@kustodian/plugin-authentik 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/executor.d.ts +15 -0
  2. package/dist/executor.d.ts.map +1 -0
  3. package/dist/generator.d.ts +36 -0
  4. package/dist/generator.d.ts.map +1 -0
  5. package/dist/index.d.ts +14 -0
  6. package/dist/index.d.ts.map +1 -0
  7. package/dist/index.js +16832 -0
  8. package/dist/plugin.d.ts +11 -0
  9. package/dist/plugin.d.ts.map +1 -0
  10. package/dist/types.d.ts +344 -0
  11. package/dist/types.d.ts.map +1 -0
  12. package/package.json +13 -8
  13. package/src/executor.ts +0 -119
  14. package/src/generator.ts +0 -319
  15. package/src/index.ts +0 -44
  16. package/src/plugin.ts +0 -238
  17. package/src/types.ts +0 -296
package/dist/plugin.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import type { KustodianPluginType } from '@kustodian/plugins';
2
+ /**
3
+ * Creates the Authentik plugin.
4
+ */
5
+ export declare function create_authentik_plugin(options?: Record<string, unknown>): KustodianPluginType;
6
+ /**
7
+ * Default plugin export.
8
+ */
9
+ export declare const plugin: KustodianPluginType;
10
+ export default plugin;
11
+ //# sourceMappingURL=plugin.d.ts.map
package/dist/plugin.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"plugin.d.ts","sourceRoot":"","sources":["../src/plugin.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAKV,mBAAmB,EAIpB,MAAM,oBAAoB,CAAC;AA4G5B;;GAEG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM,GACpC,mBAAmB,CAqOrB;AAED;;GAEG;AACH,eAAO,MAAM,MAAM,qBAA4B,CAAC;AAEhD,eAAe,MAAM,CAAC"}
package/dist/types.d.ts ADDED
@@ -0,0 +1,344 @@
1
+ import { z } from 'zod';
2
+ /**
3
+ * Authentik authorization flow types
4
+ */
5
+ export declare const authentik_flow_schema: z.ZodEnum<{
6
+ "implicit-consent": "implicit-consent";
7
+ "explicit-consent": "explicit-consent";
8
+ "default-provider-authorization-implicit-consent": "default-provider-authorization-implicit-consent";
9
+ "default-provider-authorization-explicit-consent": "default-provider-authorization-explicit-consent";
10
+ }>;
11
+ export type AuthentikFlowType = z.infer<typeof authentik_flow_schema>;
12
+ /**
13
+ * Authentik provider types
14
+ */
15
+ export declare const auth_provider_schema: z.ZodEnum<{
16
+ oauth2: "oauth2";
17
+ saml: "saml";
18
+ proxy: "proxy";
19
+ }>;
20
+ export type AuthProviderType = z.infer<typeof auth_provider_schema>;
21
+ /**
22
+ * OAuth2/OIDC client types
23
+ */
24
+ export declare const client_type_schema: z.ZodEnum<{
25
+ confidential: "confidential";
26
+ public: "public";
27
+ }>;
28
+ export type ClientTypeType = z.infer<typeof client_type_schema>;
29
+ /**
30
+ * Authentik proxy mode types
31
+ */
32
+ export declare const proxy_mode_schema: z.ZodEnum<{
33
+ proxy: "proxy";
34
+ forward_single: "forward_single";
35
+ forward_domain: "forward_domain";
36
+ }>;
37
+ export type ProxyModeType = z.infer<typeof proxy_mode_schema>;
38
+ /**
39
+ * SAML SP binding types
40
+ */
41
+ export declare const saml_binding_schema: z.ZodEnum<{
42
+ post: "post";
43
+ redirect: "redirect";
44
+ }>;
45
+ export type SAMLBindingType = z.infer<typeof saml_binding_schema>;
46
+ /**
47
+ * SAML NameID policy types
48
+ */
49
+ export declare const saml_nameid_policy_schema: z.ZodEnum<{
50
+ "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
51
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
52
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient";
53
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName": "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName";
54
+ }>;
55
+ export type SAMLNameIDPolicyType = z.infer<typeof saml_nameid_policy_schema>;
56
+ /**
57
+ * OAuth2/OIDC provider configuration for Authentik
58
+ */
59
+ export declare const oauth2_provider_config_schema: z.ZodObject<{
60
+ client_id: z.ZodString;
61
+ client_type: z.ZodDefault<z.ZodEnum<{
62
+ confidential: "confidential";
63
+ public: "public";
64
+ }>>;
65
+ client_secret: z.ZodOptional<z.ZodString>;
66
+ redirect_uris: z.ZodArray<z.ZodString>;
67
+ authorization_flow: z.ZodOptional<z.ZodEnum<{
68
+ "implicit-consent": "implicit-consent";
69
+ "explicit-consent": "explicit-consent";
