def should_backup() -> bool: """Check if we should be doing backups""" if SERVICE_HOST_ENV_NAME in environ and not CONFIG.y("postgresql.s3_backup.bucket"): LOGGER.info("Running in k8s and s3 backups are not configured, skipping") return False if not CONFIG.y_bool("postgresql.backup.enabled"): return False return True
def validate_username(self, username: str): """Check if the user is allowed to change their username""" if self.instance.group_attributes().get( USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool("default_user_change_username", True)): return username if username != self.instance.username: raise ValidationError("Not allowed to change username.") return username
def validate_email(self, email: str): """Check if the user is allowed to change their email""" if self.instance.group_attributes().get( USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool("default_user_change_email", True)): return email if email != self.instance.email: raise ValidationError("Not allowed to change email.") return email
def get_env() -> str: """Get environment in which authentik is currently running""" if SERVICE_HOST_ENV_NAME in os.environ: return "kubernetes" if "CI" in os.environ: return "ci" if Path("/tmp/authentik-mode").exists(): # nosec return "compose" if CONFIG.y_bool("debug"): return "dev" if "AK_APPLIANCE" in os.environ: return os.environ["AK_APPLIANCE"] return "custom"
class OutpostConfig: """Configuration an outpost uses to configure it self""" authentik_host: str authentik_host_insecure: bool = False log_level: str = CONFIG.y("log_level") error_reporting_enabled: bool = CONFIG.y_bool("error_reporting.enabled") error_reporting_environment: str = CONFIG.y("error_reporting.environment", "customer") kubernetes_replicas: int = field(default=1) kubernetes_namespace: str = field(default="default") kubernetes_ingress_annotations: dict[str, str] = field(default_factory=dict) kubernetes_ingress_secret_name: str = field(default="authentik-outpost")
class OutpostConfig: """Configuration an outpost uses to configure it self""" authentik_host: str authentik_host_insecure: bool = False log_level: str = CONFIG.y("log_level") error_reporting_enabled: bool = CONFIG.y_bool("error_reporting.enabled") error_reporting_environment: str = CONFIG.y("error_reporting.environment", "customer") object_naming_template: str = field(default="ak-outpost-%(name)s") kubernetes_replicas: int = field(default=1) kubernetes_namespace: str = field(default_factory=get_namespace) kubernetes_ingress_annotations: dict[str, str] = field(default_factory=dict) kubernetes_ingress_secret_name: str = field( default="authentik-outpost-tls") kubernetes_service_type: str = field(default="ClusterIP") kubernetes_disabled_components: list[str] = field(default_factory=list)
def update_latest_version(self: MonitoredTask): """Update latest version info""" if CONFIG.y_bool("disable_update_check"): cache.set(VERSION_CACHE_KEY, "0.0.0", VERSION_CACHE_TIMEOUT) self.set_status( TaskResult(TaskResultStatus.WARNING, messages=["Version check disabled."])) return try: response = get_http_session().get( "https://version.goauthentik.io/version.json", ) response.raise_for_status() data = response.json() upstream_version = data.get("stable", {}).get("version") cache.set(VERSION_CACHE_KEY, upstream_version, VERSION_CACHE_TIMEOUT) self.set_status( TaskResult(TaskResultStatus.SUCCESSFUL, ["Successfully updated latest Version"])) _set_prom_info() # Check if upstream version is newer than what we're running, # and if no event exists yet, create one. if LOCAL_VERSION < parse(upstream_version): # Event has already been created, don't create duplicate if Event.objects.filter( action=EventAction.UPDATE_AVAILABLE, context__new_version=upstream_version, ).exists(): return event_dict = {"new_version": upstream_version} if match := re.search(URL_FINDER, data.get("stable", {}).get("changelog", "")): event_dict["message"] = f"Changelog: {match.group()}" Event.new(EventAction.UPDATE_AVAILABLE, **event_dict).save() except (RequestException, IndexError) as exc: cache.set(VERSION_CACHE_KEY, "0.0.0", VERSION_CACHE_TIMEOUT) self.set_status(TaskResult(TaskResultStatus.ERROR).with_error(exc))
LOGGER = structlog.get_logger() # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname( os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) STATIC_ROOT = BASE_DIR + "/static" STATICFILES_DIRS = [BASE_DIR + "/web"] MEDIA_ROOT = BASE_DIR + "/media" SECRET_KEY = CONFIG.y( "secret_key", "9$@r!d^1^jrn#fk#1#@ks#9&i$^s#1)_13%$rwjrhd=e8jfi_s") # noqa Debug DEBUG = CONFIG.y_bool("debug") INTERNAL_IPS = ["127.0.0.1"] ALLOWED_HOSTS = ["*"] SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") LOGIN_URL = "authentik_flows:default-authentication" # Custom user model AUTH_USER_MODEL = "authentik_core.User" _cookie_suffix = "_debug" if DEBUG else "" CSRF_COOKIE_NAME = "authentik_csrf" LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}" SESSION_COOKIE_NAME = f"authentik_session{_cookie_suffix}" AUTHENTICATION_BACKENDS = [
"timestamp": time(), } data.update(**kwargs) print(dumps(data), file=sys.stderr) LOGGER = structlog.get_logger() # Build paths inside the project like this: os.path.join(BASE_DIR, ...) BASE_DIR = os.path.dirname( os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) STATIC_ROOT = BASE_DIR + "/static" STATICFILES_DIRS = [BASE_DIR + "/web"] MEDIA_ROOT = BASE_DIR + "/media" DEBUG = CONFIG.y_bool("debug") SECRET_KEY = CONFIG.y("secret_key") INTERNAL_IPS = ["127.0.0.1"] ALLOWED_HOSTS = ["*"] SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_CROSS_ORIGIN_OPENER_POLICY = None LOGIN_URL = "authentik_flows:default-authentication" # Custom user model AUTH_USER_MODEL = "authentik_core.User" _cookie_suffix = "_debug" if DEBUG else "" CSRF_COOKIE_NAME = "authentik_csrf" CSRF_HEADER_NAME = "HTTP_X_AUTHENTIK_CSRF" LANGUAGE_COOKIE_NAME = f"authentik_language{_cookie_suffix}"
while True: try: conn = connect( dbname=CONFIG.y("postgresql.name"), user=CONFIG.y("postgresql.user"), password=CONFIG.y("postgresql.password"), host=CONFIG.y("postgresql.host"), port=int(CONFIG.y("postgresql.port")), ) conn.cursor() break except OperationalError as exc: sleep(1) j_print(f"PostgreSQL Connection failed, retrying... ({exc})") REDIS_PROTOCOL_PREFIX = "redis://" if CONFIG.y_bool("redis.tls", False): REDIS_PROTOCOL_PREFIX = "rediss://" REDIS_URL = (f"{REDIS_PROTOCOL_PREFIX}:" f"{CONFIG.y('redis.password')}@{CONFIG.y('redis.host')}:" f"{int(CONFIG.y('redis.port'))}/{CONFIG.y('redis.ws_db')}") while True: try: redis = Redis.from_url(REDIS_URL) redis.ping() break except RedisError as exc: sleep(1) j_print(f"Redis Connection failed, retrying... ({exc})", redis_url=REDIS_URL)