diff --git a/authentik/enterprise/providers/rac/api/endpoints.py b/authentik/enterprise/providers/rac/api/endpoints.py new file mode 100644 index 0000000000000..eec3256ba635e --- /dev/null +++ b/authentik/enterprise/providers/rac/api/endpoints.py @@ -0,0 +1,24 @@ +"""RAC Provider API Views""" +from rest_framework.viewsets import ModelViewSet + +from authentik.core.api.providers import ProviderSerializer +from authentik.core.api.used_by import UsedByMixin +from authentik.enterprise.providers.rac.models import Endpoint + + +class EndpointSerializer(ProviderSerializer): + """Endpoint Serializer""" + + class Meta: + model = Endpoint + fields = ["name", "protocol", "host", "settings", "property_mappings"] + extra_kwargs = ProviderSerializer.Meta.extra_kwargs + + +class EndpointViewSet(UsedByMixin, ModelViewSet): + """Endpoint Viewset""" + + queryset = Endpoint.objects.all() + serializer_class = EndpointSerializer + search_fields = ["name", "protocol"] + ordering = ["name", "protocol"] diff --git a/authentik/enterprise/providers/rac/api/property_mappings.py b/authentik/enterprise/providers/rac/api/property_mappings.py new file mode 100644 index 0000000000000..a2b6c9741d183 --- /dev/null +++ b/authentik/enterprise/providers/rac/api/property_mappings.py @@ -0,0 +1,23 @@ +"""RAC Provider API Views""" +from rest_framework.viewsets import ModelViewSet + +from authentik.core.api.propertymappings import PropertyMappingSerializer +from authentik.core.api.used_by import UsedByMixin +from authentik.enterprise.providers.rac.models import RACPropertyMapping + + +class RACPropertyMappingSerializer(PropertyMappingSerializer): + """RACPropertyMapping Serializer""" + + class Meta: + model = RACPropertyMapping + fields = PropertyMappingSerializer.Meta.fields + [] + + +class RACPropertyMappingViewSet(UsedByMixin, ModelViewSet): + """RACPropertyMapping Viewset""" + + queryset = RACPropertyMapping.objects.all() + serializer_class = RACPropertyMappingSerializer + search_fields = ["name"] + ordering = ["name"] diff --git a/authentik/enterprise/providers/rac/api/providers.py b/authentik/enterprise/providers/rac/api/providers.py index d7f126a2ad38b..a2d4b1e948695 100644 --- a/authentik/enterprise/providers/rac/api/providers.py +++ b/authentik/enterprise/providers/rac/api/providers.py @@ -13,7 +13,6 @@ class Meta: model = RACProvider fields = ProviderSerializer.Meta.fields + [ "protocol", - "host", "settings", ] extra_kwargs = ProviderSerializer.Meta.extra_kwargs diff --git a/authentik/enterprise/providers/rac/migrations/0001_initial.py b/authentik/enterprise/providers/rac/migrations/0001_initial.py index f3c5a4c97818d..c2484f52b11d2 100644 --- a/authentik/enterprise/providers/rac/migrations/0001_initial.py +++ b/authentik/enterprise/providers/rac/migrations/0001_initial.py @@ -1,4 +1,4 @@ -# Generated by Django 4.2.6 on 2023-10-25 15:01 +# Generated by Django 4.2.7 on 2023-11-29 14:01 import django.db.models.deletion from django.db import migrations, models @@ -8,10 +8,66 @@ class Migration(migrations.Migration): initial = True dependencies = [ + ("authentik_policies", "0011_policybinding_failure_result_and_more"), ("authentik_core", "0032_group_roles"), ] operations = [ + migrations.CreateModel( + name="Endpoint", + fields=[ + ( + "policybindingmodel_ptr", + models.OneToOneField( + auto_created=True, + on_delete=django.db.models.deletion.CASCADE, + parent_link=True, + primary_key=True, + serialize=False, + to="authentik_policies.policybindingmodel", + ), + ), + ("name", models.TextField()), + ("host", models.TextField()), + ( + "protocol", + models.TextField(choices=[("rdp", "Rdp"), ("vnc", "Vnc"), ("ssh", "Ssh")]), + ), + ("settings", models.JSONField(default=dict)), + ( + "property_mappings", + models.ManyToManyField( + blank=True, default=None, to="authentik_core.propertymapping" + ), + ), + ], + options={ + "verbose_name": "RAC Endpoint", + "verbose_name_plural": "RAC Endpoints", + }, + bases=("authentik_policies.policybindingmodel", models.Model), + ), + migrations.CreateModel( + name="RACPropertyMapping", + fields=[ + ( + "propertymapping_ptr", + models.OneToOneField( + auto_created=True, + on_delete=django.db.models.deletion.CASCADE, + parent_link=True, + primary_key=True, + serialize=False, + to="authentik_core.propertymapping", + ), + ), + ], + options={ + "verbose_name": "RAC Property Mapping", + "verbose_name_plural": "RAC Property Mappings", + }, + bases=("authentik_core.propertymapping",), + ), migrations.CreateModel( name="RACProvider", fields=[ @@ -30,12 +86,15 @@ class