Skip to content
GitLab
Menu
Why GitLab
Pricing
Contact Sales
Explore
Why GitLab
Pricing
Contact Sales
Explore
Sign in
Get free trial
Commits on Source (2)
Added example unwrapped raw blueprints
· db2507a8
George Onoufriou
authored
Dec 31, 2023
db2507a8
Updated akblueprint docs to match string
· 5e6990ae
George Onoufriou
authored
Dec 31, 2023
5e6990ae
Hide whitespace changes
Inline
Side-by-side
docs/source/crds/akbp.rst
View file @
5e6990ae
...
...
@@ -17,6 +17,8 @@ AkBlueprint
|ak-fig|
Currently only file-based blueprints are supported, direct-to-database blueprints are broadly implemented but a lot of quality of life is still missing like custom YAML tag support.
Spec
----
...
...
@@ -36,7 +38,7 @@ Spec
namespace: auth
spec:
file: /blueprints/operator/blueprint-sample.yml
blueprint:
blueprint:
|
version: 1
metadata:
labels:
...
...
operator/config/samples/raw_blueprints/README.md
0 → 100644
View file @
5e6990ae
# Raw Blueprints
This directory holds example authentik raw blueprints. To use these with AKM simply indent and append them to the following snippet:
```
yaml
apiVersion
:
akm.goauthentik.io/v1alpha1
kind
:
AkBlueprint
metadata
:
name
:
<YOUR UNIQUE BLUPRINT NAME>
namespace
:
<AUTHNTIK NAMESPACE>
spec
:
file
:
/blueprints/custom/<YOUR UNIQUE BLUPRINT NAME>.yaml
blueprint
:
|
<YOUR INDENTED BLUEPRINT HERE>
```
See more wrapped examples in operator/config/samples directory.
operator/config/samples/raw_blueprints/default-auth-flow.yaml
0 → 100644
View file @
5e6990ae
# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
version
:
1
metadata
:
name
:
Default - Authentication flow
entries
:
-
model
:
authentik_blueprints.metaapplyblueprint
attrs
:
identifiers
:
name
:
Default - Password change flow
required
:
false
-
attrs
:
designation
:
authentication
name
:
Welcome to authentik!
title
:
Welcome to authentik!
authentication
:
none
identifiers
:
slug
:
default-authentication-flow
model
:
authentik_flows.flow
id
:
flow
-
attrs
:
backends
:
-
authentik.core.auth.InbuiltBackend
-
authentik.sources.ldap.auth.LDAPBackend
-
authentik.core.auth.TokenBackend
configure_flow
:
!Find
[
authentik_flows.flow
,
[
slug
,
default-password-change
]]
identifiers
:
name
:
default-authentication-password
id
:
default-authentication-password
model
:
authentik_stages_password.passwordstage
-
identifiers
:
name
:
default-authentication-mfa-validation
id
:
default-authentication-mfa-validation
model
:
authentik_stages_authenticator_validate.authenticatorvalidatestage
-
attrs
:
user_fields
:
-
email
-
username
identifiers
:
name
:
default-authentication-identification
id
:
default-authentication-identification
model
:
authentik_stages_identification.identificationstage
-
identifiers
:
name
:
default-authentication-login
id
:
default-authentication-login
model
:
authentik_stages_user_login.userloginstage
-
identifiers
:
order
:
10
stage
:
!KeyOf
default-authentication-identification
target
:
!KeyOf
flow
model
:
authentik_flows.flowstagebinding
-
identifiers
:
order
:
20
stage
:
!KeyOf
default-authentication-password
target
:
!KeyOf
flow
attrs
:
re_evaluate_policies
:
true
id
:
default-authentication-flow-password-binding
model
:
authentik_flows.flowstagebinding
-
identifiers
:
order
:
30
stage
:
!KeyOf
default-authentication-mfa-validation
target
:
!KeyOf
flow
model
:
authentik_flows.flowstagebinding
-
identifiers
:
order
:
100
stage
:
!KeyOf
default-authentication-login
target
:
!KeyOf
flow
model
:
authentik_flows.flowstagebinding
-
model
:
authentik_policies_expression.expressionpolicy
id
:
default-authentication-flow-password-optional
identifiers
:
name
:
default-authentication-flow-password-stage
attrs
:
expression
:
|
flow_plan = request.context.get("flow_plan")
if not flow_plan:
return True
# If the user does not have a backend attached to it, they haven't
# been authenticated yet and we need the password stage
return not hasattr(flow_plan.context.get("pending_user"), "backend")
-
model
:
authentik_policies.policybinding
identifiers
:
order
:
10
target
:
!KeyOf
default-authentication-flow-password-binding
policy
:
!KeyOf
default-authentication-flow-password-optional
operator/config/samples/raw_blueprints/default-tenant.yaml
0 → 100644
View file @
5e6990ae
metadata
:
name
:
Default - Tenant
version
:
1
entries
:
-
model
:
authentik_blueprints.metaapplyblueprint
attrs
:
identifiers
:
name
:
Default - Authentication flow
required
:
false
-
model
:
authentik_blueprints.metaapplyblueprint
attrs
:
identifiers
:
name
:
Default - Invalidation flow
required
:
false
-
model
:
authentik_blueprints.metaapplyblueprint
attrs
:
identifiers
:
name
:
Default - User settings flow
required
:
false
-
attrs
:
flow_authentication
:
!Find
[
authentik_flows.flow
,
[
slug
,
default-authentication-flow
]]
flow_invalidation
:
!Find
[
authentik_flows.flow
,
[
slug
,
default-invalidation-flow
]]
flow_user_settings
:
!Find
[
authentik_flows.flow
,
[
slug
,
default-user-settings-flow
]]
identifiers
:
domain
:
authentik-default
default
:
True
state
:
created
model
:
authentik_tenants.tenant