Skip to content

enterprise: allow deletion/modification of users when in read-only mode#12289

Merged
BeryJu merged 3 commits intomainfrom
enterprise/allow-user-modification-in-ro
Dec 10, 2024
Merged

enterprise: allow deletion/modification of users when in read-only mode#12289
BeryJu merged 3 commits intomainfrom
enterprise/allow-user-modification-in-ro

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Dec 6, 2024

Details

REPLACE ME

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@BeryJu
enterprise: allow deletion/modification of users when in read-only mode
aa3f03c 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu requested review from a team as code owners December 6, 2024 20:24
@netlify
Copy link

netlify bot commented Dec 6, 2024
edited
Loading

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 19ca872
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/67577d50b5a128000868024f
😎 Deploy Preview https://deploy-preview-12289--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify
Copy link

netlify bot commented Dec 6, 2024
edited
Loading

Deploy Preview for authentik-storybook ready!

Name Link
🔨 Latest commit 19ca872
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/67577d503166df0008db3c2c
😎 Deploy Preview https://deploy-preview-12289--authentik-storybook.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@codecov
Copy link

codecov bot commented Dec 6, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.67%. Comparing base (eef1237) to head (19ca872).
Report is 9 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #12289      +/-   ##
==========================================
- Coverage   92.69%   92.67%   -0.02%     
==========================================
  Files         762      762              
  Lines       38152    38174      +22     
==========================================
+ Hits        35365    35379      +14     
- Misses       2787     2795       +8
Flag Coverage Δ
e2e 49.07% <11.11%> (-0.04%) ⬇️
integration 24.75% <0.00%> (-0.02%) ⬇️
unit 90.21% <100.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 6, 2024
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-19ca872d3684e5f5167fe8b380d415c129057039
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-19ca872d3684e5f5167fe8b380d415c129057039-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-19ca872d3684e5f5167fe8b380d415c129057039

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-19ca872d3684e5f5167fe8b380d415c129057039-arm64

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu
actually 10.5+
29b73df 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
tanberry
tanberry reviewed Dec 9, 2024
View reviewed changes
website/docs/enterprise/manage-enterprise.md
- After another 2 weeks, users get a warning banner

- After another 2 weeks, the authentik Enterprise instance becomes “read-only”
- After another 2 weeks, the authentik Enterprise instance becomes "read-only"
Copy link
Contributor

@tanberry tanberry Dec 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- After another 2 weeks, the authentik Enterprise instance becomes "read-only"
- After another 2 weeks (six weeks after the initial violation), the authentik Enterprise instance becomes "read-only".

tanberry
tanberry reviewed Dec 9, 2024
View reviewed changes
tanberry
tanberry reviewed Dec 9, 2024
View reviewed changes
website/docs/enterprise/manage-enterprise.md Outdated
- Licenses can be modified
- Users can be modified/deleted <span class="badge badge--version">authentik 2024.10.5+</span>

Once the user count returns to be within the limits of the license, authentik will return to the standard read-write mode and the notification will disappear.
Copy link
Contributor

@tanberry tanberry Dec 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh. I thought the problem was that the license had expired, not the number of users...? This is a bit confusing... Do we mean both, that either the license has expired AND/OR the number of users has exceeded the licensed amount?

tanberry
tanberry approved these changes Dec 9, 2024
View reviewed changes
Copy link
Contributor

@tanberry tanberry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need some clarification about user count/versus expiry date, but approving so as not to be the bottleneck.

tanberry
tanberry reviewed Dec 9, 2024
View reviewed changes
@BeryJu @tanberry
Apply suggestions from code review
19ca872 
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>
@BeryJu
Copy link
Member Author

BeryJu commented Dec 10, 2024

/cherry-pick version-2024.10

@BeryJu BeryJu merged commit 81ae02e into main Dec 10, 2024
@BeryJu BeryJu deleted the enterprise/allow-user-modification-in-ro branch December 10, 2024 12:07
@gcp-cherry-pick-bot
Copy link
Contributor

gcp-cherry-pick-bot bot commented Dec 10, 2024

Cherry-pick failed with Merge error 81ae02e6238956c76095dc978a295e671da3c580 into temp-cherry-pick-626aa9-version-2024.10

BeryJu added a commit that referenced this pull request Dec 10, 2024
@BeryJu @tanberry
enterprise: allow deletion/modification of users when in read-only mo…
948f80d 
…de (#12289)

* enterprise: allow deletion/modification of users when in read-only mode

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* actually 10.5+

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Apply suggestions from code review

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens L. <jens@beryju.org>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Signed-off-by: Jens L. <jens@beryju.org>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
#	website/docs/enterprise/manage-enterprise.md
kensternberg-authentik added a commit that referenced this pull request Dec 10, 2024
@kensternberg-authentik
Merge branch 'main' into web/policy-wizard-3
9e0579a 
* main: (93 commits)
  flows: better test stage's challenge responses (#12316)
  enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (#12311)
  stages/identification: fix invalid challenge warning when no captcha stage is set (#12312)
  website/docs: prepare 2024.10.5 release notes (#12309)
  website: bump nanoid from 3.3.7 to 3.3.8 in /website (#12307)
  flows: silent authz flow (#12213)
  root:  use healthcheck in depends_on for postgres and redis (#12301)
  ci: ensure mark jobs always run and reflect correct status (#12288)
  enterprise: allow deletion/modification of users when in read-only mode (#12289)
  web/flows: resize captcha iframes (#12260)
  website/docs: add page about the Cobalt pentest (#12249)
  core: bump aws-cdk-lib from 2.171.1 to 2.172.0 (#12296)
  website: bump aws-cdk from 2.171.1 to 2.172.0 in /website (#12295)
  core: bump sentry-sdk from 2.19.1 to 2.19.2 (#12297)
  core: bump coverage from 7.6.8 to 7.6.9 (#12299)
  core, web: update translations (#12290)
  root: fix override locale only if it is not empty (#12283)
  translate: Updates for file web/xliff/en.xlf in fr (#12276)
  core: bump twilio from 9.3.7 to 9.3.8 (#12282)
  website: bump path-to-regexp and express in /website (#12279)
  ...

Integration of the change from jwksSources -> (jwtFederatedSources, jwtFederatedProviders) by
hand, and necessitated an update of Wdio to 9.4.

All tests passing (thank Gnu).
kensternberg-authentik added a commit that referenced this pull request Jan 8, 2025
@kensternberg-authentik
Merge branch 'main' into dev
1dcf910 
* main:
  flows: better test stage's challenge responses (#12316)
  enterprise/stages/authenticator_endpoint_gdtc: don't set frame options globally (#12311)
  stages/identification: fix invalid challenge warning when no captcha stage is set (#12312)
  website/docs: prepare 2024.10.5 release notes (#12309)
  website: bump nanoid from 3.3.7 to 3.3.8 in /website (#12307)
  flows: silent authz flow (#12213)
  root:  use healthcheck in depends_on for postgres and redis (#12301)
  ci: ensure mark jobs always run and reflect correct status (#12288)
  enterprise: allow deletion/modification of users when in read-only mode (#12289)
  web/flows: resize captcha iframes (#12260)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tanberry tanberry tanberry approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BeryJu @tanberry