Migration(migrations.Migration): "protocol", models.TextField(choices=[("rdp", "Rdp"), ("vnc", "Vnc"), ("ssh", "Ssh")]), ), - ("host", models.TextField()), ("settings", models.JSONField(default=dict)), ( "auth_mode", models.TextField(choices=[("static", "Static"), ("prompt", "Prompt")]), ), + ( + "endpoints", + models.ManyToManyField(blank=True, to="authentik_providers_rac.endpoint"), + ), ], options={ "verbose_name": "RAC Provider", diff --git a/authentik/enterprise/providers/rac/models.py b/authentik/enterprise/providers/rac/models.py index a34371cf41938..b2d32426dc2f2 100644 --- a/authentik/enterprise/providers/rac/models.py +++ b/authentik/enterprise/providers/rac/models.py @@ -7,7 +7,9 @@ from django.utils.translation import gettext as _ from rest_framework.serializers import Serializer -from authentik.core.models import Provider +from authentik.core.models import PropertyMapping, Provider +from authentik.lib.models import SerializerModel +from authentik.policies.models import PolicyBindingModel class Protocols(models.TextChoices): @@ -29,14 +31,16 @@ class RACProvider(Provider): """Remote access provider""" protocol = models.TextField(choices=Protocols.choices) - host = models.TextField() settings = models.JSONField(default=dict) auth_mode = models.TextField(choices=AuthenticationMode.choices) + endpoints = models.ManyToManyField("Endpoint", blank=True) @property def launch_url(self) -> Optional[str]: """URL to this provider and initiate authorization for the user. Can return None for providers that are not URL-based""" + if len(self.endpoints.all()) < 1: + return None try: # pylint: disable=no-member return reverse( @@ -46,13 +50,40 @@ def launch_url(self) -> Optional[str]: except Provider.application.RelatedObjectDoesNotExist: return None - def get_settings(self) -> dict: + @property + def component(self) -> str: + return "ak-provider-rac-form" + + @property + def serializer(self) -> type[Serializer]: + from authentik.enterprise.providers.rac.api.providers import RACProviderSerializer + + return RACProviderSerializer + + class Meta: + verbose_name = _("RAC Provider") + verbose_name_plural = _("RAC Providers") + + +class Endpoint(SerializerModel, PolicyBindingModel): + """Remote-accessible endpoint""" + + name = models.TextField() + host = models.TextField() + protocol = models.TextField(choices=Protocols.choices) + settings = models.JSONField(default=dict) + + property_mappings = models.ManyToManyField( + "authentik_core.PropertyMapping", default=None, blank=True + ) + + def get_settings(self, provider: RACProvider) -> dict: """Get settings""" default_settings = {} default_settings["hostname"] = self.host - default_settings["enable-drive"] = "true" - default_settings["drive-name"] = "authentik" - default_settings["client-name"] = "foo" + # default_settings["enable-drive"] = "true" + # default_settings["drive-name"] = "authentik" + # default_settings["client-name"] = "foo" if self.protocol == Protocols.RDP: default_settings["resize-method"] = "display-update" default_settings["enable-wallpaper"] = "true" @@ -66,19 +97,36 @@ def get_settings(self) -> dict: default_settings["terminal-type"] = "xterm-256color" settings = {} always_merger.merge(settings, default_settings) + always_merger.merge(settings, provider.settings) always_merger.merge(settings, self.settings) return settings + @property + def serializer(self) -> type[Serializer]: + from authentik.enterprise.providers.rac.api.endpoints import EndpointSerializer + + return EndpointSerializer + + class Meta: + verbose_name = _("RAC Endpoint") + verbose_name_plural = _("RAC Endpoints") + + +class RACPropertyMapping(PropertyMapping): + """RAC Property mapping""" + @property def component(self) -> str: - return "ak-provider-rac-form" + return "ak-property-mapping-rac-form" @property def serializer(self) -> type[Serializer]: - from authentik.enterprise.providers.rac.api.providers import RACProviderSerializer + from authentik.enterprise.providers.rac.api.property_mappings import ( + PropertyMappingSerializer, + ) - return RACProviderSerializer + return PropertyMappingSerializer class Meta: - verbose_name = _("RAC Provider") - verbose_name_plural = _("RAC Providers") + verbose_name = _("RAC Property Mapping") + verbose_name_plural = _("RAC Property Mappings") diff --git a/authentik/enterprise/providers/rac/urls.py b/authentik/enterprise/providers/rac/urls.py index cf34e4bfe74bf..0ac256336b541 100644 --- a/authentik/enterprise/providers/rac/urls.py +++ b/authentik/enterprise/providers/rac/urls.py @@ -5,6 +5,8 @@ from django.views.decorators.csrf import ensure_csrf_cookie from authentik.core.channels import TokenOutpostMiddleware +from authentik.enterprise.providers.rac.api.endpoints import EndpointViewSet +from authentik.enterprise.providers.rac.api.property_mappings