Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Django Postgres settings use wrong keys for TLS auth #12178

Closed
solidDoWant opened this issue Nov 25, 2024 · 1 comment · Fixed by #12180
Closed

Django Postgres settings use wrong keys for TLS auth #12178

solidDoWant opened this issue Nov 25, 2024 · 1 comment · Fixed by #12180
Labels
bug Something isn't working

Comments

@solidDoWant
Copy link

Describe the bug
These four keys are not placed in the correct dict path to configure Postgres TLS settings for Django.

To Reproduce

  1. Deploy Authentik with any Postgres TLS setting configured. For example, client TLS auth or the server auth root CA with TLS verification enabled.
  2. Observe that connections and migration checks (which do not run via Django) complete successfully, but Django ignores these settings (leading to an immediate crash in most cases).

Expected behavior

Authentik should start with these settings configured.

Screenshots
N/A

Logs

{"event": "Not running as root, disabling permission fixes", "level": "info", "logger": "bootstrap"}
{"event": "Loaded config", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517826.82251, "file": "/authentik/lib/default.yml"}
{"event": "Loaded environment variables", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517826.8231416, "count": 106}
{"event": "Starting authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1732517827.2035837}
{"event": "PostgreSQL connection successful", "level": "info", "logger": "authentik.lib.config", "timestamp": 1732517827.2307312}
{"event": "Redis Connection successful", "level": "info", "logger": "authentik.lib.config", "timestamp": 1732517827.241528}
{"event": "Finished authentik bootstrap", "level": "info", "logger": "authentik.lib.config", "timestamp": 1732517827.2416465}
2024-11-25 00:57:07 [info     ] waiting to acquire database lock
2024-11-25 00:57:07 [info     ] applying django migrations
{"event": "Booting authentik", "level": "info", "logger": "authentik.lib.config", "timestamp": 1732517828.4601443, "version": "2024.10.2"}
{"event": "Enabled authentik enterprise", "level": "info", "logger": "authentik.lib.config", "timestamp": 1732517828.4618242}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4624736, "path": "authentik.enterprise.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4630117, "path": "authentik.crypto.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.46474, "path": "authentik.enterprise.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4656708, "path": "authentik.enterprise.providers.google_workspace.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4662564, "path": "authentik.enterprise.providers.microsoft_entra.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.466884, "path": "authentik.events.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.467561, "path": "authentik.sources.ldap.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4682217, "path": "authentik.stages.authenticator_webauthn.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.469039, "path": "authentik.sources.plex.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4695148, "path": "authentik.sources.oauth.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4709477, "path": "authentik.sources.kerberos.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4714465, "path": "authentik.blueprints.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4716926, "path": "authentik.stages.authenticator_totp.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4723954, "path": "authentik.admin.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.4728634, "path": "authentik.providers.scim.settings"}
{"event": "Loaded app settings", "level": "debug", "logger": "authentik.lib.config", "timestamp": 1732517828.473948, "path": "authentik.outposts.settings"}
{"domain_url": null, "event": "Loaded MMDB database", "file": "/geoip/GeoLite2-ASN.mmdb", "last_write": 1731602268.0, "level": "info", "logger": "authentik.events.context_processors.mmdb", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:08.906374"}
{"domain_url": null, "event": "Loaded MMDB database", "file": "/geoip/GeoLite2-City.mmdb", "last_write": 1731602268.0, "level": "info", "logger": "authentik.events.context_processors.mmdb", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:08.907278"}
{"app_name": "authentik.tenants", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.tenants.checks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.217359"}
{"app_name": "authentik.tenants", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.tenants.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.217728"}
{"app_name": "authentik.admin", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.admin.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.237254"}
{"app_name": "authentik.admin", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.admin.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.237583"}
{"app_name": "authentik.crypto", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.crypto.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.238370"}
{"app_name": "authentik.flows", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.flows.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.262323"}
{"app_name": "authentik.outposts", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.outposts.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.287796"}
{"app_name": "authentik.outposts", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.outposts.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.288443"}
{"app_name": "authentik.policies.reputation", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.policies.reputation.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.289023"}
{"app_name": "authentik.policies", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.policies.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.297784"}
{"app_name": "authentik.providers.oauth2", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.providers.oauth2.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.298203"}
{"app_name": "authentik.providers.proxy", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.providers.proxy.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.298691"}
