outposts: disable deployment and secret reconciler for embedded outpo…

…st in code instead of in config Signed-off-by: Jens Langhammer <jens@goauthentik.io>
goauthentik · Dec 30, 2023 · a396089 · a396089
1 parent 1c3cce1
commit a396089
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 9 deletions.
diff --git a/authentik/outposts/api/outposts.py b/authentik/outposts/api/outposts.py
@@ -51,7 +51,7 @@ def validate_name(self, name: str) -> str:
         """Validate name (especially for embedded outpost)"""
         if not self.instance:
             return name
-        if self.instance.managed == MANAGED_OUTPOST:
+        if self.instance.managed == MANAGED_OUTPOST and name != MANAGED_OUTPOST_NAME:
             raise ValidationError("Embedded outpost's name cannot be changed")
         if self.instance.name == MANAGED_OUTPOST_NAME:
             self.instance.managed = MANAGED_OUTPOST

diff --git a/authentik/outposts/apps.py b/authentik/outposts/apps.py
@@ -36,7 +36,6 @@ def reconcile_embedded_outpost(self):
             DockerServiceConnection,
             KubernetesServiceConnection,
             Outpost,
-            OutpostConfig,
             OutpostType,
         )
 
@@ -56,10 +55,4 @@ def reconcile_embedded_outpost(self):
                 outpost.service_connection = KubernetesServiceConnection.objects.first()
             elif DockerServiceConnection.objects.exists():
                 outpost.service_connection = DockerServiceConnection.objects.first()
-            outpost.config = OutpostConfig(
-                kubernetes_disabled_components=[
-                    "deployment",
-                    "secret",
-                ]
-            )
             outpost.save()
diff --git a/authentik/outposts/controllers/k8s/deployment.py b/authentik/outposts/controllers/k8s/deployment.py
@@ -43,6 +43,10 @@ def __init__(self, controller: "KubernetesController") -> None:
         self.api = AppsV1Api(controller.client)
         self.outpost = self.controller.outpost
 
+    @property
+    def noop(self) -> bool:
+        return self.is_embedded
+
     @staticmethod
     def reconciler_name() -> str:
         return "deployment"

diff --git a/authentik/outposts/controllers/k8s/secret.py b/authentik/outposts/controllers/k8s/secret.py
@@ -24,6 +24,10 @@ def __init__(self, controller: "KubernetesController") -> None:
         super().__init__(controller)
         self.api = CoreV1Api(controller.client)
 
+    @property
+    def noop(self) -> bool:
+        return self.is_embedded
+
     @staticmethod
     def reconciler_name() -> str:
         return "secret"

diff --git a/authentik/outposts/controllers/k8s/service_monitor.py b/authentik/outposts/controllers/k8s/service_monitor.py
@@ -77,7 +77,10 @@ def reconciler_name() -> str:
 
     @property
     def noop(self) -> bool:
-        return (not self._crd_exists()) or (self.is_embedded)
+        if not self._crd_exists():
+            self.logger.debug("CRD doesn't exist")
+            return True
+        return self.is_embedded
 
     def _crd_exists(self) -> bool:
         """Check if the Prometheus ServiceMonitor exists"""