import RACPropertyMappingViewSet from authentik.enterprise.providers.rac.api.providers import RACProviderViewSet from authentik.enterprise.providers.rac.consumer_client import RACClientConsumer from authentik.enterprise.providers.rac.consumer_outpost import RACOutpostConsumer @@ -35,4 +37,6 @@ api_urlpatterns = [ ("providers/rac", RACProviderViewSet), + ("propertymappings/rac", RACPropertyMappingViewSet), + ("rac/endpoints", EndpointViewSet), ] diff --git a/blueprints/schema.json b/blueprints/schema.json index 9b504e72794bc..31bb6da944980 100644 --- a/blueprints/schema.json +++ b/blueprints/schema.json @@ -2816,6 +2816,80 @@ } } }, + { + "type": "object", + "required": [ + "model", + "identifiers" + ], + "properties": { + "model": { + "const": "authentik_providers_rac.endpoint" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created", + "must_created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_rac.endpoint" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_rac.endpoint" + } + } + }, + { + "type": "object", + "required": [ + "model", + "identifiers" + ], + "properties": { + "model": { + "const": "authentik_providers_rac.racpropertymapping" + }, + "id": { + "type": "string" + }, + "state": { + "type": "string", + "enum": [ + "absent", + "present", + "created", + "must_created" + ], + "default": "present" + }, + "conditions": { + "type": "array", + "items": { + "type": "boolean" + } + }, + "attrs": { + "$ref": "#/$defs/model_authentik_providers_rac.racpropertymapping" + }, + "identifiers": { + "$ref": "#/$defs/model_authentik_providers_rac.racpropertymapping" + } + } + }, { "type": "object", "required": [ @@ -3600,7 +3674,9 @@ "authentik_core.application", "authentik_core.token", "authentik_enterprise.license", - "authentik_providers_rac.racprovider" + "authentik_providers_rac.racprovider", + "authentik_providers_rac.endpoint", + "authentik_providers_rac.racpropertymapping" ], "title": "Model", "description": "Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched." @@ -8804,6 +8880,31 @@ ], "title": "Protocol" }, + "settings": { + "type": "object", + "additionalProperties": true, + "title": "Settings" + } + }, + "required": [] + }, + "model_authentik_providers_rac.endpoint": { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "protocol": { + "type": "string", + "enum": [ + "rdp", + "vnc", + "ssh" + ], + "title": "Protocol" + }, "host": { "type": "string", "minLength": 1, @@ -8813,6 +8914,38 @@ "type": "object", "additionalProperties": true, "title": "Settings" + }, + "property_mappings": { + "type": "array", + "items": { + "type": "integer" + }, + "title": "Property mappings" + } + }, + "required": [] + }, + "model_authentik_providers_rac.racpropertymapping": { + "type": "object", + "properties": { + "managed": { + "type": [ + "string", + "null" + ], + "minLength": 1, + "title": "Managed by authentik", + "description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update." + }, + "name": { + "type": "string", + "minLength": 1, + "title": "Name" + }, + "expression": { + "type": "string", + "minLength": 1, + "title": "Expression" } }, "required": [] diff --git a/schema.yml b/schema.yml index 240ecd7202725..abc354aa7d84b 100644 --- a/schema.yml +++ b/schema.yml @@ -13873,6 +13873,271 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' + /propertymappings/rac/: + get: + operationId: propertymappings_rac_list + description: RACPropertyMapping Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedRACPropertyMappingList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: propertymappings_rac_create + description: RACPropertyMapping Viewset + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMappingRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/rac/{pm_uuid}/: + get: + operationId: propertymappings_rac_retrieve + description: RACPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: propertymappings_rac_update + description: RACPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMappingRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: propertymappings_rac_partial_update + description: RACPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedRACPropertyMappingRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/RACPropertyMapping' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: propertymappings_rac_destroy + description: RACPropertyMapping Viewset + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /propertymappings/rac/{pm_uuid}/used_by/: + get: + operationId: propertymappings_rac_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: pm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Property Mapping. + required: