From 46c27242a2d9c1eabadc49fb05955af6e24c899c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Thu, 24 Oct 2024 01:05:01 +0200 Subject: [PATCH] add full outpost support Signed-off-by: Jens Langhammer --- authentik/outposts/tasks.py | 7 +++++++ authentik/providers/scim/controllers/__init__.py | 0 authentik/providers/scim/controllers/docker.py | 12 ++++++++++++ authentik/providers/scim/controllers/kubernetes.py | 14 ++++++++++++++ blueprints/schema.json | 5 +++-- schema.yml | 10 +++++++--- web/src/admin/outposts/OutpostForm.ts | 6 ++++++ 7 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 authentik/providers/scim/controllers/__init__.py create mode 100644 authentik/providers/scim/controllers/docker.py create mode 100644 authentik/providers/scim/controllers/kubernetes.py diff --git a/authentik/outposts/tasks.py b/authentik/outposts/tasks.py index 7a80ce9be439..794cca53713b 100644 --- a/authentik/outposts/tasks.py +++ b/authentik/outposts/tasks.py @@ -43,6 +43,8 @@ from authentik.providers.proxy.controllers.kubernetes import ProxyKubernetesController from authentik.providers.radius.controllers.docker import RadiusDockerController from authentik.providers.radius.controllers.kubernetes import RadiusKubernetesController +from authentik.providers.scim.controllers.docker import SCIMDockerController +from authentik.providers.scim.controllers.kubernetes import SCIMKubernetesController from authentik.root.celery import CELERY_APP LOGGER = get_logger() @@ -74,6 +76,11 @@ def controller_for_outpost(outpost: Outpost) -> type[BaseController] | None: return RACDockerController if isinstance(service_connection, KubernetesServiceConnection): return RACKubernetesController + if outpost.type == OutpostType.SCIM: + if isinstance(service_connection, DockerServiceConnection): + return SCIMDockerController + if isinstance(service_connection, KubernetesServiceConnection): + return SCIMKubernetesController return None diff --git a/authentik/providers/scim/controllers/__init__.py b/authentik/providers/scim/controllers/__init__.py new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/authentik/providers/scim/controllers/docker.py b/authentik/providers/scim/controllers/docker.py new file mode 100644 index 000000000000..ac8af400f96f --- /dev/null +++ b/authentik/providers/scim/controllers/docker.py @@ -0,0 +1,12 @@ +"""SCIM Provider Docker Controller""" + +from authentik.outposts.controllers.docker import DockerController +from authentik.outposts.models import DockerServiceConnection, Outpost + + +class SCIMDockerController(DockerController): + """SCIM Provider Docker Controller""" + + def __init__(self, outpost: Outpost, connection: DockerServiceConnection): + super().__init__(outpost, connection) + self.deployment_ports = [] diff --git a/authentik/providers/scim/controllers/kubernetes.py b/authentik/providers/scim/controllers/kubernetes.py new file mode 100644 index 000000000000..998f3222020e --- /dev/null +++ b/authentik/providers/scim/controllers/kubernetes.py @@ -0,0 +1,14 @@ +"""SCIM Provider Kubernetes Controller""" + +from authentik.outposts.controllers.k8s.service import ServiceReconciler +from authentik.outposts.controllers.kubernetes import KubernetesController +from authentik.outposts.models import KubernetesServiceConnection, Outpost + + +class SCIMKubernetesController(KubernetesController): + """SCIM Provider Kubernetes Controller""" + + def __init__(self, outpost: Outpost, connection: KubernetesServiceConnection): + super().__init__(outpost, connection) + self.deployment_ports = [] + del self.reconcilers[ServiceReconciler.reconciler_name()] diff --git a/blueprints/schema.json b/blueprints/schema.json index 9b3b91eb7419..7dc89930b21d 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -4264,7 +4264,8 @@ "proxy", "ldap", "radius", - "rac" + "rac", + "scim" ], "title": "Type" }, @@ -6974,7 +6975,7 @@ "spnego_server_name": { "type": "string", "title": "Spnego server name", - "description": "Force the use of a specific server name for SPNEGO" + "description": "Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname" }, "spnego_keytab": { "type": "string", diff --git a/schema.yml b/schema.yml index d4f3eb78ac7b..04af924923b9 100644 --- a/schema.yml +++ b/schema.yml @@ -42943,7 +42943,8 @@ components: readOnly: true spnego_server_name: type: string - description: Force the use of a specific server name for SPNEGO + description: Force the use of a specific server name for SPNEGO. Must be + in the form HTTP@hostname spnego_ccache: type: string description: Credential cache to use for SPNEGO in form type:residual @@ -43112,7 +43113,8 @@ components: be in the form TYPE:residual spnego_server_name: type: string - description: Force the use of a specific server name for SPNEGO + description: Force the use of a specific server name for SPNEGO. Must be + in the form HTTP@hostname spnego_keytab: type: string writeOnly: true @@ -45445,6 +45447,7 @@ components: - ldap - radius - rac + - scim type: string PaginatedApplicationList: type: object @@ -48410,7 +48413,8 @@ components: be in the form TYPE:residual spnego_server_name: type: string - description: Force the use of a specific server name for SPNEGO + description: Force the use of a specific server name for SPNEGO. Must be + in the form HTTP@hostname spnego_keytab: type: string writeOnly: true diff --git a/web/src/admin/outposts/OutpostForm.ts b/web/src/admin/outposts/OutpostForm.ts index 3c276caaf7ae..f5f2e5a06608 100644 --- a/web/src/admin/outposts/OutpostForm.ts +++ b/web/src/admin/outposts/OutpostForm.ts @@ -73,6 +73,9 @@ const radiusListFetch = async (page: number, search = "") => const racListProvider = async (page: number, search = "") => provisionMaker(await api().providersRacList(providerListArgs(page, search))); +const scimListProvider = async (page: number, search = "") => + provisionMaker(await api().providersScimList(providerListArgs(page, search))); + function providerProvider(type: OutpostTypeEnum): DataProvider { switch (type) { case OutpostTypeEnum.Proxy: @@ -83,6 +86,8 @@ function providerProvider(type: OutpostTypeEnum): DataProvider { return radiusListFetch; case OutpostTypeEnum.Rac: return racListProvider; + case OutpostTypeEnum.Scim: + return scimListProvider; default: throw new Error(`Unrecognized OutputType: ${type}`); } @@ -142,6 +147,7 @@ export class OutpostForm extends ModelForm { [OutpostTypeEnum.Ldap, msg("LDAP")], [OutpostTypeEnum.Radius, msg("Radius")], [OutpostTypeEnum.Rac, msg("RAC")], + [OutpostTypeEnum.Scim, msg("SCIM")], ]; return html`