chore: publish 5.0.2+2024.2.2 release

README.md

@@ -169,7 +169,7 @@ The `abra.sh` function `apply_blueprints` needs to be executed to deactivate the
             - `default-source-enrollment-field-username`
 - Custom System Tenant
     - Default - Tenant
-        - APPEND: `authentik_tenants.tenant  domain: authentik-default`
+        - APPEND: `authentik_brands.brand  domain: authentik-default`
     - Recovery with email verification
         - USE:
             - `default-recovery-flow`

abra.sh

@@ -1,10 +1,10 @@
 export CUSTOM_CSS_VERSION=v2
 export FLOW_AUTHENTICATION_VERSION=v3
-export FLOW_INVITATION_VERSION=v1
+export FLOW_INVITATION_VERSION=v2
 export FLOW_INVALIDATION_VERSION=v2
 export FLOW_RECOVERY_VERSION=v1
-export FLOW_TRANSLATION_VERSION=v2
-export SYSTEM_TENANT_VERSION=v2
+export FLOW_TRANSLATION_VERSION=v3
+export SYSTEM_TENANT_VERSION=v3
 export NEXTCLOUD_CONFIG_VERSION=v1
 export WORDPRESS_CONFIG_VERSION=v2
 export MATRIX_CONFIG_VERSION=v1

compose.yml

@@ -32,7 +32,7 @@ x-env: &env
 version: '3.8'
 services:
   app:
-    image: ghcr.io/goauthentik/server:2023.10.7
+    image: ghcr.io/goauthentik/server:2024.2.2
     command: server
     depends_on:
       - db
@@ -76,11 +76,11 @@ services:
         - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.customFrameOptionsValue=SAMEORIGIN"
         - "traefik.http.middlewares.${STACK_NAME}-frameOptions.headers.contentSecurityPolicy=frame-ancestors ${X_FRAME_OPTIONS_ALLOW_FROM}"
-        - "coop-cloud.${STACK_NAME}.version=4.2.0+2023.10.7"
+        - "coop-cloud.${STACK_NAME}.version=5.0.2+2024.2.2"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
 
   worker:
-    image: ghcr.io/goauthentik/server:2023.10.7
+    image: ghcr.io/goauthentik/server:2024.2.2
     command: worker
     depends_on:
       - db

custom_flows.yaml.tmpl

@@ -402,4 +402,4 @@ entries:
   identifiers:
     pk: 047cce25-aae2-4b02-9f96-078e155f803d
   id: system_tenant
-  model: authentik_tenants.tenant
+  model: authentik_brands.brand

flow_invitation.yaml.tmpl

@@ -26,22 +26,16 @@ entries:
 
 ### POLICIES
 - attrs:
-    expression: "if not regex_match(request.context.get('prompt_data').get('username'),\
-      \ '\\s'):\n    return True\n\nak_message(\"Username must not contain\
-      \ whitespace!\")\nreturn False"
-    name: username-without-spaces-policy
+    expression: |
+      if not regex_match(request.context.get('prompt_data').get('username'), '\s'):
+          return True
+      ak_message("Username must not contain any whitespace!")
+      return False
   id: username-without-spaces-policy
   identifiers:
     name: username-without-spaces-policy
   model: authentik_policies_expression.expressionpolicy
 
-### POLICY BINDINGS
-- identifiers:
-    policy: !KeyOf username-without-spaces-policy
-    target: !KeyOf prompt-stage-binding
-    order: 10
-  model: authentik_policies.policybinding
-
 ### STAGES
 - identifiers:
     name: invitation-stage
@@ -59,6 +53,8 @@ entries:
       - !Find [authentik_stages_prompt.prompt, [name, default-user-settings-field-email]]
       - !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password]]
       - !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password-repeat]]
+    validation_policies:
+      - !Find [ authentik_policies_expression.expressionpolicy, [name, username-without-spaces-policy]]
 
 ### STAGE BINDINGS
 - identifiers:
@@ -71,7 +67,6 @@ entries:
     stage: !KeyOf enrollment-prompt-userdata
     target: !KeyOf invitation-enrollment-flow
   model: authentik_flows.flowstagebinding
-  id: prompt-stage-binding
 - identifiers:
     order: 20
     stage: !Find [authentik_stages_user_write.userwritestage, [name,  default-source-enrollment-write]]

flow_translation.yaml.tmpl

@@ -69,16 +69,3 @@ entries:
   attrs:
     label: !Context transl_username
     placeholder: !Context transl_username
-
-### POLICIES
-- model: authentik_policies_expression.expressionpolicy
-  identifiers:
-    name: username-without-spaces-policy
-  attrs:
-    expression: "if not regex_match(request.context.get('prompt_data').get('username'),\
-      \ '\\s'):\n    return True\n\nak_message(\"Benutzername darf kein Leerzeichen\
-      \ enthalten\")\nreturn False"
-      name: username-without-spaces-policy
-  id: username-without-spaces-policy
-
-Benutzername darf kein Leerzeichen enthalten\")\n

release/5.0.0+2024.2.2

@@ -0,0 +1 @@
+Blueprint changes are applied and automatic migrations should work, however, manual action may be required: https://docs.goauthentik.io/docs/releases/2024.2

system_tenant.yaml.tmpl

@@ -21,7 +21,7 @@ entries:
 # remove custom tenant from old recipe
 - identifiers:
     domain: {{ env "DOMAIN" }}
-  model: authentik_tenants.tenant
+  model: authentik_brands.brand
   state: absent
 
 - attrs:
@@ -32,4 +32,4 @@ entries:
   identifiers:
     default: true
     domain: authentik-default
-  model: authentik_tenants.tenant
+  model: authentik_brands.brand