{"app_name": "authentik.providers.proxy", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.providers.proxy.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.299041"}
{"app_name": "authentik.providers.scim", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.providers.scim.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.300905"}
{"app_name": "authentik.providers.scim", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.providers.scim.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.301764"}
{"app_name": "authentik.rbac", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.rbac.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.302543"}
{"app_name": "authentik.sources.kerberos", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.sources.kerberos.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.304149"}
{"app_name": "authentik.sources.kerberos", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.sources.kerberos.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.304687"}
{"app_name": "authentik.sources.ldap", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.sources.ldap.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.309578"}
{"app_name": "authentik.sources.ldap", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.sources.ldap.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.312218"}
{"app_name": "authentik.sources.oauth", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.sources.oauth.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.323310"}
{"app_name": "authentik.sources.saml", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.sources.saml.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.323715"}
{"app_name": "authentik.sources.scim", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.sources.scim.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.324229"}
{"app_name": "authentik.stages.authenticator_duo", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.stages.authenticator_duo.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.324719"}
{"app_name": "authentik.stages.authenticator_static", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.stages.authenticator_static.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.325086"}
{"app_name": "authentik.stages.authenticator_webauthn", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.stages.authenticator_webauthn.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.359195"}
{"app_name": "authentik.stages.email", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.stages.email.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.359419"}
{"app_name": "authentik.core", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.core.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.361051"}
{"app_name": "authentik.core", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.core.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.361141"}
{"app_name": "authentik.enterprise", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.enterprise.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.361509"}
{"app_name": "authentik.enterprise", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.enterprise.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.361914"}
{"app_name": "authentik.enterprise.providers.google_workspace", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.enterprise.providers.google_workspace.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.362426"}
{"app_name": "authentik.enterprise.providers.google_workspace", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.enterprise.providers.google_workspace.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.362736"}
{"app_name": "authentik.enterprise.providers.microsoft_entra", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.enterprise.providers.microsoft_entra.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.363192"}
{"app_name": "authentik.enterprise.providers.microsoft_entra", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.enterprise.providers.microsoft_entra.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.363488"}
{"app_name": "authentik.enterprise.providers.rac", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.enterprise.providers.rac.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.367514"}
{"app_name": "authentik.events", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.events.tasks", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.367837"}
{"app_name": "authentik.events", "domain_url": null, "event": "Imported related module", "level": "info", "logger": "authentik.blueprints.apps", "module": "authentik.events.signals", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:10.367919"}
{"domain_url": null, "event": "releasing database lock", "level": "info", "logger": "lifecycle.migrate", "pid": 7, "schema_name": "public", "timestamp": "2024-11-25T06:57:11.169253"}
Traceback (most recent call last):
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/base.py", line 275, in ensure_connection
    self.connect()
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/asyncio.py", line 26, in inner
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/base.py", line 256, in connect
    self.connection = self.get_new_connection(conn_params)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/backends/postgresql/base.py", line 9, in get_new_connection
    conn = super().get_new_connection(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/common.py", line 45, in get_new_connection
    return super().get_new_connection(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/asyncio.py", line 26, in inner
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/postgresql/base.py", line 277, in get_new_connection
    connection = self.Database.connect(**conn_params)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/psycopg/connection.py", line 119, in connect
    raise last_ex.with_traceback(None)
psycopg.OperationalError: connection failed: connection to server at "10.33.164.129", port 5432 failed: FATAL:  connection requires a valid client certificate
connection to server at "10.33.164.129", port 5432 failed: fe_sendauth: no password supplied

