authentik
authentik copied to clipboard
goauthentik
*: replace Celery with DramatiQ
Details
Old TODO:
- [x] fix the authentik_events.view_systemtask permission check for sync_status endpoints, and associated code
- [x] modify schedules reconciliation to atomically create/delete/update schedules on startup, instead of hoping outdated schedules get deleted
- [x] ak worker embedded in ak server (?) -> no, need to update doc to add
ak workerin commands to run - [x] UI
- [x] bootstrap tasks
- [x] convert sources/ldap tasks
- [x] convert lib/sync/outgoing tasks
- [x] tasks fixes, see todos
TODO when extracting the code to its package:
- [x] broker fixes, see todos
- [ ] django.setup startup code refactor
- [ ] replace our custom scheduler with apscheduler
- [ ] implement priorities
TODO that modify a bit the implementation:
- [ ] figure out what to do about messages. Needs events for errors, needs timestamps, needs translations
- [ ] updating crontab doesn't update next_run
- [ ] read only schedules
- [x] add utility to dispatch on startup, probably
run_on_startupas an argument to a middleware dispatching the tasks on worker boot - [ ] schedules fixes, grep TODO
- [ ] custom currenttask middleware for tests only with list instead of single task
TODO things to figure out:
- [ ] outpost service connection schedule broken because on top class instead of subclass. Actually figure out if ScheduledModel should be on "lowest" class or if intermediary classes are fine, like for OutgoingSyncProvider
- [ ] figure out what is going on in outpost_post_save and things, and how to handle rel_obj in there
- [ ] re-introduce "meta" tasks dispatching tasks for each object, for performance reasons
- [ ] workers API
- [ ] metrics
- [ ] task cancellation?
TODO cleanup:
- [ ] timeout for all tasks (+ tests)
- [ ] description for all tasks (+ tests)
- [x] check that timelimit is miliseconds everywhere
- [ ] check that tasksmodels (i.e. what is put in rel_obj) inherit from TaskModel for task deletion after model deletion
- [ ] reset migrations
- [ ] find out why tests don't run in CI
TODO frontend:
- [ ] frontend hide successful tasks (do we hide warning? probably not)
- [ ] frontend updates to show status and things
- [ ] detail pages to show tasks and schedules
Checklist
- [ ] Local tests pass (
ak test authentik/) - [ ] The code has been formatted (
make lint-fix)
If an API change has been made
- [ ] The API schema has been updated (
make gen-build)
If changes to the frontend have been made
- [ ] The code has been formatted (
make web)
If applicable
- [ ] The documentation has been updated
- [ ] The documentation has been formatted (
make website)
Deploy Preview for authentik-storybook canceled.
| Name | Link |
|---|---|
| Latest commit | 93eeda6557f6fd3c680f1603961d579c6fbd55b6 |
| Latest deploy log | https://app.netlify.com/projects/authentik-storybook/deploys/6887874f90a63f00086b28a4 |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for authentik-docs canceled.
| Name | Link |
|---|---|
| Latest commit | 93eeda6557f6fd3c680f1603961d579c6fbd55b6 |
| Latest deploy log | https://app.netlify.com/projects/authentik-docs/deploys/6887874f6f97e10008550073 |
Codecov Report
:x: Patch coverage is 80.86459% with 301 lines in your changes missing coverage. Please review.
:white_check_mark: Project coverage is 92.70%. Comparing base (3ae2831) to head (93eeda6).
:warning: Report is 3 commits behind head on main.
:white_check_mark: All tests successful. No failed tests found.
Additional details and impacted files
@@ Coverage Diff @@
## main #13492 +/- ##
==========================================
- Coverage 93.17% 92.70% -0.48%
==========================================
Files 831 831
Lines 44251 44469 +218
==========================================
- Hits 41230 41224 -6
- Misses 3021 3245 +224
| Flag | Coverage Δ | |
|---|---|---|
| e2e | 46.79% <53.44%> (+0.22%) |
:arrow_up: |
| integration | 23.61% <40.54%> (+0.16%) |
:arrow_up: |
| unit | 90.82% <80.48%> (-0.45%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for authentik-integrations canceled.
| Name | Link |
|---|---|
| Latest commit | 93eeda6557f6fd3c680f1603961d579c6fbd55b6 |
| Latest deploy log | https://app.netlify.com/projects/authentik-integrations/deploys/6887874fec955c00083fa273 |
authentik PR Installation instructions
Instructions for docker-compose
Add the following block to your .env file:
AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-93eeda6557f6fd3c680f1603961d579c6fbd55b6
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
Afterwards, run the upgrade commands from the latest release notes.
Instructions for Kubernetes
Add the following block to your values.yml file:
authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-93eeda6557f6fd3c680f1603961d579c6fbd55b6
Afterwards, run the upgrade commands from the latest release notes.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Worker doesn't listen on IPv6 and IPv4 with the address set to 0.0.0.0 for http and metrics
EDIT: fixed
For the task item:
update Grafana dashboard
I could see several advantages in the dashboard being stored in version control and being automatically published on the grafana website.
For the task item:
update Grafana dashboard
I could see several advantages in the dashboard being stored in version control and being automatically published on the grafana website.
agreed