70
+ "default-provider-authorization-implicit-consent": "default-provider-authorization-implicit-consent";
71
+ "default-provider-authorization-explicit-consent": "default-provider-authorization-explicit-consent";
72
+ }>>;
73
+ signing_key: z.ZodOptional<z.ZodString>;
74
+ include_claims_in_id_token: z.ZodDefault<z.ZodBoolean>;
75
+ additional_scopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
76
+ access_token_validity: z.ZodDefault<z.ZodString>;
77
+ refresh_token_validity: z.ZodDefault<z.ZodString>;
78
+ sub_mode: z.ZodDefault<z.ZodString>;
79
+ issue_refresh_tokens: z.ZodDefault<z.ZodBoolean>;
80
+ }, z.core.$strip>;
81
+ export type OAuth2ProviderConfigType = z.infer<typeof oauth2_provider_config_schema>;
82
+ /**
83
+ * SAML provider configuration for Authentik
84
+ */
85
+ export declare const saml_provider_config_schema: z.ZodObject<{
86
+ acs_url: z.ZodString;
87
+ issuer: z.ZodString;
88
+ sp_binding: z.ZodDefault<z.ZodEnum<{
89
+ post: "post";
90
+ redirect: "redirect";
91
+ }>>;
92
+ audience: z.ZodOptional<z.ZodString>;
93
+ authorization_flow: z.ZodOptional<z.ZodEnum<{
94
+ "implicit-consent": "implicit-consent";
95
+ "explicit-consent": "explicit-consent";
96
+ "default-provider-authorization-implicit-consent": "default-provider-authorization-implicit-consent";
97
+ "default-provider-authorization-explicit-consent": "default-provider-authorization-explicit-consent";
98
+ }>>;
99
+ signing_kp: z.ZodOptional<z.ZodString>;
100
+ name_id_policy: z.ZodDefault<z.ZodEnum<{
101
+ "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
102
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
103
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient";
104
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName": "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName";
105
+ }>>;
106
+ assertion_valid_not_before: z.ZodDefault<z.ZodString>;
107
+ assertion_valid_not_on_or_after: z.ZodDefault<z.ZodString>;
108
+ session_valid_not_on_or_after: z.ZodDefault<z.ZodString>;
109
+ }, z.core.$strip>;
110
+ export type SAMLProviderConfigType = z.infer<typeof saml_provider_config_schema>;
111
+ /**
112
+ * Proxy provider configuration for Authentik
113
+ */
114
+ export declare const proxy_provider_config_schema: z.ZodObject<{
115
+ external_host: z.ZodString;
116
+ internal_host: z.ZodOptional<z.ZodString>;
117
+ internal_host_ssl_validation: z.ZodDefault<z.ZodBoolean>;
118
+ certificate: z.ZodOptional<z.ZodString>;
119
+ skip_path_regex: z.ZodOptional<z.ZodString>;
120
+ basic_auth_enabled: z.ZodDefault<z.ZodBoolean>;
121
+ basic_auth_password_attribute: z.ZodOptional<z.ZodString>;
122
+ basic_auth_user_attribute: z.ZodOptional<z.ZodString>;
123
+ mode: z.ZodDefault<z.ZodEnum<{
124
+ proxy: "proxy";
125
+ forward_single: "forward_single";
126
+ forward_domain: "forward_domain";
127
+ }>>;
128
+ authorization_flow: z.ZodOptional<z.ZodEnum<{
129
+ "implicit-consent": "implicit-consent";
130
+ "explicit-consent": "explicit-consent";
131
+ "default-provider-authorization-implicit-consent": "default-provider-authorization-implicit-consent";
132
+ "default-provider-authorization-explicit-consent": "default-provider-authorization-explicit-consent";
133
+ }>>;
134
+ access_token_validity: z.ZodDefault<z.ZodString>;
135
+ intercept_header_auth: z.ZodDefault<z.ZodBoolean>;
136
+ }, z.core.$strip>;
137
+ export type ProxyProviderConfigType = z.infer<typeof proxy_provider_config_schema>;
138
+ /**
139
+ * Authentication configuration in template kustomizations
140
+ */
141
+ export declare const auth_config_schema: z.ZodObject<{
142
+ provider: z.ZodEnum<{
143
+ oauth2: "oauth2";
144
+ saml: "saml";
145
+ proxy: "proxy";
146
+ }>;
147
+ app_name: z.ZodString;
148
+ app_display_name: z.ZodOptional<z.ZodString>;
149
+ app_description: z.ZodOptional<z.ZodString>;
150
+ app_icon: z.ZodOptional<z.ZodString>;
151
+ app_group: z.ZodOptional<z.ZodString>;
152
+ app_launch_url: z.ZodOptional<z.ZodString>;
153
+ oauth2: z.ZodOptional<z.ZodObject<{
154
+ client_id: z.ZodOptional<z.ZodString>;
155
+ client_type: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
156
