Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: Initial RBAC #6806

Merged
merged 78 commits into from
Oct 16, 2023
Merged

core: Initial RBAC #6806

merged 78 commits into from
Oct 16, 2023

Conversation

BeryJu
Copy link
Member

@BeryJu BeryJu commented Sep 8, 2023
edited

Details

Add an initial API and WebUI for RBAC (both for general permissions and per-object permissions)

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)
  • The translation files have been updated (make i18n-extract)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@netlify
Copy link

netlify bot commented Sep 8, 2023
edited

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit b73324d
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/652d1899a216bc00085e2d70

@codecov
Copy link

codecov bot commented Sep 8, 2023
edited

Codecov Report

Attention: 42 lines in your changes are missing coverage. Please review.

Comparison is base (63a9cf2) 92.63% compared to head (b73324d) 92.69%.
Report is 12 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6806      +/-   ##
==========================================
+ Coverage   92.63%   92.69%   +0.05%     
==========================================
  Files         568      584      +16     
  Lines       28049    28674     +625     
==========================================
+ Hits        25983    26578     +595     
- Misses       2066     2096      +30
Flag Coverage Δ
e2e 51.17% <55.09%> (+0.03%) ⬆️
integration 26.04% <14.87%> (-0.30%) ⬇️
unit 89.65% <94.05%> (+0.09%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
authentik/admin/api/meta.py 100.00% <100.00%> (ø)
authentik/admin/api/metrics.py 100.00% <100.00%> (ø)
authentik/admin/api/system.py 98.38% <100.00%> (ø)
authentik/admin/api/tasks.py 100.00% <100.00%> (ø)
authentik/admin/api/workers.py 100.00% <100.00%> (ø)
authentik/api/authorization.py 90.00% <100.00%> (ø)
authentik/api/decorators.py 100.00% <100.00%> (ø)
authentik/api/pagination.py 89.47% <100.00%> (+1.23%) ⬆️
authentik/api/tests/test_viewsets.py 100.00% <100.00%> (ø)
authentik/blueprints/api.py 85.93% <100.00%> (-0.22%) ⬇️
... and 38 more

... and 4 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@BeryJu BeryJu force-pushed the core/rbac branch 2 times, most recently from b552fa0 to 0cedff5 Compare September 20, 2023 14:52
@netlify
Copy link

netlify bot commented Sep 20, 2023
edited

Deploy Preview for authentik ready!

Name Link
🔨 Latest commit 3d7ab5f
🔍 Latest deploy log https://app.netlify.com/sites/authentik/deploys/65296ca2d90cc00008a3f72e
😎 Deploy Preview https://deploy-preview-6806--authentik.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 92 (🔴 down 4 from production)
Accessibility: 90 (no change from production)
Best Practices: 100 (no change from production)
SEO: 80 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

@BeryJu BeryJu force-pushed the core/rbac branch 3 times, most recently from 6a3a35c to 1d78d8c Compare September 20, 2023 15:15
@BeryJu BeryJu force-pushed the core/rbac branch 6 times, most recently from 8999bff to 5e08683 Compare October 9, 2023 17:52
@BeryJu BeryJu force-pushed the core/rbac branch 2 times, most recently from 3ffb7f5 to 47ce8a3 Compare October 10, 2023 12:41
@github-actions
Copy link
Contributor

github-actions bot commented Oct 10, 2023
edited

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-core-rbac-1697468800-b73324d
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-core-rbac-1697468800-b73324d-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-core-rbac-1697468800-b73324d

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-core-rbac-1697468800-b73324d-arm64

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu BeryJu marked this pull request as ready for review October 11, 2023 12:26
@BeryJu BeryJu requested review from a team as code owners October 11, 2023 12:26
@BeryJu BeryJu force-pushed the core/rbac branch 2 times, most recently from 1fb8cfe to 196746c Compare October 11, 2023 12:53
@rissson rissson added the deploy_me Deploy the PR changes on a test environment label Oct 11, 2023
@notion-workspace
Copy link

