coop-cloud/authentik
coop-cloud
/
authentik
1
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity
authentik/abra.sh

225 lines
6.0 KiB
Bash
Raw Permalink Blame History

export CUSTOM_CSS_VERSION=v2
export FLOW_AUTHENTICATION_VERSION=v3
export FLOW_INVITATION_VERSION=v2
export FLOW_INVALIDATION_VERSION=v2
export FLOW_RECOVERY_VERSION=v1
export FLOW_TRANSLATION_VERSION=v3
export SYSTEM_TENANT_VERSION=v3
export NEXTCLOUD_CONFIG_VERSION=v1
export WORDPRESS_CONFIG_VERSION=v2
export MATRIX_CONFIG_VERSION=v1
export WEKAN_CONFIG_VERSION=v3
export VIKUNJA_CONFIG_VERSION=v1
export OUTLINE_CONFIG_VERSION=v1
export RALLLY_CONFIG_VERSION=v1
export HEDGEDOC_CONFIG_VERSION=v1
export MONITORING_CONFIG_VERSION=v1
export DB_ENTRYPOINT_VERSION=v1
customize() {
if [ -z "$1" ]
then
echo "Usage: ... customize <assets_path>"
exit 1
fi
asset_dir=$1
for asset in $COPY_ASSETS; do
source=$(echo $asset | cut -d "|" -f1)
target=$(echo $asset | cut -d "|" -f2)
echo copy $source to $target
abra app cp $APP_NAME $asset_dir/$source $target
done
}
import_user() {
if [ -z "$1" ]
then
echo "Usage: ... import_user <users.csv>"
exit 1
fi
source_file=$1
filename=$(basename $source_file)
abra app cp $APP_NAME $source_file worker:/tmp/
abra app cmd -T $APP_NAME worker _import_user $filename
}
_import_user() {
/manage.py shell -c """
import csv
new_user = User()
with open('/tmp/$1', newline='') as file:
reader = csv.reader(file)
for row in reader:
name = row[0].strip()
username = row[1].strip()
email = row[2].strip()
groups = row[3].split(';')
if User.objects.filter(username=username):
continue
new_user = User.objects.create(name=name, username=username, email=email)
for group_name in groups:
group_name = group_name.strip()
if Group.objects.filter(name=group_name):
group = Group.objects.get(name=group_name)
else:
group = Group.objects.create(name=group_name)
group.users.add(new_user)
""" 2>&1 | quieten
}
set_admin_pass() {
password=$(cat /run/secrets/admin_pass)
token=$(cat /run/secrets/admin_token)
/manage.py shell -c """
akadmin = User.objects.get(username='akadmin')
akadmin.set_password('$password')
akadmin.save()
print('Changed akadmin password')
from authentik.core.models import TokenIntents
key='$token'
if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()):
token.key=key
token.save()
print('Changed authentik-bootstrap-token')
else:
Token.objects.create(
identifier='authentik-bootstrap-token',
user=akadmin,
intent=TokenIntents.INTENT_API,
expiring=False,
key=key,
)
print('Created authentik-bootstrap-token')
""" 2>&1 | quieten
}
rotate_db_pass() {
db_password=$(cat /run/secrets/db_password)
psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';"""
}
# This function is for blueprints that are overwriting custom blueprints
# It deactivates the affected custom blueprints to avoid changes to be reverted
apply_blueprints() {
update_and_disable_blueprint default/flow-password-change.yaml
update_and_disable_blueprint default/flow-default-authentication-flow.yaml
update_and_disable_blueprint default/flow-default-user-settings-flow.yaml
update_and_disable_blueprint default/flow-default-source-enrollment.yaml
apply_blueprint 3_flow_translation.yaml
apply_blueprint 2_flow_authentication.yaml
}
update_and_disable_blueprint() {
enable_blueprint $@ 2>&1 | quieten
sleep 1
apply_blueprint $@
sleep 1
disable_blueprint $@ 2>&1 | quieten
}
disable_blueprint() {
blueprint_state False $@
}
enable_blueprint() {
blueprint_state True $@
}
apply_blueprint() {
echo apply blueprint $@
ak apply_blueprint $@ 2>&1 | quieten
}
blueprint_state() {
/manage.py shell -c """
import time
blueprint_state=$1
blueprint_path='$2'
blueprint = BlueprintInstance.objects.filter(path=blueprint_path).first()
blueprint.enabled = blueprint_state
# Hacky workaround to reduce chance of a race condition
blueprint.save()
time.sleep(1)
blueprint.save()
time.sleep(1)
blueprint.save()
print(f'{blueprint.name} enabled: {blueprint.enabled}')
""" 2>&1 | quieten
}
add_applications(){
/manage.py shell -c """
import json
if '$APPLICATIONS' == '':
exit()
applications = json.loads('$APPLICATIONS')
for name, url in applications.items():
print(f'Add {name}: {url}')
app = Application.objects.filter(name=name).first()
if not app:
app = Application()
app.name = name
app.slug = name.replace(' ', '-')
app.meta_launch_url = url
app.open_in_new_tab = True
app.save()
""" 2>&1 | quieten
}
quieten(){
grep -v -e '{"event"' -e '{"action"'
}
add_email_templates(){
for file_path in "$@"; do
echo copy template $file_path
abra app cp $APP_NAME $file_path app:/templates/
done
}
set_icons(){
for icon in $APP_ICONS; do
app=$(echo $icon | cut -d ":" -f1)
file_path=$(eval echo $(echo $icon | cut -d ":" -f2))
file=$(basename $file_path)
echo copy icon $file_path for $app
abra app cp $APP_NAME $file_path app:/media/
abra app cmd -T $APP_NAME app set_app_icon $app /media/$file
done
}
set_app_icon() {
TOKEN=$(cat /run/secrets/admin_token)
python -c """
import requests
import os
my_token = '$TOKEN'
application = '$1'
icon_path = '$2'
url = f'https://$DOMAIN/api/v3/core/applications/{application}/set_icon/'
headers = {'Authorization':f'Bearer {my_token}'}
with open(icon_path, 'rb') as img:
name_img = os.path.basename(icon_path)
files= {'file': (name_img,img,'image/png') }
with requests.Session() as s:
r = s.post(url,files=files,headers=headers)
print(r.status_code)
"""
}
blueprint_cleanup() {
/manage.py shell -c """
delete_flows = ['default-recovery-flow' , 'custom-authentication-flow' , 'invitation-enrollment-flow' , 'initial-setup']
Flow.objects.filter(slug__in=delete_flows).delete()
Stage.objects.filter(flow=None).delete()
Prompt.objects.filter(promptstage=None).delete()
Tenant.objects.filter(default=True).delete()
""" 2>&1 | quieten
apply_blueprints
}
Reference in New Issue View Git Blame Copy Permalink