+ confidential: "confidential";
157
+ public: "public";
158
+ }>>>;
159
+ client_secret: z.ZodOptional<z.ZodOptional<z.ZodString>>;
160
+ redirect_uris: z.ZodOptional<z.ZodArray<z.ZodString>>;
161
+ authorization_flow: z.ZodOptional<z.ZodOptional<z.ZodEnum<{
162
+ "implicit-consent": "implicit-consent";
163
+ "explicit-consent": "explicit-consent";
164
+ "default-provider-authorization-implicit-consent": "default-provider-authorization-implicit-consent";
165
+ "default-provider-authorization-explicit-consent": "default-provider-authorization-explicit-consent";
166
+ }>>>;
167
+ signing_key: z.ZodOptional<z.ZodOptional<z.ZodString>>;
168
+ include_claims_in_id_token: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
169
+ additional_scopes: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
170
+ access_token_validity: z.ZodOptional<z.ZodDefault<z.ZodString>>;
171
+ refresh_token_validity: z.ZodOptional<z.ZodDefault<z.ZodString>>;
172
+ sub_mode: z.ZodOptional<z.ZodDefault<z.ZodString>>;
173
+ issue_refresh_tokens: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
174
+ }, z.core.$strip>>;
175
+ saml: z.ZodOptional<z.ZodObject<{
176
+ acs_url: z.ZodOptional<z.ZodString>;
177
+ issuer: z.ZodOptional<z.ZodString>;
178
+ sp_binding: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
179
+ post: "post";
180
+ redirect: "redirect";
181
+ }>>>;
182
+ audience: z.ZodOptional<z.ZodOptional<z.ZodString>>;
183
+ authorization_flow: z.ZodOptional<z.ZodOptional<z.ZodEnum<{
184
+ "implicit-consent": "implicit-consent";
185
+ "explicit-consent": "explicit-consent";
186
+ "default-provider-authorization-implicit-consent": "default-provider-authorization-implicit-consent";
187
+ "default-provider-authorization-explicit-consent": "default-provider-authorization-explicit-consent";
188
+ }>>>;
189
+ signing_kp: z.ZodOptional<z.ZodOptional<z.ZodString>>;
190
+ name_id_policy: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
191
+ "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
192
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
193
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:transient": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient";
194
+ "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName": "urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName";
195
+ }>>>;
196
+ assertion_valid_not_before: z.ZodOptional<z.ZodDefault<z.ZodString>>;
197
+ assertion_valid_not_on_or_after: z.ZodOptional<z.ZodDefault<z.ZodString>>;
198
+ session_valid_not_on_or_after: z.ZodOptional<z.ZodDefault<z.ZodString>>;
199
+ }, z.core.$strip>>;
200
+ proxy: z.ZodOptional<z.ZodObject<{
201
+ external_host: z.ZodOptional<z.ZodString>;
202
+ internal_host: z.ZodOptional<z.ZodOptional<z.ZodString>>;
203
+ internal_host_ssl_validation: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
204
+ certificate: z.ZodOptional<z.ZodOptional<z.ZodString>>;
205
+ skip_path_regex: z.ZodOptional<z.ZodOptional<z.ZodString>>;
206
+ basic_auth_enabled: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
207
+ basic_auth_password_attribute: z.ZodOptional<z.ZodOptional<z.ZodString>>;
208
+ basic_auth_user_attribute: z.ZodOptional<z.ZodOptional<z.ZodString>>;
209
+ mode: z.ZodOptional<z.ZodDefault<z.ZodEnum<{
210
+ proxy: "proxy";
211
+ forward_single: "forward_single";
212
+ forward_domain: "forward_domain";
213
+ }>>>;
214
+ authorization_flow: z.ZodOptional<z.ZodOptional<z.ZodEnum<{
215
+ "implicit-consent": "implicit-consent";
216
+ "explicit-consent": "explicit-consent";
217
+ "default-provider-authorization-implicit-consent": "default-provider-authorization-implicit-consent";
218
+ "default-provider-authorization-explicit-consent": "default-provider-authorization-explicit-consent";
219
+ }>>>;
220
+ access_token_validity: z.ZodOptional<z.ZodDefault<z.ZodString>>;
221
+ intercept_header_auth: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
222
+ }, z.core.$strip>>;
223
+ }, z.core.$strip>;
224
+ export type AuthConfigType = z.infer<typeof auth_config_schema>;
225
+ /**
226
+ * Authentik plugin options
227
+ */
228
+ export declare const authentik_plugin_options_schema: z.ZodObject<{