Object-level RBAC

@BeryJu BeryJu force-pushed the core/rbac branch 3 times, most recently from 9801020 to c643ba7 Compare October 12, 2023 17:34
@BeryJu
rename consent permission
c130cff 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
only make delete bulk form expandable if usedBy is set
a7685b2 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
expand permission tables
c86593e 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add more things
a05fb82 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add user global permission table
64d73c0 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix lint
31bf250 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix tests' url names
2cef011 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add tests for assign perms
ed88cb2 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add unassign tests
7608d4f 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
rebuild permissions
23e18d4 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
prevent assigning/unassigning permissions to internal service accounts
f999608 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
only enable default api browser in debug
d5cef33 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix role object permissions showing duplicate
5307fcd 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix role link on role object permissions table
156ad55 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
fix object permission modal having duplicate close buttons
0ccd0d9 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
return error if user has no global perm and no object perms
9c1da16 
also improve error display on table

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
small optimisation
c434c16 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
optimise even more
30630eb 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
update locale
bcbb1cf 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add system permission for non-object permissions
c4b8914 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
allow access to admin interface based on perm
99155c5 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
clean
3d7ab5f 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
don't exclude base models
b73324d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu merged commit e28babb into main Oct 16, 2023
61 of 63 checks passed
@BeryJu BeryJu deleted the core/rbac branch October 16, 2023 15:31
kensternberg-authentik added a commit that referenced this pull request Oct 16, 2023
@kensternberg-authentik
Merge branch 'main' into web/lab-upgrades
29fc42f 
* main:
  web: the return of pseudolocalization (#7190)
  rbac: revisions (#7188)
  website: bump @babel/traverse from 7.21.4 to 7.23.2 in /website (#7187)
  web: bump API Client version (#7186)
  core: Initial RBAC (#6806)
  lifecycle: re-fix system migrations (#7185)
  outposts: use channel groups instead of saving channel names (#7183)
  sources/ldap: made ldap_sync_single calls from ldap_sync_all asynchronous (#6862)
  website/docs: fix API OAuth token usage (#7159)
  web: bump rollup from 4.1.3 to 4.1.4 in /web (#7181)
  web: bump @formatjs/intl-listformat from 7.4.2 to 7.5.0 in /web (#7182)
  web: bump @rollup/plugin-replace from 5.0.3 to 5.0.4 in /web (#7177)
  web: bump the sentry group in /web with 2 updates (#7175)
  web: bump @rollup/plugin-commonjs from 25.0.5 to 25.0.7 in /web (#7178)
  web: bump yaml from 2.3.2 to 2.3.3 in /web (#7176)
  web: bump rollup from 4.0.2 to 4.1.3 in /web (#7179)
  web: bump the wdio group in /tests/wdio with 3 updates (#7180)
kensternberg-authentik added a commit that referenced this pull request Oct 17, 2023
@kensternberg-authentik
Merge branch 'main' into application-wizard-2-with-api-and-tests
b804252 
* main: (23 commits)
  ci: test with postgres 16
  translate: Updates for file web/xliff/en.xlf in fr (#7189)
  web: bump the esbuild group in /web with 2 updates (#7195)
  web: bump the eslint group in /tests/wdio with 2 updates (#7192)
  core: bump ruff from 0.0.292 to 0.1.0 (#7194)
  web: bump the eslint group in /web with 2 updates (#7193)
  web: the return of pseudolocalization (#7190)
  rbac: revisions (#7188)
  website: bump @babel/traverse from 7.21.4 to 7.23.2 in /website (#7187)
  web: bump API Client version (#7186)
  core: Initial RBAC (#6806)
  lifecycle: re-fix system migrations (#7185)
  outposts: use channel groups instead of saving channel names (#7183)
  sources/ldap: made ldap_sync_single calls from ldap_sync_all asynchronous (#6862)
  website/docs: fix API OAuth token usage (#7159)
  web: bump rollup from 4.1.3 to 4.1.4 in /web (#7181)
  web: bump @formatjs/intl-listformat from 7.4.2 to 7.5.0 in /web (#7182)
  web: bump @rollup/plugin-replace from 5.0.3 to 5.0.4 in /web (#7177)
  web: bump the sentry group in /web with 2 updates (#7175)
  web: bump @rollup/plugin-commonjs from 25.0.5 to 25.0.7 in /web (#7178)
  ...
This was referenced Mar 28, 2024
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
deploy_me Deploy the PR changes on a test environment
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@BeryJu @rissson