true + tags: + - propertymappings + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' /propertymappings/saml/: get: operationId: propertymappings_saml_list @@ -17119,7 +17384,304 @@ paths: description: A unique integer value identifying this SCIM Provider. required: true tags: - - providers + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SCIMProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + put: + operationId: providers_scim_update + description: SCIMProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SCIM Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/SCIMProviderRequest' + required: true + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SCIMProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + patch: + operationId: providers_scim_partial_update + description: SCIMProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SCIM Provider. + required: true + tags: + - providers + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/PatchedSCIMProviderRequest' + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/SCIMProvider' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + delete: + operationId: providers_scim_destroy + description: SCIMProvider Viewset + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SCIM Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '204': + description: No response body + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/scim/{id}/sync_status/: + get: + operationId: providers_scim_sync_status_retrieve + description: Get provider's sync status + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SCIM Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Task' + description: '' + '404': + description: Task not found + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /providers/scim/{id}/used_by/: + get: + operationId: providers_scim_used_by_list + description: Get a list of all objects that use this object + parameters: + - in: path + name: id + schema: + type: integer + description: A unique integer value identifying this SCIM Provider. + required: true + tags: + - providers + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/UsedBy' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /rac/endpoints/: + get: + operationId: rac_endpoints_list + description: Endpoint Viewset + parameters: + - name: ordering + required: false + in: query + description: Which field to use when ordering the results. + schema: + type: string + - name: page + required: false + in: query + description: A page number within the paginated result set. + schema: + type: integer + - name: page_size + required: false + in: query + description: Number of results to return per page. + schema: + type: integer + - name: search + required: false + in: query + description: A search term. + schema: + type: string + tags: + - rac + security: + - authentik: [] + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/PaginatedEndpointList' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + post: + operationId: rac_endpoints_create + description: Endpoint Viewset + tags: + - rac + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/EndpointRequest' + required: true + security: + - authentik: [] + responses: + '201': + content: + application/json: + schema: + $ref: '#/components/schemas/Endpoint' + description: '' + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/ValidationError' + description: '' + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/GenericError' + description: '' + /rac/endpoints/{pbm_uuid}/: + get: + operationId: rac_endpoints_retrieve + description: Endpoint Viewset + parameters: + - in: path + name: pbm_uuid + schema: + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. + required: true + tags: + - rac security: - authentik: [] responses: @@ -17127,7 +17689,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SCIMProvider' + $ref: '#/components/schemas/Endpoint' description: '' '400': content: @@ -17142,22 +17704,23 @@ paths: $ref: '#/components/schemas/GenericError' description: '' put: - operationId: providers_scim_update - description: SCIMProvider Viewset + operationId: rac_endpoints_update + description: Endpoint Viewset parameters: - in: path - name: id + name: pbm_uuid schema: - type: integer - description: A unique integer value identifying this SCIM Provider. + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. required: true tags: - - providers + - rac requestBody: content: application/json: schema: - $ref: '#/components/schemas/SCIMProviderRequest' + $ref: '#/components/schemas/EndpointRequest' required: true security: - authentik: [] @@ -17166,7 +17729,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SCIMProvider' + $ref: '#/components/schemas/Endpoint' description: '' '400': content: @@ -17181,22 +17744,23 @@ paths: $ref: '#/components/schemas/GenericError' description: '' patch: - operationId: providers_scim_partial_update - description: SCIMProvider Viewset + operationId: rac_endpoints_partial_update + description: Endpoint Viewset parameters: - in: path - name: id + name: pbm_uuid schema: - type: integer - description: A unique integer value identifying this SCIM Provider. + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. required: true tags: - - providers + - rac requestBody: content: application/json: schema: - $ref: '#/components/schemas/PatchedSCIMProviderRequest' + $ref: '#/components/schemas/PatchedEndpointRequest' security: - authentik: [] responses: @@ -17204,7 +17768,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SCIMProvider' + $ref: '#/components/schemas/Endpoint' description: '' '400': content: @@ -17219,17 +17783,18 @@ paths: $ref: '#/components/schemas/GenericError' description: '' delete: - operationId: providers_scim_destroy - description: SCIMProvider Viewset + operationId: rac_endpoints_destroy + description: Endpoint Viewset parameters: - in: path - name: id + name: pbm_uuid schema: - type: integer - description: A unique integer value identifying this SCIM Provider. + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. required: true tags: - - providers + - rac security: - authentik: [] responses: @@ -17247,55 +17812,20 @@ paths: schema: $ref: '#/components/schemas/GenericError' description: '' - /providers/scim/{id}/sync_status/: - get: - operationId: providers_scim_sync_status_retrieve - description: Get provider's sync status - parameters: - - in: path - name: id - schema: - type: integer - description: A unique integer value identifying this SCIM Provider. - required: true - tags: - - providers - security: - - authentik: [] - responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/Task' - description: '' - '404': - description: Task not found - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/ValidationError' - description: '' - '403': - content: - application/json: - schema: - $ref: '#/components/schemas/GenericError' - description: '' - /providers/scim/{id}/used_by/: + /rac/endpoints/{pbm_uuid}/used_by/: get: - operationId: providers_scim_used_by_list + operationId: rac_endpoints_used_by_list description: Get a list of all objects that use this object parameters: - in: path - name: id + name: pbm_uuid schema: - type: integer - description: A unique integer value identifying this SCIM Provider. + type: string + format: uuid + description: A UUID string identifying this RAC Endpoint. required: true tags: - - providers + - rac security: - authentik: [] responses: @@ -17467,6 +17997,8 @@ paths: - authentik_providers_oauth2.refreshtoken - authentik_providers_oauth2.scopemapping - authentik_providers_proxy.proxyprovider + - authentik_providers_rac.endpoint + - authentik_providers_rac.racpropertymapping - authentik_providers_rac.racprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlpropertymapping @@ -17586,6 +18118,8 @@ paths: * `authentik_core.token` - Token * `authentik_enterprise.license` - License * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping required: true - in: query name: object_pk @@ -17757,6 +18291,8 @@ paths: - authentik_providers_oauth2.refreshtoken - authentik_providers_oauth2.scopemapping - authentik_providers_proxy.proxyprovider + - authentik_providers_rac.endpoint + - authentik_providers_rac.racpropertymapping - authentik_providers_rac.racprovider - authentik_providers_radius.radiusprovider - authentik_providers_saml.samlpropertymapping @@ -17876,6 +18412,8 @@ paths: * `authentik_core.token` - Token * `authentik_enterprise.license` - License * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping required: true - in: query name: object_pk @@ -30641,6 +31179,52 @@ components: description: Activate users upon completion of stage. required: - name + Endpoint: + type: object + description: Endpoint Serializer + properties: + name: + type: string + protocol: + $ref: '#/components/schemas/ProtocolEnum' + host: + type: string + settings: + type: object + additionalProperties: {} + property_mappings: + type: array + items: + type: string + format: uuid + required: + - host + - name + - protocol + EndpointRequest: + type: object + description: Endpoint Serializer + properties: + name: + type: string + minLength: 1 + protocol: + $ref: '#/components/schemas/ProtocolEnum' + host: + type: string + minLength: 1 + settings: + type: object + additionalProperties: {} + property_mappings: + type: array + items: + type: string + format: uuid + required: + - host + - name + - protocol ErrorDetail: type: object description: Serializer for rest_framework's error messages @@ -30986,6 +31570,8 @@ components: * `authentik_core.token` - Token * `authentik_enterprise.license` - License * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping required: - bound_to - component @@ -31184,6 +31770,8 @@ components: * `authentik_core.token` - Token * `authentik_enterprise.license` - License * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping required: - name EventRequest: @@ -33492,6 +34080,8 @@ components: - authentik_core.token - authentik_enterprise.license - authentik_providers_rac.racprovider + - authentik_providers_rac.endpoint + - authentik_providers_rac.racpropertymapping type: string description: |- * `authentik_crypto.certificatekeypair` - Certificate-Key Pair @@ -33569,6 +34159,8 @@ components: * `authentik_core.token` - Token * `authentik_enterprise.license` - License * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping NameIdPolicyEnum: enum: - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress @@ -34766,6 +35358,18 @@ components: required: - pagination - results + PaginatedEndpointList: + type: object + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + type: array + items: + $ref: '#/components/schemas/Endpoint' + required: + - pagination + - results PaginatedEventList: type: object properties: @@ -35234,6 +35838,18 @@ components: required: - pagination - results + PaginatedRACPropertyMappingList: + type: object + properties: + pagination: + $ref: '#/components/schemas/Pagination' + results: + type: array + items: + $ref: '#/components/schemas/RACPropertyMapping' + required: + - pagination + - results PaginatedRACProviderList: type: object properties: @@ -36455,6 +37071,26 @@ components: activate_user_on_success: type: boolean description: Activate users upon completion of stage. + PatchedEndpointRequest: + type: object + description: Endpoint Serializer + properties: + name: + type: string + minLength: 1 + protocol: + $ref: '#/components/schemas/ProtocolEnum' + host: + type: string + minLength: 1 + settings: + type: object + additionalProperties: {} + property_mappings: + type: array + items: + type: string + format: uuid PatchedEventMatcherPolicyRequest: type: object description: Event Matcher Policy Serializer @@ -36645,6 +37281,8 @@ components: * `authentik_core.token` - Token * `authentik_enterprise.license` - License * `authentik_providers_rac.racprovider` - RAC Provider + * `authentik_providers_rac.endpoint` - RAC Endpoint + * `authentik_providers_rac.racpropertymapping` - RAC Property Mapping PatchedEventRequest: type: object description: Event Serializer @@ -37780,6 +38418,25 @@ components: minLength: 1 description: 'Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3).' + PatchedRACPropertyMappingRequest: + type: object + description: RACPropertyMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects that are managed by authentik. These objects are created + and updated automatically. This flag only indicates that an object can + be overwritten by migrations. You can still modify the objects via the + API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 PatchedRACProviderRequest: type: object description: RACProvider Serializer @@ -37804,9 +38461,6 @@ components: format: uuid protocol: $ref: '#/components/schemas/ProtocolEnum' - host: - type: string - minLength: 1 settings: type: object additionalProperties: {} @@ -39732,6 +40386,73 @@ components: - authorization_flow - external_host - name + RACPropertyMapping: + type: object + description: RACPropertyMapping Serializer + properties: + pk: + type: string + format: uuid + readOnly: true + title: Pm uuid + managed: + type: string + nullable: true + title: Managed by authentik + description: Objects that are managed by authentik. These objects are created + and updated automatically. This flag only indicates that an object can + be overwritten by migrations. You can still modify the objects via the + API, but expect changes to be overwritten in a later update. + name: + type: string + expression: + type: string + component: + type: string + description: Get object's component so that we know how to edit the object + readOnly: true + verbose_name: + type: string + description: Return object's verbose_name + readOnly: true + verbose_name_plural: + type: string + description: Return object's plural verbose_name + readOnly: true + meta_model_name: + type: string + description: Return internal model name + readOnly: true + required: + - component + - expression + - meta_model_name + - name + - pk + - verbose_name + - verbose_name_plural + RACPropertyMappingRequest: + type: object + description: RACPropertyMapping Serializer + properties: + managed: + type: string + nullable: true + minLength: 1 + title: Managed by authentik + description: Objects that are managed by authentik. These objects are created + and updated automatically. This flag only indicates that an object can + be overwritten by migrations. You can still modify the objects via the + API, but expect changes to be overwritten in a later update. + name: + type: string + minLength: 1 + expression: + type: string + minLength: 1 + required: + - expression + - name RACProvider: type: object description: RACProvider Serializer @@ -39791,8 +40512,6 @@ components: readOnly: true protocol: $ref: '#/components/schemas/ProtocolEnum' - host: - type: string settings: type: object additionalProperties: {} @@ -39803,7 +40522,6 @@ components: - assigned_backchannel_application_slug - authorization_flow - component - - host - meta_model_name - name - pk @@ -39834,15 +40552,11 @@ components: format: uuid protocol: $ref: '#/components/schemas/ProtocolEnum' - host: - type: string - minLength: 1 settings: type: object additionalProperties: {} required: - authorization_flow - - host - name - protocol RadiusOutpostConfig: diff --git a/web/src/admin/property-mappings/PropertyMappingListPage.ts b/web/src/admin/property-mappings/PropertyMappingListPage.ts index e961a744ccf52..18521f5e47939 100644 --- a/web/src/admin/property-mappings/PropertyMappingListPage.ts +++ b/web/src/admin/property-mappings/PropertyMappingListPage.ts @@ -1,5 +1,6 @@ import "@goauthentik/admin/property-mappings/PropertyMappingLDAPForm"; import "@goauthentik/admin/property-mappings/PropertyMappingNotification"; +import "@goauthentik/admin/property-mappings/PropertyMappingRACForm"; import "@goauthentik/admin/property-mappings/PropertyMappingSAMLForm"; import "@goauthentik/admin/property-mappings/PropertyMappingSCIMForm"; import "@goauthentik/admin/property-mappings/PropertyMappingScopeForm"; diff --git a/web/src/admin/property-mappings/PropertyMappingRACForm.ts b/web/src/admin/property-mappings/PropertyMappingRACForm.ts new file mode 100644 index 0000000000000..50b7e7cafc18c --- /dev/null +++ b/web/src/admin/property-mappings/PropertyMappingRACForm.ts @@ -0,0 +1,74 @@ +import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; +import { docLink } from "@goauthentik/common/global"; +import "@goauthentik/elements/CodeMirror"; +import { CodeMirrorMode } from "@goauthentik/elements/CodeMirror"; +import "@goauthentik/elements/forms/HorizontalFormElement"; +import { ModelForm } from "@goauthentik/elements/forms/ModelForm"; + +import { msg } from "@lit/localize"; +import { TemplateResult, html } from "lit"; +import { customElement } from "lit/decorators.js"; +import { ifDefined } from "lit/directives/if-defined.js"; + +import { PropertymappingsApi, RACPropertyMapping } from "@goauthentik/api"; + +@customElement("ak-property-mapping-rac-form") +export class PropertyMappingLDAPForm extends ModelForm { + loadInstance(pk: string): Promise { + return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsRacRetrieve({ + pmUuid: pk, + }); + } + + getSuccessMessage(): string { + if (this.instance) { + return msg("Successfully updated mapping."); + } else { + return msg("Successfully created mapping."); + } + } + + async send(data: RACPropertyMapping): Promise { + if (this.instance) { + return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsRacUpdate({ + pmUuid: this.instance.pk || "", + rACPropertyMappingRequest: data, + }); + } else { + return new PropertymappingsApi(DEFAULT_CONFIG).propertymappingsRacCreate({ + rACPropertyMappingRequest: data, + }); + } + } + + renderForm(): TemplateResult { + return html` + + + + + +

+ ${msg("Expression using Python.")} + + ${msg("See documentation for a list of all variables.")} + +

+ `; + } +} diff --git a/web/src/admin/property-mappings/PropertyMappingWizard.ts b/web/src/admin/property-mappings/PropertyMappingWizard.ts index 9086546a0b24a..4773dd93aee7d 100644 --- a/web/src/admin/property-mappings/PropertyMappingWizard.ts +++ b/web/src/admin/property-mappings/PropertyMappingWizard.ts @@ -1,5 +1,6 @@ import "@goauthentik/admin/property-mappings/PropertyMappingLDAPForm"; import "@goauthentik/admin/property-mappings/PropertyMappingNotification"; +import "@goauthentik/admin/property-mappings/PropertyMappingRACForm"; import "@goauthentik/admin/property-mappings/PropertyMappingSAMLForm"; import "@goauthentik/admin/property-mappings/PropertyMappingScopeForm"; import "@goauthentik/admin/property-mappings/PropertyMappingTestForm";