authentik.providers.proxy.migrations.0001_squashed_0014_proxy_v2
1# Generated by Django 3.2.8 on 2021-10-12 15:39 2 3import django.db.models.deletion 4from django.apps.registry import Apps 5from django.core.exceptions import FieldError 6from django.db import migrations, models 7from django.db.backends.base.schema import BaseDatabaseSchemaEditor 8 9import authentik.lib.models 10import authentik.providers.proxy.models 11 12 13def migrate_defaults(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): 14 from authentik.providers.oauth2.models import JWTAlgorithms 15 from authentik.providers.proxy.models import ProxyProvider 16 17 db_alias = schema_editor.connection.alias 18 try: 19 for provider in ProxyProvider.objects.using(db_alias).filter(jwt_alg=JWTAlgorithms.RS256): 20 provider.set_oauth_defaults() 21 provider.save() 22 except FieldError: 23 # If the jwt_alg field doesn't exist, just ignore this migration 24 pass 25 26 27def migrate_mode(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): 28 from authentik.providers.proxy.models import ProxyMode 29 30 db_alias = schema_editor.connection.alias 31 ProxyProvider = apps.get_model("authentik_providers_proxy", "proxyprovider") 32 for provider in ProxyProvider.objects.using(db_alias).all(): 33 if provider.forward_auth_mode: 34 provider.mode = ProxyMode.FORWARD_SINGLE 35 provider.save() 36 37 38class Migration(migrations.Migration): 39 replaces = [ 40 ("authentik_providers_proxy", "0001_initial"), 41 ("authentik_providers_proxy", "0002_proxyprovider_cookie_secret"), 42 ("authentik_providers_proxy", "0003_proxyprovider_certificate"), 43 ("authentik_providers_proxy", "0004_auto_20200913_1947"), 44 ("authentik_providers_proxy", "0005_auto_20200914_1536"), 45 ("authentik_providers_proxy", "0006_proxyprovider_skip_path_regex"), 46 ("authentik_providers_proxy", "0007_auto_20200923_1017"), 47 ("authentik_providers_proxy", "0008_auto_20200930_0810"), 48 ("authentik_providers_proxy", "0009_auto_20201007_1721"), 49 ("authentik_providers_proxy", "0010_auto_20201214_0942"), 50 ("authentik_providers_proxy", "0011_proxyprovider_forward_auth_mode"), 51 ("authentik_providers_proxy", "0012_proxyprovider_cookie_domain"), 52 ("authentik_providers_proxy", "0013_mode"), 53 ("authentik_providers_proxy", "0014_proxy_v2"), 54 ] 55 56 initial = True 57 58 dependencies = [ 59 ("authentik_crypto", "0002_create_self_signed_kp"), 60 ("authentik_providers_oauth2", "0001_initial"), 61 ] 62 63 operations = [ 64 migrations.CreateModel( 65 name="ProxyProvider", 66 fields=[ 67 ( 68 "oauth2provider_ptr", 69 models.OneToOneField( 70 auto_created=True, 71 on_delete=django.db.models.deletion.CASCADE, 72 parent_link=True, 73 primary_key=True, 74 serialize=False, 75 to="authentik_providers_oauth2.oauth2provider", 76 ), 77 ), 78 ( 79 "internal_host", 80 models.TextField( 81 blank=True, 82 validators=[ 83 authentik.lib.models.DomainlessURLValidator(schemes=("http", "https")) 84 ], 85 ), 86 ), 87 ( 88 "external_host", 89 models.TextField( 90 validators=[ 91 authentik.lib.models.DomainlessURLValidator(schemes=("http", "https")) 92 ] 93 ), 94 ), 95 ( 96 "cookie_secret", 97 models.TextField(default=authentik.providers.proxy.models.get_cookie_secret), 98 ), 99 ( 100 "certificate", 101 models.ForeignKey( 102 blank=True, 103 null=True, 104 on_delete=django.db.models.deletion.SET_NULL, 105 to="authentik_crypto.certificatekeypair", 106 ), 107 ), 108 ( 109 "skip_path_regex", 110 models.TextField( 111 blank=True, 112 default="", 113 help_text=( 114 "Regular expressions for which authentication is not required. Each new" 115 " line is interpreted as a new Regular Expression." 