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "<frozen runpy>", line 198, in _run_module_as_main
  File "<frozen runpy>", line 88, in _run_code
  File "/manage.py", line 43, in <module>
    run_migrations()
  File "/lifecycle/migrate.py", line 114, in run_migrations
    execute_from_command_line(["", "migrate_schemas"])
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/__init__.py", line 442, in execute_from_command_line
    utility.execute()
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/__init__.py", line 436, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/base.py", line 413, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/ak-root/venv/lib/python3.12/site-packages/django/core/management/base.py", line 459, in execute
    output = self.handle(*args, **options)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/management/commands/migrate_schemas.py", line 63, in handle
    executor.run_migrations(tenants=[self.PUBLIC_SCHEMA_NAME])
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/migration_executors/standard.py", line 11, in run_migrations
    run_migrations(self.args, self.options, self.codename, self.PUBLIC_SCHEMA_NAME)
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/migration_executors/base.py", line 49, in run_migrations
    migration_recorder.ensure_schema()
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/recorder.py", line 73, in ensure_schema
    if self.has_table():
       ^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/recorder.py", line 63, in has_table
  executor.run_migrations(tenants=[self.PUBLIC_SCHEMA_NAME])
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/migration_executors/standard.py", line 11, in run_migrations
    run_migrations(self.args, self.options, self.codename, self.PUBLIC_SCHEMA_NAME)
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/migration_executors/base.py", line 49, in run_migrations
    migration_recorder.ensure_schema()
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/recorder.py", line 73, in ensure_schema
    if self.has_table():
       ^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/migrations/recorder.py", line 63, in has_table
    with self.connection.cursor() as cursor:
         ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/asyncio.py", line 26, in inner
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/base.py", line 316, in cursor
    return self._cursor()
           ^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_tenants/postgresql_backend/base.py", line 144, in _cursor
    cursor = super()._cursor()
             ^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/base.py", line 292, in _cursor
    self.ensure_connection()
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/asyncio.py", line 26, in inner
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/base.py", line 274, in ensure_connection
    with self.wrap_database_errors:
         ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/utils.py", line 91, in __exit__
    raise dj_exc_value.with_traceback(traceback) from exc_value
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/base.py", line 275, in ensure_connection
    self.connect()
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/asyncio.py", line 26, in inner
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/base/base.py", line 256, in connect
    self.connection = self.get_new_connection(conn_params)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/backends/postgresql/base.py", line 9, in get_new_connection
    conn = super().get_new_connection(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/common.py", line 45, in get_new_connection
    return super().get_new_connection(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/utils/asyncio.py", line 26, in inner
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/postgresql/base.py", line 277, in get_new_connection
    connection = self.Database.connect(**conn_params)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/ak-root/venv/lib/python3.12/site-packages/psycopg/connection.py", line 119, in connect
    raise last_ex.with_traceback(None)
django.db.utils.OperationalError: connection failed: connection to server at "10.33.164.129", port 5432 failed: FATAL:  connection requires a valid client certificate
connection to server at "10.33.164.129", port 5432 failed: fe_sendauth: no password supplied

Version and Deployment (please complete the following information):

  • authentik version: 2024.10.2
  • Deployment: Helm

Additional context

These keys need to be listed under OPTIONS, in lower case, as shown here.

To workaround this, a patch can be created via user_settings.py that can fix the issue. Example of how to deploy this here.
@solidDoWant solidDoWant added the bug Something isn't working label Nov 25, 2024
@solidDoWant
Copy link
Author

I haven't been able to find anything in the django docs that specifically mentions these values, but several search results show + testing shows that this is the correct config.

@BeryJu BeryJu mentioned this issue Nov 25, 2024
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

root: fix database ssl options not set correctly goauthentik/authentik
1 participant
@solidDoWant