error
|
# Can be either debug, info, warning, error
|
||||||
logLevel: warning
|
logLevel: warning
|
||||||
# Global Email settings
|
# Global Email settings
|
||||||
email:
|
email:
|
||||||
# SMTP Host Emails are sent to
|
# SMTP Host Emails are sent to
|
||||||
host: localhost
|
host: localhost
|
||||||
port: 25
|
port: 25
|
||||||
# Optionally authenticate
|
# Optionally authenticate
|
||||||
username: ""
|
username: ""
|
||||||
password: ""
|
password: ""
|
||||||
# Use StartTLS
|
# Use StartTLS
|
||||||
useTls: false
|
useTls: false
|
||||||
# Use SSL
|
# Use SSL
|
||||||
useSsl: false
|
useSsl: false
|
||||||
timeout: 10
|
timeout: 10
|
||||||
# Email address authentik will send from, should have a correct @domain
|
# Email address authentik will send from, should have a correct @domain
|
||||||
from: authentik@localhost
|
from: authentik@localhost
|
||||||
|
|
||||||
|
# Enable MaxMind GeoIP
|
||||||
|
# geoip:
|
||||||
|
# enabled: false
|
||||||
|
# accountId: ""
|
||||||
|
# licenseKey: ""
|
||||||
|
# image: maxmindinc/geoipupdate:latest
|
||||||
|
|
||||||
# Enable Database Backups to S3
|
# Enable Database Backups to S3
|
||||||
# backup:
|
# backup:
|
||||||
|
@ -68,33 +75,22 @@ config:
|
||||||
# host: s3-host
|
# host: s3-host
|
||||||
|
|
||||||
ingress:
|
ingress:
|
||||||
annotations:
|
annotations:
|
||||||
{}
|
{}
|
||||||
# kubernetes.io/ingress.class: nginx
|
# kubernetes.io/ingress.class: nginx
|
||||||
# kubernetes.io/tls-acme: "true"
|
# kubernetes.io/tls-acme: "true"
|
||||||
hosts:
|
hosts:
|
||||||
- authentik.k8s.local
|
- authentik.k8s.local
|
||||||
tls: []
|
tls: []
|
||||||
# - secretName: chart-example-tls
|
# - secretName: chart-example-tls
|
||||||
# hosts:
|
# hosts:
|
||||||
# - authentik.k8s.local
|
# - authentik.k8s.local
|
||||||
|
|
||||||
###################################
|
###################################
|
||||||
# Values controlling dependencies
|
# Values controlling dependencies
|
||||||
###################################
|
###################################
|
||||||
|
|
||||||
install:
|
install:
|
||||||
postgresql: true
|
postgresql: true
|
||||||
redis: true
|
redis: true
|
||||||
|
|
||||||
# These values influence the bundled postgresql and redis charts, but are also used by authentik to connect
|
|
||||||
postgresql:
|
|
||||||
postgresqlDatabase: authentik
|
|
||||||
|
|
||||||
redis:
|
|
||||||
cluster:
|
|
||||||
enabled: false
|
|
||||||
master:
|
|
||||||
persistence:
|
|
||||||
enabled: false
|
|
||||||
```
|
```
|
||||||
|
|
17
website/docs/releases/next.md
Normal file
17
website/docs/releases/next.md
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
title: Next
|
||||||
|
---
|
||||||
|
|
||||||
|
# TBD
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
This release does not introduce any new requirements.
|
||||||
|
|
||||||
|
### docker-compose
|
||||||
|
|
||||||
|
Download the latest docker-compose file from [here](https://raw.githubusercontent.com/BeryJu/authentik/version-2021.4/docker-compose.yml). Afterwards, simply run `docker-compose up -d` and then the standard upgrade command of `docker-compose run --rm server migrate`.
|
||||||
|
|
||||||
|
### Kubernetes
|
||||||
|
|
||||||
|
Run `helm repo update` and then upgrade your release with `helm upgrade passbook authentik/authentik --devel -f values.yaml`.
|
|
@ -14,8 +14,10 @@ module.exports = {
|
||||||
items: [
|
items: [
|
||||||
"installation/index",
|
"installation/index",
|
||||||
"installation/docker-compose",
|
"installation/docker-compose",
|
||||||
"installation/kubernetes",
|
"installation/docker-compose-config",
|
||||||
"installation/reverse-proxy",
|
"installation/reverse-proxy",
|
||||||
|
"installation/kubernetes",
|
||||||
|
"installation/beta",
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
Reference in a new issue