116 ), 117 ), 118 ), 119 ( 120 "internal_host_ssl_validation", 121 models.BooleanField( 122 default=True, 123 help_text="Validate SSL Certificates of upstream servers", 124 verbose_name="Internal host SSL Validation", 125 ), 126 ), 127 ( 128 "basic_auth_enabled", 129 models.BooleanField( 130 default=False, 131 help_text=( 132 "Set a custom HTTP-Basic Authentication header based on values from" 133 " authentik." 134 ), 135 verbose_name="Set HTTP-Basic Authentication", 136 ), 137 ), 138 ( 139 "basic_auth_password_attribute", 140 models.TextField( 141 blank=True, 142 help_text=( 143 "User/Group Attribute used for the password part of the HTTP-Basic" 144 " Header." 145 ), 146 verbose_name="HTTP-Basic Password Key", 147 ), 148 ), 149 ( 150 "basic_auth_user_attribute", 151 models.TextField( 152 blank=True, 153 help_text=( 154 "User/Group Attribute used for the user part of the HTTP-Basic Header." 155 " If not set, the user's Email address is used." 156 ), 157 verbose_name="HTTP-Basic Username Key", 158 ), 159 ), 160 ( 161 "forward_auth_mode", 162 models.BooleanField( 163 default=False, 164 help_text=( 165 "Enable support for forwardAuth in traefik and nginx auth_request." 166 " Exclusive with internal_host." 167 ), 168 ), 169 ), 170 ("cookie_domain", models.TextField(blank=True, default="")), 171 ( 172 "mode", 173 models.TextField( 174 choices=[ 175 ("proxy", "Proxy"), 176 ("forward_single", "Forward Single"), 177 ("forward_domain", "Forward Domain"), 178 ], 179 default="proxy", 180 help_text=( 181 "Enable support for forwardAuth in traefik and nginx auth_request." 182 " Exclusive with internal_host." 183 ), 184 ), 185 ), 186 ], 187 options={ 188 "verbose_name": "Proxy Provider", 189 "verbose_name_plural": "Proxy Providers", 190 }, 191 bases=("authentik_providers_oauth2.oauth2provider",), 192 ), 193 migrations.RunPython( 194 code=migrate_mode, 195 ), 196 migrations.RemoveField( 197 model_name="proxyprovider", 198 name="forward_auth_mode", 199 ), 200 migrations.RunPython( 201 code=migrate_defaults, 202 ), 203 ]
def
migrate_defaults( apps: django.apps.registry.Apps, schema_editor: django.db.backends.base.schema.BaseDatabaseSchemaEditor):
14def migrate_defaults(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): 15 from authentik.providers.oauth2.models import JWTAlgorithms 16 from authentik.providers.proxy.models import ProxyProvider 17 18 db_alias = schema_editor.connection.alias 19 try: 20 for provider in ProxyProvider.objects.using(db_alias).filter(jwt_alg=JWTAlgorithms.RS256): 21 provider.set_oauth_defaults() 22 provider.save() 23 except FieldError: 24 # If the jwt_alg field doesn't exist, just ignore this migration 25 pass
def
migrate_mode( apps: django.apps.registry.Apps, schema_editor: django.db.backends.base.schema.BaseDatabaseSchemaEditor):
28def migrate_mode(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): 29 from authentik.providers.proxy.models import ProxyMode 30 31 db_alias = schema_editor.connection.alias 32 ProxyProvider = apps.get_model("authentik_providers_proxy", "proxyprovider") 33 for provider in ProxyProvider.objects.using(db_alias).all(): 34 if provider.forward_auth_mode: 35 provider.mode = ProxyMode.FORWARD_SINGLE 36 provider.save()
class
Migration(django.db.migrations.migration.Migration):
39class Migration(migrations.Migration): 40 replaces = [ 41 ("authentik_providers_proxy", "0001_initial"), 42 ("authentik_providers_proxy", "0002_proxyprovider_cookie_secret"), 43 ("authentik_providers_proxy", "0003_proxyprovider_certificate"), 44 ("authentik_providers_proxy", "0004_auto_20200913_1947"), 45 ("authentik_providers_proxy", "0005_auto_20200914_1536"), 46 ("authentik_providers_proxy", "0006_proxyprovider_skip_path_regex"), 47 ("authentik_providers_proxy", "0007_auto_20200923_1017"), 48 ("authentik_providers_proxy", "0008_auto_20200930_0810"), 49 ("authentik_providers_proxy", "0009_auto_20201007_1721"), 