Migration fails permanently if container is killed during initial bootstrap

[TJonesy]

Describe the bug
The migration at lifecycle/system_migrations/tenant_to_brand.py fails to run and permanently crashes the authentik container(s) if the container is killed before the initial schema setup is finished but after it has been partially created.

To Reproduce
Launch new authentik instance and kill the container after one or more migrations run and before the tenant_to_brand.py migration is run.
All restarts of the container will fail and not recover.

Expected behavior
The migrations to properly handle prior partial schema completion.

Logs
Will add logs when/if I get a chance to rerun without my hack fix in place.

Version and Deployment (please complete the following information):

• authentik version: 2025.2.4
• Deployment: helm

Additional context
https://github.com/goauthentik/authentik/blob/19bb2de13fbbecfe50121b26b9bde482d29351ef/lifecycle/system_migrations/tenant_to_brand.py#L6C1-L6C71
Suggest change (tested by overwriting migration via configmap mount.)

ALTER TABLE authentik_tenants_tenant RENAME TO authentik_brands_brand;
Update to
ALTER TABLE IF EXISTS authentik_tenants_tenant RENAME TO authentik_brands_brand;

With this change the migration passes and everything else seems to work correctly.

[rissson]

Yep, the first startup needs to perform smoothly. It's not unexpected that this would fail. At this point, since there isn't any data in there, just delete the database and start over.

[TJonesy]

With the one minor modification I suggested, even if startup fails, it works the second time consistently. It is really bad practice to make database migrations that don't properly handle a simple application restart. Obviously I can't tell you how to manage your software but it seems like a pretty simple fix to get more in line with best practices. It might be better to fix the needs_migration but either would work.

It is quite frustrating when I want to test out bootstrapping my blueprints on a new instance and I have to intermittently delete my database and restart just because a timing issue causes kubernetes to kill my pod during the database bootstrap.

[rissson]

oh yeah I didn't see that. Would you be open to contributing the change?

[TJonesy]

You are more than welcome to use that one line change. If you need me to make a PR I'd need to go look through your contribution process and I'm not sure when I'll be able to get around to that.

[rissson]

I took the liberty of adding you as a code owner, thank you for the contribution!