Skip to content

root: make redis settings more consistent and allow TLS CA#9335

Merged
BeryJu merged 8 commits intomainfrom
root/redis-settings
Apr 18, 2024
Merged

root: make redis settings more consistent and allow TLS CA#9335
BeryJu merged 8 commits intomainfrom
root/redis-settings

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Apr 18, 2024

Details

closes #9121

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@BeryJu
make redis settings more consistent
da3d397 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu requested a review from a team as a code owner April 18, 2024 12:20
@netlify
Copy link

netlify bot commented Apr 18, 2024
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit 07633be
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/662120b8b81cca00089d2606

@netlify
Copy link

netlify bot commented Apr 18, 2024
edited
Loading

Deploy Preview for authentik-docs ready!

Name Link
🔨 Latest commit 07633be
🔍 Latest deploy log https://app.netlify.com/sites/authentik-docs/deploys/662120b8b46ebe00081f3a39
😎 Deploy Preview https://deploy-preview-9335--authentik-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

BeryJu added 2 commits April 18, 2024 14:27
@BeryJu
add support to go
c2c5c1d 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
rewrite url
9b139fa 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 18, 2024
View reviewed changes
internal/outpost/proxyv2/application/session.go
switch strings.ToLower(config.Get().Redis.TLSReqs) {
case "none":
case "false":
tls.InsecureSkipVerify = true

Check failure

Code scanning / CodeQL

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.
Copy link
Member Author

@BeryJu BeryJu Apr 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is intended as that is what the tls_reqs=none stands for

@codecov
Copy link

codecov bot commented Apr 18, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 66.66667% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 92.40%. Comparing base (9f5d708) to head (07633be).

Files Patch % Lines
authentik/lib/config.py 63.63% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9335      +/-   ##
==========================================
+ Coverage   92.39%   92.40%   +0.01%     
==========================================
  Files         667      667              
  Lines       32629    32632       +3     
==========================================
+ Hits        30147    30154       +7     
+ Misses       2482     2478       -4
Flag Coverage Δ
e2e 50.71% <66.66%> (+0.02%) ⬆️
integration 26.03% <66.66%> (+<0.01%) ⬆️
unit 89.68% <66.66%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions
Copy link
Contributor

github-actions bot commented Apr 18, 2024
edited
Loading

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-07633becb0503921269971e11e4a7e4a8d9a8ce1
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ghcr.io/goauthentik/dev-server:gh-07633becb0503921269971e11e4a7e4a8d9a8ce1-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-ghcr.io/goauthentik/dev-server:gh-07633becb0503921269971e11e4a7e4a8d9a8ce1

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-ghcr.io/goauthentik/dev-server:gh-07633becb0503921269971e11e4a7e4a8d9a8ce1-arm64

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu
fix redis connect in wait_for_db
c1aa5b8 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
rissson
rissson approved these changes Apr 18, 2024
View reviewed changes
Copy link
Member

@rissson rissson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving for now as it works, but waiting for refactoring to test once again, plus documentation.

BeryJu added 2 commits April 18, 2024 15:24
@BeryJu
censor password when logging error
77a0f02 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
update docs
9556cd8 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu requested a review from a team as a code owner April 18, 2024 13:26
BeryJu added 2 commits April 18, 2024 15:31
@BeryJu
reword docs
8ca7e26 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu
add redis url generation helper
07633be 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu merged commit a742331 into main Apr 18, 2024
@BeryJu BeryJu deleted the root/redis-settings branch April 18, 2024 14:49
@BeryJu BeryJu changed the title root: make redis settings more consistent root: make redis settings more consistent and allow TLS CA Apr 18, 2024
kensternberg-authentik added a commit that referenced this pull request Apr 18, 2024
@kensternberg-authentik
Merge remote-tracking branch 'refs/remotes/origin/web/bug/locale-prio…
3a46195 
…rities' into web/bug/locale-priorities

* refs/remotes/origin/web/bug/locale-priorities:
  web: fix locale prioritization scheme
  core: bump aiohttp from 3.9.2 to 3.9.4 (#9339)
  stages/prompt: fix username field throwing error with existing user (#9342)
  root: expose session storage configuration (#9337)
  website/integrations: fix typo (#9340)
  root: fix go.mod for codeql checking (#9338)
  root: make redis settings more consistent (#9335)
  web/admin: fix error in admin interface due to un-hydrated context (#9336)
  web: bump API Client version (#9334)
  stages/authenticator_webauthn: fix attestation value (#9333)
  website/docs: fix SECRET_KEY length (#9328)
  website/docs: fix email template formatting (#9330)
  core, web: update translations (#9323)
  web: bump @patternfly/elements from 3.0.0 to 3.0.1 in /web (#9324)
  core: bump celery from 5.3.6 to 5.4.0 (#9325)
  core: bump goauthentik.io/api/v3 from 3.2024022.12 to 3.2024023.1 (#9327)
  sources/scim: service account should be internal (#9321)
  web: bump the storybook group in /web with 8 updates (#9266)
  sources/scim: cleanup service account when source is deleted (#9319)
kensternberg-authentik added a commit that referenced this pull request Apr 19, 2024
@kensternberg-authentik
Merge branch 'main' into dev
98503f6 
* main:
  stages/prompt: fix username field throwing error with existing user (#9342)
  root: expose session storage configuration (#9337)
  website/integrations: fix typo (#9340)
  root: fix go.mod for codeql checking (#9338)
  root: make redis settings more consistent (#9335)
  web/admin: fix error in admin interface due to un-hydrated context (#9336)
  web: bump API Client version (#9334)
  stages/authenticator_webauthn: fix attestation value (#9333)
  website/docs: fix SECRET_KEY length (#9328)
  website/docs: fix email template formatting (#9330)
  core, web: update translations (#9323)
  web: bump @patternfly/elements from 3.0.0 to 3.0.1 in /web (#9324)
  core: bump celery from 5.3.6 to 5.4.0 (#9325)
  core: bump goauthentik.io/api/v3 from 3.2024022.12 to 3.2024023.1 (#9327)
  sources/scim: service account should be internal (#9321)
  web: bump the storybook group in /web with 8 updates (#9266)
  sources/scim: cleanup service account when source is deleted (#9319)
@BeryJu BeryJu mentioned this pull request Apr 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rissson rissson rissson approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add the ability to provide custom CA certs to the redis client

2 participants

@BeryJu @rissson