Compare commits
5 Commits
trustchain
...
version-20
| Author | SHA1 | Date |
|---|---|---|
Jens Langhammer
|
fe5d22ce6c | |
|
Jens Langhammer
|
0e30b6ee55 | |
|
Jens Langhammer
|
6cbba45291 | |
|
Jens Langhammer
|
ba023a3bba | |
|
Jens Langhammer
|
6c805bcf32 |
|
|
@ -1,5 +1,5 @@
|
||||||
[bumpversion]
|
[bumpversion]
|
||||||
current_version = 2021.8.4
|
current_version = 2021.8.5
|
||||||
tag = True
|
tag = True
|
||||||
commit = True
|
commit = True
|
||||||
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)
|
parse = (?P<major>\d+)\.(?P<minor>\d+)\.(?P<patch>\d+)\-?(?P<release>.*)
|
||||||
|
|
|
||||||
|
|
@ -33,14 +33,14 @@ jobs:
|
||||||
with:
|
with:
|
||||||
push: ${{ github.event_name == 'release' }}
|
push: ${{ github.event_name == 'release' }}
|
||||||
tags: |
|
tags: |
|
||||||
beryju/authentik:2021.8.4,
|
beryju/authentik:2021.8.5,
|
||||||
beryju/authentik:latest,
|
beryju/authentik:latest,
|
||||||
ghcr.io/goauthentik/server:2021.8.4,
|
ghcr.io/goauthentik/server:2021.8.5,
|
||||||
ghcr.io/goauthentik/server:latest
|
ghcr.io/goauthentik/server:latest
|
||||||
platforms: linux/amd64,linux/arm64
|
platforms: linux/amd64,linux/arm64
|
||||||
context: .
|
context: .
|
||||||
- name: Building Docker Image (stable)
|
- name: Building Docker Image (stable)
|
||||||
if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }}
|
if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }}
|
||||||
run: |
|
run: |
|
||||||
docker pull beryju/authentik:latest
|
docker pull beryju/authentik:latest
|
||||||
docker tag beryju/authentik:latest beryju/authentik:stable
|
docker tag beryju/authentik:latest beryju/authentik:stable
|
||||||
|
|
@ -75,14 +75,14 @@ jobs:
|
||||||
with:
|
with:
|
||||||
push: ${{ github.event_name == 'release' }}
|
push: ${{ github.event_name == 'release' }}
|
||||||
tags: |
|
tags: |
|
||||||
beryju/authentik-proxy:2021.8.4,
|
beryju/authentik-proxy:2021.8.5,
|
||||||
beryju/authentik-proxy:latest,
|
beryju/authentik-proxy:latest,
|
||||||
ghcr.io/goauthentik/proxy:2021.8.4,
|
ghcr.io/goauthentik/proxy:2021.8.5,
|
||||||
ghcr.io/goauthentik/proxy:latest
|
ghcr.io/goauthentik/proxy:latest
|
||||||
file: proxy.Dockerfile
|
file: proxy.Dockerfile
|
||||||
platforms: linux/amd64,linux/arm64
|
platforms: linux/amd64,linux/arm64
|
||||||
- name: Building Docker Image (stable)
|
- name: Building Docker Image (stable)
|
||||||
if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }}
|
if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }}
|
||||||
run: |
|
run: |
|
||||||
docker pull beryju/authentik-proxy:latest
|
docker pull beryju/authentik-proxy:latest
|
||||||
docker tag beryju/authentik-proxy:latest beryju/authentik-proxy:stable
|
