e28babb0b8
core: Initial RBAC ( #6806 )
...
* rename consent permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* the user version
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
t
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* initial role
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start form
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* some minor table refactoring
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix user, add assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add roles ui
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix backend
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add assign API for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding toggle buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude add_ permission for per-object perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* small cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission list for roles
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make sidebar update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix page header not re-rendering?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fixup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add search
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* show first category in table groupBy except when its empty
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make model and object PK optional but required together
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow for setting global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude non-authentik permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* exclude models which aren't allowed (base models etc)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure all models have verbose_name set, exclude some more internal objects
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* lint fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role perm assign
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add unasign for global perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add meta changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clear modal state after submit
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add roles to our group
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix duplicate url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make recursive group query more usable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add name field to role itself and move group creation to signal
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start sync
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* move rbac stuff to separate django app
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint and such
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix go
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start API changes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make admin interface not require superuser for now, improve error handling
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* replace some IsAdminUser where applicable
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* migrate flow inspector perms to actual permission
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix license not being a serializermodel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permission modal to models without view page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add additional permissions to assign/unassign permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add action to unassign user permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add permissions tab to remaining view pages
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix flow inspector permission check
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix codecov config?
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more API tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* ensure viewsets have an order set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* hopefully the last api name change
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* make perm modal less confusing
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start user view permission page
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only make delete bulk form expandable if usedBy is set
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* expand permission tables
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more things
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add user global permission table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix lint
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests' url names
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add tests for assign perms
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add unassign tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rebuild permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* prevent assigning/unassigning permissions to internal service accounts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only enable default api browser in debug
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role object permissions showing duplicate
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix role link on role object permissions table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix object permission modal having duplicate close buttons
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* return error if user has no global perm and no object perms
also improve error display on table
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* small optimisation
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* optimise even more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update locale
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add system permission for non-object permissions
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* allow access to admin interface based on perm
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* clean
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't exclude base models
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-10-16 17:31:50 +02:00
a2714ab1f1
outposts: make metrics compliant with Prometheus best-practices ( #6398 )
...
web/outpost: make metrics compliant with Prometheus best-practices
Today, all NewHistogramVec store values in nanoseconds without changing
the default histogram bucket, which are made for seconds, making them
a bit useless. In addition, some metrics names are not self-explanatoryand
and do not comply with Prometheus best practices.
This commit tries to fix all of this "issues".
NOTE: I kept old metrics in order to avoid breaking changes with
existing dashboards and metrics.
Signed-off-by: Alexandre NICOLAIE <xunleii@users.noreply.github.com>
2023-07-27 18:51:08 +02:00
ad81ee2740
providers/ldap: fix inconsistent saving of user flags on failed cached binds ( #6096 )
...
* feat: assign invalid pk and check
* fix: only set flags if they don't exist
* fix: userinfo not being set if data is available
* minor cleanup
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2023-06-29 16:57:46 +02:00
54ef88a6fa
providers/ldap: rework Schema and DSE ( #5838 )
...
* rework Root DSE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* always parse filter objectClass
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* start adding LDAP Schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add more schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update schema more
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix cn for schema
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* only include main DN in namingContexts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* use schema from gh
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add description
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix response filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* don't return rootDSE entry when searching for singleLevel
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* remove currentTime
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix attribute filtering
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix tests
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* set SINGLE-VALUE
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* fix numbers
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-08 15:16:40 +02:00
0ce41a1b2d
providers/ldap: add StartTLS support ( #5861 )
...
* providers/ldap: add StartTLS support
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* add starttls test
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update form and docs
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* re-add tls server name
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* update release notes
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-06-06 21:40:19 +02:00
b7b62ba089
providers/ldap: correctly use pagination in search results in both modes ( #5492 )
...
closes #4292
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-05 15:51:02 +03:00
bd0ef69ece
outposts/ldap: decrease verbosity
...
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-17 11:12:31 +01:00
89fef0ae72
blueprints: docs ( #3376 )
...
* further blueprint cleanup
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* make group users and parent optional
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix api client usage
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-08-06 00:52:12 +02:00
eb633c607e
internal: fix nil pointer reference
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-01 17:02:53 +02:00
3eb466ff4b
lifecycle: cleanup prometheus ( #2972 )
...
* remove high cardinality labels
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* retry worker number for prometheus multiprocess id
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* revert to pid, use subdirectories
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* cleanup more
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* use worker id based off of https://github.com/benoitc/gunicorn/issues/1352
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix missing app label
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* tests/e2e: remove static names
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* fix
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-29 21:45:25 +02:00
a286f999e2
api: migrate to openapi generator v6 ( #2968 )
...
* migrate to openapi generator v6
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* bump api
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-26 15:15:30 +02:00
5c91658484
internal: fix nil pointer dereference in ldap outpost
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-05-21 15:48:50 +02:00
51194cbf42
outposts/ldap: use backend group num_pk
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-22 23:54:50 +01:00
62a939b91d
internal: bump api client to v3
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-03-03 10:40:07 +01:00
947ecec02b
outposts/ldap: Fix more case sensitivity issues. ( #2144 )
2022-01-25 11:27:27 +01:00
ececfc3a30
internal: fix comment formatting for TODOs
...
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-07 09:51:41 +01:00
40404ff41d
outposts/ldap: Rework/improve LDAP search logic. ( #1687 )
...
* outposts/ldap: Refactor searching so we key primarily off base dn
* docs: Updating guides on sssd and the ldap outpost.
2021-12-02 15:28:58 +01:00
e7b4363d21
outposts/ldap: fix logic error in cached ldap searcher
...
closes #1779
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-11 23:18:32 +01:00
5a8c66d325
providers/ldap: memory Query ( #1681 )
...
* outposts/ldap: modularise ldap outpost, to allow different searchers and binders
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outposts/ldap: add basic in-memory searcher
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* providers/ldap: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
* outpost: add search mode field
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-05 10:37:30 +01:00
Jens L
Alexandre NICOLAIE
Daniel
Jens L
Ilya Kogan
Jens L