50 ("authentik_providers_proxy", "0010_auto_20201214_0942"), 51 ("authentik_providers_proxy", "0011_proxyprovider_forward_auth_mode"), 52 ("authentik_providers_proxy", "0012_proxyprovider_cookie_domain"), 53 ("authentik_providers_proxy", "0013_mode"), 54 ("authentik_providers_proxy", "0014_proxy_v2"), 55 ] 56 57 initial = True 58 59 dependencies = [ 60 ("authentik_crypto", "0002_create_self_signed_kp"), 61 ("authentik_providers_oauth2", "0001_initial"), 62 ] 63 64 operations = [ 65 migrations.CreateModel( 66 name="ProxyProvider", 67 fields=[ 68 ( 69 "oauth2provider_ptr", 70 models.OneToOneField( 71 auto_created=True, 72 on_delete=django.db.models.deletion.CASCADE, 73 parent_link=True, 74 primary_key=True, 75 serialize=False, 76 to="authentik_providers_oauth2.oauth2provider", 77 ), 78 ), 79 ( 80 "internal_host", 81 models.TextField( 82 blank=True, 83 validators=[ 84 authentik.lib.models.DomainlessURLValidator(schemes=("http", "https")) 85 ], 86 ), 87 ), 88 ( 89 "external_host", 90 models.TextField( 91 validators=[ 92 authentik.lib.models.DomainlessURLValidator(schemes=("http", "https")) 93 ] 94 ), 95 ), 96 ( 97 "cookie_secret", 98 models.TextField(default=authentik.providers.proxy.models.get_cookie_secret), 99 ), 100 ( 101 "certificate", 102 models.ForeignKey( 103 blank=True, 104 null=True, 105 on_delete=django.db.models.deletion.SET_NULL, 106 to="authentik_crypto.certificatekeypair", 107 ), 108 ), 109 ( 110 "skip_path_regex", 111 models.TextField( 112 blank=True, 113 default="", 114 help_text=( 115 "Regular expressions for which authentication is not required. Each new" 116 " line is interpreted as a new Regular Expression." 117 ), 118 ), 119 ), 120 ( 121 "internal_host_ssl_validation", 122 models.BooleanField( 123 default=True, 124 help_text="Validate SSL Certificates of upstream servers", 125 verbose_name="Internal host SSL Validation", 126 ), 127 ), 128 ( 129 "basic_auth_enabled", 130 models.BooleanField( 131 default=False, 132 help_text=( 133 "Set a custom HTTP-Basic Authentication header based on values from" 134 " authentik." 135 ), 136 verbose_name="Set HTTP-Basic Authentication", 137 ), 138 ), 139 ( 140 "basic_auth_password_attribute", 141 models.TextField( 142 blank=True, 143 help_text=( 144 "User/Group Attribute used for the password part of the HTTP-Basic" 145 " Header." 146 ), 147 verbose_name="HTTP-Basic Password Key", 148 ), 149 ), 150 ( 151 "basic_auth_user_attribute", 152 models.TextField( 153 blank=True, 154 help_text=( 155 "User/Group Attribute used for the user part of the HTTP-Basic Header." 156 " If not set, the user's Email address is used." 157 ), 158 verbose_name="HTTP-Basic Username Key", 159 ), 160 ), 161 ( 162 "forward_auth_mode", 163 models.BooleanField( 164 default=False, 165 help_text=( 166 "Enable support for forwardAuth in traefik and nginx auth_request." 167 " Exclusive with internal_host." 168 ), 169 ), 170 ), 171 ("cookie_domain", models.TextField(blank=True, default="")), 172 ( 173 "mode", 174 models.TextField( 175 choices=[ 176 ("proxy", "Proxy"), 177 ("forward_single", "Forward Single"), 178 ("forward_domain", "Forward Domain"), 179 ], 180 default="proxy", 181 help_text=( 182 "Enable support for forwardAuth in traefik and nginx auth_request." 183 " Exclusive with internal_host." 184 ), 185 ), 186 ), 187 ], 188 options={ 189 "verbose_name": "Proxy Provider", 190 "verbose_name_plural": "Proxy Providers", 191 }, 192 bases=("authentik_providers_oauth2.oauth2provider",), 193 ), 194 migrations.RunPython( 195 code=migrate_mode, 196 ), 197 migrations.RemoveField( 198 model_name="proxyprovider", 199 name="forward_auth_mode", 200 ), 201 migrations.RunPython( 202 code=migrate_defaults, 203 ), 204 ]
The base class for all migrations.