docker tag beryju/authentik-proxy:latest beryju/authentik-proxy:stable
|
||||||
|
|
@ -117,14 +117,14 @@ jobs:
|
||||||
with:
|
with:
|
||||||
push: ${{ github.event_name == 'release' }}
|
push: ${{ github.event_name == 'release' }}
|
||||||
tags: |
|
tags: |
|
||||||
beryju/authentik-ldap:2021.8.4,
|
beryju/authentik-ldap:2021.8.5,
|
||||||
beryju/authentik-ldap:latest,
|
beryju/authentik-ldap:latest,
|
||||||
ghcr.io/goauthentik/ldap:2021.8.4,
|
ghcr.io/goauthentik/ldap:2021.8.5,
|
||||||
ghcr.io/goauthentik/ldap:latest
|
ghcr.io/goauthentik/ldap:latest
|
||||||
file: ldap.Dockerfile
|
file: ldap.Dockerfile
|
||||||
platforms: linux/amd64,linux/arm64
|
platforms: linux/amd64,linux/arm64
|
||||||
- name: Building Docker Image (stable)
|
- name: Building Docker Image (stable)
|
||||||
if: ${{ github.event_name == 'release' && !contains('2021.8.4', 'rc') }}
|
if: ${{ github.event_name == 'release' && !contains('2021.8.5', 'rc') }}
|
||||||
run: |
|
run: |
|
||||||
docker pull beryju/authentik-ldap:latest
|
docker pull beryju/authentik-ldap:latest
|
||||||
docker tag beryju/authentik-ldap:latest beryju/authentik-ldap:stable
|
docker tag beryju/authentik-ldap:latest beryju/authentik-ldap:stable
|
||||||
|
|
@ -175,7 +175,7 @@ jobs:
|
||||||
SENTRY_PROJECT: authentik
|
SENTRY_PROJECT: authentik
|
||||||
SENTRY_URL: https://sentry.beryju.org
|
SENTRY_URL: https://sentry.beryju.org
|
||||||
with:
|
with:
|
||||||
version: authentik@2021.8.4
|
version: authentik@2021.8.5
|
||||||
environment: beryjuorg-prod
|
environment: beryjuorg-prod
|
||||||
sourcemaps: './web/dist'
|
sourcemaps: './web/dist'
|
||||||
url_prefix: '~/static/dist'
|
url_prefix: '~/static/dist'
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
"""authentik"""
|
"""authentik"""
|
||||||
__version__ = "2021.8.4"
|
__version__ = "2021.8.5"
|
||||||
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
|
ENV_GIT_HASH_KEY = "GIT_BUILD_HASH"
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,6 @@ from django.urls import reverse
|
||||||
from django.views.generic import RedirectView
|
from django.views.generic import RedirectView
|
||||||
from structlog.stdlib import get_logger
|
from structlog.stdlib import get_logger
|
||||||
|
|
||||||
from authentik.flows.views import FlowExecutorView
|
|
||||||
from authentik.sources.oauth.models import OAuthSource
|
from authentik.sources.oauth.models import OAuthSource
|
||||||
from authentik.sources.oauth.views.base import OAuthClientMixin
|
from authentik.sources.oauth.views.base import OAuthClientMixin
|
||||||
|
|
||||||
|
|
@ -43,5 +42,4 @@ class OAuthRedirect(OAuthClientMixin, RedirectView):
|
||||||
raise Http404(f"source {slug} is not enabled.")
|
raise Http404(f"source {slug} is not enabled.")
