Skip to content

providers/proxy: kubernetes outpost: fix reconcile when only annotations changed#13372

Merged
rissson merged 2 commits intomainfrom
proxy-outpost-fix-ingress-annotations-update
Mar 4, 2025
Merged

providers/proxy: kubernetes outpost: fix reconcile when only annotations changed#13372
rissson merged 2 commits intomainfrom
proxy-outpost-fix-ingress-annotations-update

Conversation

@rissson
Copy link
Member

@rissson rissson commented Mar 3, 2025

Details

REPLACE ME

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@rissson
providers/proxy: kubernetes outpost: fix reconcile when only annotati…
49a96dc 
…ons changed

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@rissson rissson self-assigned this Mar 3, 2025
@rissson rissson requested a review from a team as a code owner March 3, 2025 15:49
@netlify
Copy link

netlify bot commented Mar 3, 2025
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 88ef65c
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/67c5d0a2eb33640008421366

@netlify
Copy link

netlify bot commented Mar 3, 2025
edited
Loading

Deploy Preview for authentik-docs canceled.

Name Link
🔨 Latest commit 88ef65c
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/67c5d0a2db7245000857334d

@rissson
Copy link
Member Author

rissson commented Mar 3, 2025

/cherry-pick version-2025.2

@rissson
fixup
88ef65c 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@codecov
Copy link

codecov bot commented Mar 3, 2025
edited
Loading

❌ 1 Tests Failed:

Tests completed Failed Passed Skipped
1719 1 1718 2
View the full list of 1 ❄️ flaky tests 
authentik.stages.authenticator_email.tests.TestAuthenticatorEmailStage::test_session_management

Flake rate in main: 10.49% (Passed 290 times, Failed 34 times)

Stack Traces | 0.935s run time 
self = <unittest.case._Outcome object at 0x7fb7feef9d60>
test_case = <authentik.stages.authenticator_email.tests.TestAuthenticatorEmailStage testMethod=test_session_management>
subTest = False

    @contextlib.contextmanager
    def testPartExecutor(self, test_case, subTest=False):
        old_success = self.success
        self.success = True
        try:
>           yield

.../hostedtoolcache/Python/3.12.9.............../x64/lib/python3.12/unittest/case.py:58: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.authenticator_email.tests.TestAuthenticatorEmailStage testMethod=test_session_management>
result = <TestCaseFunction test_session_management>

    def run(self, result=None):
        if result is None:
            result = self.defaultTestResult()
            startTestRun = getattr(result, 'startTestRun', None)
            stopTestRun = getattr(result, 'stopTestRun', None)
            if startTestRun is not None:
                startTestRun()
        else:
            stopTestRun = None
    
        result.startTest(self)
        try:
            testMethod = getattr(self, self._testMethodName)
            if (getattr(self.__class__, "__unittest_skip__", False) or
                getattr(testMethod, "__unittest_skip__", False)):
                # If the class or method was skipped.
                skip_why = (getattr(self.__class__, '__unittest_skip_why__', '')
                            or getattr(testMethod, '__unittest_skip_why__', ''))
                _addSkip(result, self, skip_why)
                return result
    
            expecting_failure = (
                getattr(self, "__unittest_expecting_failure__", False) or
                getattr(testMethod, "__unittest_expecting_failure__", False)
            )
            outcome = _Outcome(result)
            start_time = time.perf_counter()
            try:
                self._outcome = outcome
    
                with outcome.testPartExecutor(self):
                    self._callSetUp()
                if outcome.success:
                    outcome.expecting_failure = expecting_failure
                    with outcome.testPartExecutor(self):
>                       self._callTestMethod(testMethod)

.../hostedtoolcache/Python/3.12.9.............../x64/lib/python3.12/unittest/case.py:634: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.authenticator_email.tests.TestAuthenticatorEmailStage testMethod=test_session_management>
method = <bound method TestAuthenticatorEmailStage.test_session_management of <authentik.stages.authenticator_email.tests.TestAuthenticatorEmailStage testMethod=test_session_management>>

    def _callTestMethod(self, method):
>       if method() is not None:

.../hostedtoolcache/Python/3.12.9.............../x64/lib/python3.12/unittest/case.py:589: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.authenticator_email.tests.TestAuthenticatorEmailStage testMethod=test_session_management>

    def test_session_management(self):
        """Test session device management"""
        # Test device creation in session
        with patch(
            "authentik.stages.authenticator_email.models.AuthenticatorEmailStage.backend_class",
            PropertyMock(return_value=EmailBackend),
        ):
            # Delete any existing devices for this test
            EmailDevice.objects.filter(user=self.user).delete()
    
            response = self.client.get(
                reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
            )
            self.assertIn(SESSION_KEY_EMAIL_DEVICE, self.client.session)
            device = self.client.session[SESSION_KEY_EMAIL_DEVICE]
            self.assertIsInstance(device, EmailDevice)
            self.assertFalse(device.confirmed)
            self.assertEqual(device.user, self.user)
    