229
+ domain: z.ZodOptional<z.ZodString>;
230
+ default_authorization_flow: z.ZodDefault<z.ZodEnum<{
231
+ "implicit-consent": "implicit-consent";
232
+ "explicit-consent": "explicit-consent";
233
+ "default-provider-authorization-implicit-consent": "default-provider-authorization-implicit-consent";
234
+ "default-provider-authorization-explicit-consent": "default-provider-authorization-explicit-consent";
235
+ }>>;
236
+ outpost_name: z.ZodDefault<z.ZodString>;
237
+ auto_generate_secrets: z.ZodDefault<z.ZodBoolean>;
238
+ output_dir: z.ZodDefault<z.ZodString>;
239
+ blueprint_version: z.ZodDefault<z.ZodNumber>;
240
+ }, z.core.$strip>;
241
+ export type AuthentikPluginOptionsType = z.infer<typeof authentik_plugin_options_schema>;
242
+ /**
243
+ * Authentik application blueprint
244
+ */
245
+ export interface AuthentikApplicationType {
246
+ identifiers: {
247
+ slug: string;
248
+ };
249
+ model: 'authentik_core.application';
250
+ attrs: {
251
+ name: string;
252
+ slug: string;
253
+ provider?: string;
254
+ meta_description?: string;
255
+ meta_icon?: string;
256
+ group?: string;
257
+ meta_launch_url?: string;
258
+ policy_engine_mode?: string;
259
+ };
260
+ }
261
+ /**
262
+ * Authentik provider blueprint (OAuth2)
263
+ */
264
+ export interface AuthentikOAuth2ProviderType {
265
+ identifiers: {
266
+ name: string;
267
+ };
268
+ model: 'authentik_providers_oauth2.oauth2provider';
269
+ attrs: {
270
+ name: string;
271
+ client_id: string;
272
+ client_type: string;
273
+ client_secret?: string;
274
+ redirect_uris: string;
275
+ authorization_flow?: string;
276
+ signing_key?: string;
277
+ include_claims_in_id_token: boolean;
278
+ access_token_validity: string;
279
+ refresh_token_validity: string;
280
+ sub_mode: string;
281
+ issue_refresh_tokens: boolean;
282
+ property_mappings?: string[];
283
+ };
284
+ }
285
+ /**
286
+ * Authentik provider blueprint (SAML)
287
+ */
288
+ export interface AuthentikSAMLProviderType {
289
+ identifiers: {
290
+ name: string;
291
+ };
292
+ model: 'authentik_providers_saml.samlprovider';
293
+ attrs: {
294
+ name: string;
295
+ acs_url: string;
296
+ issuer: string;
297
+ sp_binding: string;
298
+ audience?: string;
299
+ authorization_flow?: string;
300
+ signing_kp?: string;
301
+ name_id_mapping?: string;
302
+ assertion_valid_not_before: string;
303
+ assertion_valid_not_on_or_after: string;
304
+ session_valid_not_on_or_after: string;
305
+ property_mappings?: string[];
306
+ };
307
+ }
308
+ /**
309
+ * Authentik provider blueprint (Proxy)
310
+ */
311
+ export interface AuthentikProxyProviderType {
312
+ identifiers: {
313
+ name: string;
314
+ };
315
+ model: 'authentik_providers_proxy.proxyprovider';
316
+ attrs: {
317
+ name: string;
318
+ external_host: string;
319
+ internal_host?: string;
320
+ internal_host_ssl_validation: boolean;
321
+ certificate?: string;
322
+ skip_path_regex?: string;
323
+ basic_auth_enabled: boolean;
324
+ basic_auth_password_attribute?: string;
325
+ basic_auth_user_attribute?: string;
326
+ mode: string;
327
+ authorization_flow?: string;
328
+ access_token_validity: string;
329
+ intercept_header_auth: boolean;
330
+ property_mappings?: string[];
331
+ };
332
+ }
333
+ /**
334
+ * Authentik blueprint structure
335
+ */
336
+ export interface AuthentikBlueprintType {
337
+ version: number;
338
+ metadata: {
339
+ name: string;
340
+ labels?: Record<string, string>;
341
+ };
342
+ entries: Array<AuthentikApplicationType | AuthentikOAuth2ProviderType | AuthentikSAMLProviderType | AuthentikProxyProviderType>;
343
+ }
344
+ //# sourceMappingURL=types.d.ts.map