|
||||||
client = self.get_client(source, callback=self.get_callback_url(source))
|
client = self.get_client(source, callback=self.get_callback_url(source))
|
||||||
params = self.get_additional_parameters(source)
|
params = self.get_additional_parameters(source)
|
||||||
FlowExecutorView(request=self.request).cancel()
|
|
||||||
return client.get_redirect_url(params)
|
return client.get_redirect_url(params)
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ services:
|
||||||
networks:
|
networks:
|
||||||
- internal
|
- internal
|
||||||
server:
|
server:
|
||||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.4}
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.5}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: server
|
command: server
|
||||||
environment:
|
environment:
|
||||||
|
|
@ -44,7 +44,7 @@ services:
|
||||||
- "0.0.0.0:9000:9000"
|
- "0.0.0.0:9000:9000"
|
||||||
- "0.0.0.0:9443:9443"
|
- "0.0.0.0:9443:9443"
|
||||||
worker:
|
worker:
|
||||||
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.4}
|
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2021.8.5}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
command: worker
|
command: worker
|
||||||
networks:
|
networks:
|
||||||
|
|
|
||||||
|
|
@ -17,4 +17,4 @@ func OutpostUserAgent() string {
|
||||||
return fmt.Sprintf("authentik-outpost@%s (%s)", VERSION, BUILD())
|
return fmt.Sprintf("authentik-outpost@%s (%s)", VERSION, BUILD())
|
||||||
}
|
}
|
||||||
|
|
||||||
const VERSION = "2021.8.4"
|
const VERSION = "2021.8.5"
|
||||||
|
|
|
||||||
|
|
@ -107,8 +107,24 @@ func (a *APIController) Start() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *APIController) OnRefresh() error {
|
||||||
|
// Because we don't know the outpost UUID, we simply do a list and pick the first
|
||||||
|
// The service account this token belongs to should only have access to a single outpost
|
||||||
|
outposts, _, err := a.Client.OutpostsApi.OutpostsInstancesList(context.Background()).Execute()
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
log.WithError(err).Error("Failed to fetch outpost configuration")
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
outpost := outposts.Results[0]
|
||||||
|
doGlobalSetup(outpost.Config)
|
||||||
|
|
||||||
|
log.WithField("name", outpost.Name).Debug("Fetched outpost configuration")
|
||||||
|
return a.Server.Refresh()
|
||||||
|
}
|
||||||
|
|
||||||
func (a *APIController) StartBackgorundTasks() error {
|
func (a *APIController) StartBackgorundTasks() error {
|
||||||
err := a.Server.Refresh()
|
err := a.OnRefresh()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return errors.Wrap(err, "failed to run initial refresh")
|
return errors.Wrap(err, "failed to run initial refresh")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,7 @@ func (ac *APIController) startWSHandler() {
|
||||||
if wsMsg.Instruction == WebsocketInstructionTriggerUpdate {
|
if wsMsg.Instruction == WebsocketInstructionTriggerUpdate {
|
||||||
time.Sleep(ac.reloadOffset)
|
time.Sleep(ac.reloadOffset)
|
||||||
logger.Debug("Got update trigger...")
|
logger.Debug("Got update trigger...")
|
||||||
err := ac.Server.Refresh()
|
err := ac.OnRefresh()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.WithError(err).Debug("Failed to update")
|
logger.WithError(err).Debug("Failed to update")
|
||||||
}
|
}
|
||||||
|
|
@ -118,7 +118,7 @@ func (ac *APIController) startIntervalUpdater() {
|
||||||
logger := ac.logger.WithField("loop", "interval-updater")
|
logger := ac.logger.WithField("loop", "interval-updater")
|
||||||
ticker := time.NewTicker(5 * time.Minute)
|
ticker := time.NewTicker(5 * time.Minute)
|
||||||
for ; true; <-ticker.C {
|
for ; true; <-ticker.C {
|
||||||
err := ac.Server.Refresh()
|
err := ac.OnRefresh()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.WithError(err).Debug("Failed to update")
|
logger.WithError(err).Debug("Failed to update")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,9 +14,12 @@ function check_if_root {
|
||||||
# Get group ID of the docker socket, so we can create a matching group and
|
# Get group ID of the docker socket, so we can create a matching group and
|
||||||
# add ourselves to it
|
# add ourselves to it
|
||||||
DOCKER_GID=$(stat -c '%g' $SOCKET)
|
DOCKER_GID=$(stat -c '%g' $SOCKET)
|
||||||
|
# Ensure group for the id exists
|
||||||
getent group $DOCKER_GID || groupadd -f -g $DOCKER_GID docker
|
getent group $DOCKER_GID || groupadd -f -g $DOCKER_GID docker
|
||||||
usermod -a -G $DOCKER_GID authentik
|
usermod -a -G $DOCKER_GID authentik
|
||||||
GROUP="authentik:docker"
|
# since the name of the group might not be docker, we need to lookup the group id
|
||||||
|
GROUP_NAME=$(getent group $DOCKER_GID | sed 's/:/\n/g' | head -1)
|
||||||
|
GROUP="authentik:${GROUP_NAME}"
|
||||||
fi
|
fi
|
||||||
# Fix permissions of backups and media
|
# Fix permissions of backups and media
|
||||||
chown -R authentik:authentik /media /backups
|
chown -R authentik:authentik /media /backups
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
openapi: 3.0.3
|
openapi: 3.0.3
|
||||||
info:
|
info:
|
||||||
title: authentik
|
title: authentik
|
||||||
version: 2021.8.4
|
version: 2021.8.5
|
||||||
description: Making authentication simple.