Migration files will import this from django.db.migrations.Migration and subclass it as a class called Migration. It will have one or more of the following attributes:
- operations: A list of Operation instances, probably from django.db.migrations.operations
- dependencies: A list of tuples of (app_path, migration_name)
- run_before: A list of tuples of (app_path, migration_name)
- replaces: A list of migration_names
Note that all migrations come out of migrations and into the Loader or Graph as instances, having been initialized with their app label and name.
replaces =
[('authentik_providers_proxy', '0001_initial'), ('authentik_providers_proxy', '0002_proxyprovider_cookie_secret'), ('authentik_providers_proxy', '0003_proxyprovider_certificate'), ('authentik_providers_proxy', '0004_auto_20200913_1947'), ('authentik_providers_proxy', '0005_auto_20200914_1536'), ('authentik_providers_proxy', '0006_proxyprovider_skip_path_regex'), ('authentik_providers_proxy', '0007_auto_20200923_1017'), ('authentik_providers_proxy', '0008_auto_20200930_0810'), ('authentik_providers_proxy', '0009_auto_20201007_1721'), ('authentik_providers_proxy', '0010_auto_20201214_0942'), ('authentik_providers_proxy', '0011_proxyprovider_forward_auth_mode'), ('authentik_providers_proxy', '0012_proxyprovider_cookie_domain'), ('authentik_providers_proxy', '0013_mode'), ('authentik_providers_proxy', '0014_proxy_v2')]
dependencies =
[('authentik_crypto', '0002_create_self_signed_kp'), ('authentik_providers_oauth2', '0001_initial')]
operations =
[<CreateModel name='ProxyProvider', fields=[('oauth2provider_ptr', <django.db.models.fields.related.OneToOneField>), ('internal_host', <django.db.models.fields.TextField>), ('external_host', <django.db.models.fields.TextField>), ('cookie_secret', <django.db.models.fields.TextField>), ('certificate', <django.db.models.fields.related.ForeignKey>), ('skip_path_regex', <django.db.models.fields.TextField>), ('internal_host_ssl_validation', <django.db.models.fields.BooleanField>), ('basic_auth_enabled', <django.db.models.fields.BooleanField>), ('basic_auth_password_attribute', <django.db.models.fields.TextField>), ('basic_auth_user_attribute', <django.db.models.fields.TextField>), ('forward_auth_mode', <django.db.models.fields.BooleanField>), ('cookie_domain', <django.db.models.fields.TextField>), ('mode', <django.db.models.fields.TextField>)], options={'verbose_name': 'Proxy Provider', 'verbose_name_plural': 'Proxy Providers'}, bases=('authentik_providers_oauth2.oauth2provider',)>, <RunPython code=<function migrate_mode>>, <RemoveField model_name='proxyprovider', name='forward_auth_mode'>, <RunPython code=<function migrate_defaults>>]