package/dist/types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;EAKhC,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAEtE;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;EAAsC,CAAC;AACxE,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAEpE;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;EAAqC,CAAC;AACrE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEhE;;GAEG;AACH,eAAO,MAAM,iBAAiB;;;;EAAwD,CAAC;AACvF,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAE9D;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;EAA+B,CAAC;AAChE,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAElE;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;EAKpC,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAE7E;;GAEG;AACH,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;iBAyBxC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAErF;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;iBAuBtC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEjF;;GAEG;AACH,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;iBAyBvC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAEnF;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAqB7B,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEhE;;GAEG;AACH,eAAO,MAAM,+BAA+B;;;;;;;;;;;;iBAa1C,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AAEzF;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,KAAK,EAAE,4BAA4B,CAAC;IACpC,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,KAAK,EAAE,2CAA2C,CAAC;IACnD,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,aAAa,EAAE,MAAM,CAAC;QACtB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,0BAA0B,EAAE,OAAO,CAAC;QACpC,qBAAqB,EAAE,MAAM,CAAC;QAC9B,sBAAsB,EAAE,MAAM,CAAC;QAC/B,QAAQ,EAAE,MAAM,CAAC;QACjB,oBAAoB,EAAE,OAAO,CAAC;QAC9B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC9B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,KAAK,EAAE,uCAAuC,CAAC;IAC/C,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,UAAU,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,0BAA0B,EAAE,MAAM,CAAC;QACnC,+BAA+B,EAAE,MAAM,CAAC;QACxC,6BAA6B,EAAE,MAAM,CAAC;QACtC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC9B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,0BAA0B;IACzC,WAAW,EAAE;QACX,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,KAAK,EAAE,yCAAyC,CAAC;IACjD,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,4BAA4B,EAAE,OAAO,CAAC;QACtC,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,kBAAkB,EAAE,OAAO,CAAC;QAC5B,6BAA6B,CAAC,EAAE,MAAM,CAAC;QACvC,yBAAyB,CAAC,EAAE,MAAM,CAAC;QACnC,IAAI,EAAE,MAAM,CAAC;QACb,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,qBAAqB,EAAE,MAAM,CAAC;QAC9B,qBAAqB,EAAE,OAAO,CAAC;QAC/B,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC9B,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACjC,CAAC;IACF,OAAO,EAAE,KAAK,CACV,wBAAwB,GACxB,2BAA2B,GAC3B,yBAAyB,GACzB,0BAA0B,CAC7B,CAAC;CACH"}
package/package.json CHANGED
@@ -1,21 +1,25 @@
1
1
  {
2
2
  "name": "@kustodian/plugin-authentik",
3
- "version": "1.0.0",
3
+ "version": "2.0.0",
4
4
  "description": "Authentik authentication provider plugin for Kustodian",
5
5
  "type": "module",
6
- "main": "./src/index.ts",
7
- "types": "./src/index.ts",
6
+ "main": "./dist/index.js",
7
+ "types": "./dist/index.d.ts",
8
8
  "exports": {
9
9
  ".": {
10
- "types": "./src/index.ts",
11
- "import": "./src/index.ts"
10
+ "types": "./dist/index.d.ts",
11
+ "import": "./dist/index.js"
12
12
  }
13
13
  },
14
- "files": ["src"],
14
+ "files": [
15
+ "dist"
16
+ ],
15
17
  "scripts": {
16
18
  "test": "bun test",
17
19
  "test:watch": "bun test --watch",
18
- "typecheck": "bun run tsc --noEmit"
20
+ "typecheck": "bun run tsc --noEmit",
21
+ "build": "bun build src/index.ts --outdir dist --target node --format esm && tsc --emitDeclarationOnly --outDir dist",
22
+ "prepublishOnly": "bun run build"
19
23
  },
20
24
  "keywords": [
21
25
  "kustodian",
@@ -35,7 +39,8 @@
35
39
  "directory": "plugins/authentik"
36
40
  },
37
41
  "publishConfig": {
38
- "registry": "https://npm.pkg.github.com"
42
+ "access": "public",
43
+ "registry": "https://registry.npmjs.org"
39
44
  },
40
45
  "dependencies": {
41
46
  "@kustodian/core": "^1.1.0",
package/src/executor.ts DELETED
@@ -1,119 +0,0 @@
1
- import { exec } from 'node:child_process';
2
- import { readFileSync } from 'node:fs';
3
- import { promisify } from 'node:util';
4
-
5
- import { type ResultType, create_error, success } from '@kustodian/core';
6
- import type { KustodianErrorType } from '@kustodian/core';
7
-
8
- import { yaml_to_blueprint } from './generator.js';
9
-
10
- const exec_async = promisify(exec);
11
-
12
- /**
13
- * Check if Authentik CLI is available.