            # Test device confirmation and cleanup
            device.confirmed = True
            device.email = "new_test@authentik.local"  # Use a different email
            self.client.session[SESSION_KEY_EMAIL_DEVICE] = device
            self.client.session.save()
            response = self.client.post(
                reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
                data={"component": "ak-stage-authenticator-email", "code": device.token},
            )
            self.assertEqual(response.status_code, 200)
            self.assertTrue(device.confirmed)
            # Get a fresh session to check if the key was removed
            session = self.client.session
            session.save()
            session.load()
>           self.assertNotIn(SESSION_KEY_EMAIL_DEVICE, session)

.../stages/authenticator_email/tests.py:307: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.authenticator_email.tests.TestAuthenticatorEmailStage testMethod=test_session_management>
member = '.../stages/authenticator_email/email_device'
container = <django.contrib.sessions.backends.cache.SessionStore object at 0x7fb809b5b2f0>
msg = None

    def assertNotIn(self, member, container, msg=None):
        """Just like self.assertTrue(a not in b), but with a nicer default message."""
        if member in container:
            standardMsg = '%s unexpectedly found in %s' % (safe_repr(member),
                                                        safe_repr(container))
>           self.fail(self._formatMessage(msg, standardMsg))

.../hostedtoolcache/Python/3.12.9.............../x64/lib/python3.12/unittest/case.py:1159: 
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = <authentik.stages.authenticator_email.tests.TestAuthenticatorEmailStage testMethod=test_session_management>
msg = "'.../stages/authenticator_email/email_device' unexpectedly found in <django.contrib.sessions.backends.cache.SessionStore object at 0x7fb809b5b2f0>"

    def fail(self, msg=None):
        """Fail immediately, with the given message."""
>       raise self.failureException(msg)
E       AssertionError: '.../stages/authenticator_email/email_device' unexpectedly found in <django.contrib.sessions.backends.cache.SessionStore object at 0x7fb809b5b2f0>

.../hostedtoolcache/Python/3.12.9.............../x64/lib/python3.12/unittest/case.py:715: AssertionError

To view more test analytics, go to the Test Analytics Dashboard
📋 Got 3 mins? Take this short survey to help us improve Test Analytics.

@rissson rissson merged commit b16c67c into main Mar 4, 2025
89 of 90 checks passed
@rissson rissson deleted the proxy-outpost-fix-ingress-annotations-update branch March 4, 2025 15:40
gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Mar 4, 2025
@rissson
providers/proxy: kubernetes outpost: fix reconcile when only annotati…
942d034 
…ons changed (#13372)

* providers/proxy: kubernetes outpost: fix reconcile when only annotations changed

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* fixup

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Mar 4, 2025
Merged
rissson added a commit that referenced this pull request Mar 4, 2025
@gcp-cherry-pick-bot @rissson
providers/proxy: kubernetes outpost: fix reconcile when only annotati…
cbfa51f 
…ons changed (cherry-pick #13372) (#13384)

providers/proxy: kubernetes outpost: fix reconcile when only annotations changed (#13372)

* providers/proxy: kubernetes outpost: fix reconcile when only annotations changed



* fixup



---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Co-authored-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 4, 2025

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-88ef65c83c17b036a38200a807f77dc857c0ca38
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-88ef65c83c17b036a38200a807f77dc857c0ca38

Afterwards, run the upgrade commands from the latest release notes.

kensternberg-authentik added a commit that referenced this pull request Mar 4, 2025
@kensternberg-authentik
Merge branch 'main' into dev
811e794 
* main: (135 commits)
  providers/proxy: kubernetes outpost: fix reconcile when only annotations changed (#13372)
  website: bump the build group in /website with 3 updates (#13381)
  core, web: update translations (#13378)
  web/admin: prefer using datefns over moment.js (#13143)
  website/docs: fix typo (#13377)
  stages/authenticator_email: remove flaky assertions (#13371)
  translate: Updates for file web/xliff/en.xlf in fr (#13374)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in fr (#13373)
  website: bump typescript from 5.7.3 to 5.8.2 in /website (#13368)
  lifecycle/aws: bump aws-cdk from 2.1001.0 to 2.1002.0 in /lifecycle/aws (#13365)
  website: bump the build group in /website with 11 updates (#13367)
  ci: bump getsentry/action-release from 1 to 3 (#13366)
  website: bump @rspack/binding-darwin-arm64 from 1.1.6 to 1.2.6 in /website (#13354)
  core, web: update translations (#13346)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans (#13348)
  translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN (#13347)
  translate: Updates for file web/xliff/en.xlf in zh-Hans (#13349)
  translate: Updates for file web/xliff/en.xlf in zh_CN (#13350)
  ci: update versions for daily full testing (#13303)
  website: bump prettier from 3.5.2 to 3.5.3 in /website (#13355)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BeryJu BeryJu BeryJu approved these changes

Assignees

@rissson rissson

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rissson @BeryJu