|
description: Making authentication simple.
|
||||||
contact:
|
contact:
|
||||||
email: hello@beryju.org
|
email: hello@beryju.org
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,9 @@ export function configureSentry(canDoPpi: boolean = false): Promise<Config> {
|
||||||
if (config.errorReportingEnabled) {
|
if (config.errorReportingEnabled) {
|
||||||
Sentry.init({
|
Sentry.init({
|
||||||
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
|
dsn: "https://a579bb09306d4f8b8d8847c052d3a1d3@sentry.beryju.org/8",
|
||||||
|
ignoreErrors: [
|
||||||
|
/network/i,
|
||||||
|
],
|
||||||
release: `authentik@${VERSION}`,
|
release: `authentik@${VERSION}`,
|
||||||
tunnel: "/api/v3/sentry/",
|
tunnel: "/api/v3/sentry/",
|
||||||
integrations: [
|
integrations: [
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ export const SUCCESS_CLASS = "pf-m-success";
|
||||||
export const ERROR_CLASS = "pf-m-danger";
|
export const ERROR_CLASS = "pf-m-danger";
|
||||||
export const PROGRESS_CLASS = "pf-m-in-progress";
|
export const PROGRESS_CLASS = "pf-m-in-progress";
|
||||||
export const CURRENT_CLASS = "pf-m-current";
|
export const CURRENT_CLASS = "pf-m-current";
|
||||||
export const VERSION = "2021.8.4";
|
export const VERSION = "2021.8.5";
|
||||||
export const PAGE_SIZE = 20;
|
export const PAGE_SIZE = 20;
|
||||||
export const TITLE_DEFAULT = "authentik";
|
export const TITLE_DEFAULT = "authentik";
|
||||||
export const ROUTE_SEPARATOR = ";";
|
export const ROUTE_SEPARATOR = ";";
|
||||||
|
|
|
||||||
|
|
@ -12,9 +12,9 @@ This installation method is for test-setups and small-scale productive setups.
|
||||||
|
|
||||||
## Preparation
|
## Preparation
|
||||||
|
|
||||||
Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/version/2021.8.4/docker-compose.yml). Place it in a directory of your choice.
|
Download the latest `docker-compose.yml` from [here](https://raw.githubusercontent.com/goauthentik/authentik/version/2021.8.5/docker-compose.yml). Place it in a directory of your choice.
|
||||||
|
|
||||||
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.8.4 >> .env`
|
To optionally deploy a different version run `echo AUTHENTIK_TAG=2021.8.5 >> .env`
|
||||||
|
|
||||||
If this is a fresh authentik install run the following commands to generate a password:
|
If this is a fresh authentik install run the following commands to generate a password:
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ version: "3.5"
|
||||||
|
|
||||||
services:
|
services:
|
||||||
authentik_proxy:
|
authentik_proxy:
|
||||||
image: ghcr.io/goauthentik/proxy:2021.8.4
|
image: ghcr.io/goauthentik/proxy:2021.8.5
|
||||||
ports:
|
ports:
|
||||||
- 4180:4180
|
- 4180:4180
|
||||||
- 4443:4443
|
- 4443:4443
|
||||||
|
|
@ -21,7 +21,7 @@ services:
|
||||||
AUTHENTIK_TOKEN: token-generated-by-authentik
|
AUTHENTIK_TOKEN: token-generated-by-authentik
|
||||||
# Or, for the LDAP Outpost
|
# Or, for the LDAP Outpost
|
||||||
authentik_proxy:
|
authentik_proxy:
|
||||||
image: ghcr.io/goauthentik/ldap:2021.8.4
|
image: ghcr.io/goauthentik/ldap:2021.8.5
|
||||||
ports:
|
ports:
|
||||||
- 389:3389
|
- 389:3389
|
||||||
environment:
|
environment:
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||||
app.kubernetes.io/managed-by: goauthentik.io
|
app.kubernetes.io/managed-by: goauthentik.io
|
||||||
app.kubernetes.io/name: authentik-proxy
|
app.kubernetes.io/name: authentik-proxy
|
||||||
app.kubernetes.io/version: 2021.8.4
|
app.kubernetes.io/version: 2021.8.5
|
||||||
name: authentik-outpost-api
|
name: authentik-outpost-api
|
||||||
stringData:
|
stringData:
|
||||||
authentik_host: "__AUTHENTIK_URL__"
|
authentik_host: "__AUTHENTIK_URL__"
|
||||||
|
|
@ -29,7 +29,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||||
app.kubernetes.io/managed-by: goauthentik.io
|
app.kubernetes.io/managed-by: goauthentik.io
|
||||||
app.kubernetes.io/name: authentik-proxy
|
app.kubernetes.io/name: authentik-proxy
|
||||||
app.kubernetes.io/version: 2021.8.4
|
app.kubernetes.io/version: 2021.8.5
|
||||||
name: authentik-outpost
|
name: authentik-outpost
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -54,7 +54,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||||
app.kubernetes.io/managed-by: goauthentik.io
|
app.kubernetes.io/managed-by: goauthentik.io
|
||||||
app.kubernetes.io/name: authentik-proxy
|
app.kubernetes.io/name: authentik-proxy
|
||||||
app.kubernetes.io/version: 2021.8.4
|
app.kubernetes.io/version: 2021.8.5
|
||||||
name: authentik-outpost
|
name: authentik-outpost
|
||||||
spec:
|
spec:
|
||||||
selector:
|
selector:
|
||||||
|
|
@ -62,14 +62,14 @@ spec:
|
||||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||||
app.kubernetes.io/managed-by: goauthentik.io
|
app.kubernetes.io/managed-by: goauthentik.io
|
||||||
app.kubernetes.io/name: authentik-proxy
|
app.kubernetes.io/name: authentik-proxy
|
||||||
app.kubernetes.io/version: 2021.8.4
|
app.kubernetes.io/version: 2021.8.5
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||||
app.kubernetes.io/managed-by: goauthentik.io
|
app.kubernetes.io/managed-by: goauthentik.io
|
||||||
app.kubernetes.io/name: authentik-proxy
|
app.kubernetes.io/name: authentik-proxy
|
||||||
app.kubernetes.io/version: 2021.8.4
|
app.kubernetes.io/version: 2021.8.5
|
||||||
spec:
|
spec:
|
||||||
containers:
|
containers:
|
||||||
- env:
|
- env:
|
||||||
|
|
@ -88,7 +88,7 @@ spec:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: authentik_host_insecure
|
key: authentik_host_insecure
|
||||||
name: authentik-outpost-api
|
name: authentik-outpost-api
|
||||||
image: ghcr.io/goauthentik/proxy:2021.8.4
|
image: ghcr.io/goauthentik/proxy:2021.8.5
|
||||||
name: proxy
|
name: proxy
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 4180
|
- containerPort: 4180
|
||||||
|
|
@ -110,7 +110,7 @@ metadata:
|
||||||
app.kubernetes.io/instance: __OUTPOST_NAME__
|
app.kubernetes.io/instance: __OUTPOST_NAME__
|
||||||
app.kubernetes.io/managed-by: goauthentik.io
|
app.kubernetes.io/managed-by: goauthentik.io
|
||||||
app.kubernetes.io/name: authentik-proxy
|
app.kubernetes.io/name: authentik-proxy
|
||||||
app.kubernetes.io/version: 2021.8.4
|
app.kubernetes.io/version: 2021.8.5
|
||||||
name: authentik-outpost
|
name: authentik-outpost
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
|
|
|
||||||
Reference in New Issue