14
- */
15
- export async function check_authentik_available(): Promise<ResultType<string, KustodianErrorType>> {
16
- try {
17
- const { stdout } = await exec_async('ak --version', { timeout: 5000 });
18
- const version = stdout.trim();
19
- return success(version);
20
- } catch (error) {
21
- return {
22
- success: false,
23
- error: create_error(
24
- 'AUTHENTIK_CLI_NOT_FOUND',
25
- 'Authentik CLI not found. Install from: https://goauthentik.io/docs/installation/',
26
- error,
27
- ),
28
- };
29
- }
30
- }
31
-
32
- /**
33
- * Validate Authentik blueprint file.
34
- */
35
- export async function validate_blueprint(
36
- blueprint_path: string,
37
- ): Promise<ResultType<void, KustodianErrorType>> {
38
- try {
39
- // Read the blueprint file
40
- const blueprint_content = readFileSync(blueprint_path, 'utf-8');
41
-
42
- // Parse YAML to validate structure
43
- const parse_result = yaml_to_blueprint(blueprint_content);
44
- if (!parse_result.success) {
45
- return parse_result;
46
- }
47
-
48
- const blueprint = parse_result.value;
49
-
50
- // Basic validation
51
- if (!blueprint.version || !blueprint.metadata || !blueprint.entries) {
52
- return {
53
- success: false,
54
- error: create_error(
55
- 'INVALID_BLUEPRINT',
56
- 'Blueprint must have version, metadata, and entries',
57
- ),
58
- };
59
- }
60
-
61
- if (blueprint.entries.length === 0) {
62
- return {
63
- success: false,
64
- error: create_error('INVALID_BLUEPRINT', 'Blueprint must have at least one entry'),
65
- };
66
- }
67
-
68
- // Validate each entry has required fields
69
- for (const entry of blueprint.entries) {
70
- if (!entry.model || !entry.identifiers) {
71
- return {
72
- success: false,
73
- error: create_error(
74
- 'INVALID_BLUEPRINT',
75
- 'Each blueprint entry must have model and identifiers',
76
- ),
77
- };
78
- }
79
- }
80
-
81
- return success(undefined);
82
- } catch (error) {
83
- return {
84
- success: false,
85
- error: create_error(
86
- 'VALIDATION_ERROR',
87
- `Failed to validate blueprint: ${error instanceof Error ? error.message : String(error)}`,
88
- error,
89
- ),
90
- };
91
- }
92
- }
93
-
94
- /**
95
- * Generate random secret (for OAuth2 clients).
96
- */
97
- export async function generate_random_secret(
98
- length = 64,
99
- ): Promise<ResultType<string, KustodianErrorType>> {
100
- try {
101
- const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';
102
- let result = '';
103
- const randomArray = new Uint8Array(length);
104
- crypto.getRandomValues(randomArray);
105
- for (const value of randomArray) {
106
- result += chars[value % chars.length];
107
- }
108
- return success(result);
109
- } catch (error) {
110
- return {
111
- success: false,
112
- error: create_error(
113
- 'GENERATION_ERROR',
114
- `Failed to generate secret: ${error instanceof Error ? error.message : String(error)}`,
115
- error,
116
- ),
117
- };
118
- }
119
- }