Skip to content

policies: fix PolicyEngineMode ALL with static binding optimization#20430

Merged
BeryJu merged 1 commit intomainfrom
policies/fix-engine-mode-all-static-optimization
Feb 24, 2026
Merged

policies: fix PolicyEngineMode ALL with static binding optimization#20430
BeryJu merged 1 commit intomainfrom
policies/fix-engine-mode-all-static-optimization

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Feb 20, 2026

closes #17484
ref #17692

@BeryJu
policies: fix PolicyEngineMode ALL with static binding optimization
25e122d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu requested a review from a team as a code owner February 20, 2026 00:23
@BeryJu BeryJu added area:backend backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12 backport/version-2026.2 Add this label to PRs to backport changes to version-2026.2 labels Feb 20, 2026
@netlify
Copy link

netlify bot commented Feb 20, 2026

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 25e122d
🔍 Latest deploy log https://app.netlify.com/projects/authentik-docs/deploys/6997a97c4962e30008750c3c
😎 Deploy Preview https://deploy-preview-20430--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 20, 2026

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-25e122d935fb639d82f08fdc8b221314b4f2833e
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-25e122d935fb639d82f08fdc8b221314b4f2833e

Afterwards, run the upgrade commands from the latest release notes.

@codecov
Copy link

codecov bot commented Feb 20, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 96.29630% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 93.23%. Comparing base (05ad1f0) to head (25e122d).
⚠️ Report is 41 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
authentik/policies/engine.py 83.33% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #20430      +/-   ##
==========================================
- Coverage   93.29%   93.23%   -0.06%     
==========================================
  Files         981      981              
  Lines       55161    55184      +23     
==========================================
- Hits        51461    51453       -8     
- Misses       3700     3731      +31
Flag Coverage Δ
conformance 37.44% <0.00%> (-0.02%) ⬇️
e2e 43.24% <0.00%> (-0.03%) ⬇️
integration 22.37% <0.00%> (-0.06%) ⬇️
unit 91.49% <96.29%> (+0.44%) ⬆️
unit-migrate 91.52% <96.29%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@BeryJu BeryJu added this to the Release 2026.2.0: Required milestone Feb 24, 2026
@github-project-automation github-project-automation bot moved this from Todo to In Progress in authentik Core Feb 24, 2026
@BeryJu BeryJu merged commit edf5ec9 into main Feb 24, 2026
106 checks passed
@github-project-automation github-project-automation bot moved this from In Progress to Done in authentik Core Feb 24, 2026
@BeryJu BeryJu deleted the policies/fix-engine-mode-all-static-optimization branch February 24, 2026 14:47
authentik-automation bot pushed a commit that referenced this pull request Feb 24, 2026
@BeryJu @authentik-automation
policies: fix PolicyEngineMode ALL with static binding optimization (#…
c4bbcb9 
…20430)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@authentik-automation authentik-automation bot mentioned this pull request Feb 24, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Feb 24, 2026

🍒 Cherry-pick to version-2025.12 created: #20523

authentik-automation bot pushed a commit that referenced this pull request Feb 24, 2026
@BeryJu @authentik-automation
policies: fix PolicyEngineMode ALL with static binding optimization (#…
a41be07 
…20430)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@authentik-automation authentik-automation bot mentioned this pull request Feb 24, 2026
Merged
@authentik-automation
Copy link
Contributor

authentik-automation bot commented Feb 24, 2026

🍒 Cherry-pick to version-2026.2 created: #20524

BeryJu added a commit that referenced this pull request Feb 24, 2026
@authentik-automation @BeryJu
policies: fix PolicyEngineMode ALL with static binding optimization (…
ad5d2bb 
…cherry-pick #20430 to version-2026.2) (#20524)

policies: fix PolicyEngineMode ALL with static binding optimization (#20430)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
BeryJu added a commit that referenced this pull request Feb 24, 2026
@authentik-automation @BeryJu
policies: fix PolicyEngineMode ALL with static binding optimization (…
25a7cdf 
…cherry-pick #20430 to version-2025.12) (#20523)

* policies: fix PolicyEngineMode ALL with static binding optimization (#20430)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
kensternberg-authentik added a commit that referenced this pull request Feb 25, 2026
@kensternberg-authentik
Merge branch 'main' into web/flow/soc-captchas-and-webauthn
950c3e0 
* main:
  web/flow: Tidy identification stage (#20261)
  website/docs: fix upgrade link in release notes (#20540)
  website/docs: fix upgrade link in `2026.2` release notes (#20539)
  website/docs: update supported versions (#20534)
  website/docs: create draft release notes for `2026.5` (#20529)
  Fix redirect URI in Seafile integration documentation (#20532)
  website/docs: autogenerate release notes (#20527)
  providers/oauth2: add jti claim (#20484)
  providers/oauth2: deactivate locale after testing (#20518)
  policies: fix PolicyEngineMode ALL with static binding optimization (#20430)
  website/docs: fix linux setup docs (#20508)
  web: fix Edit Policy button on Flow view page (#20511)
  endpoints: fix infinite recursion in stage with unsupported connector (#20485)
  enterprise: add `ES384` to enterprise license algorithms (#20507)
  web/flow: fix typo in RedirectStage (#20488)
  website/docs: fix GitHub social-login wording and capitalization (#20489)
  web: bump knip from 5.84.1 to 5.85.0 in /web (#20464)
  website/integrations: standardize resource sections and update template (#20423)
  core, web: bump ajv from 6.12.6 to 6.14.0 in /packages/eslint-config (#20478)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gergosimonyi gergosimonyi gergosimonyi approved these changes

Assignees

No one assigned

Labels

area:backend backport/version-2025.12 Add this label to PRs to backport changes to version-2025.12 backport/version-2026.2 Add this label to PRs to backport changes to version-2026.2

Projects

authentik Core
Status: Done

Milestone

Release 2026.2.0: Required

Development

Successfully merging this pull request may close these issues.

Application policies mode all broken when using group and user filter

2 participants

@BeryJu @gergosimonyi