feat: multi-instance Authentik credentials with test_user support
Add -a <instance> flag to all Authentik wrapper scripts, matching the existing multi-instance pattern used by Woodpecker and Cloudflare. credentials.json now supports per-instance Authentik config: authentik.<instance>.url — instance URL authentik.<instance>.token — API token (admin wrappers) authentik.<instance>.test_user — username/password (Playwright/agent tests) authentik.default — default instance name Legacy flat structure (authentik.url) still works as fallback. Token cache is now per-instance (~/.cache/mosaic/authentik-token-<name>). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
@@ -2,7 +2,7 @@
|
||||
#
|
||||
# user-create.sh — Create an Authentik user
|
||||
#
|
||||
# Usage: user-create.sh -u <username> -n <name> -e <email> [-p password] [-g group]
|
||||
# Usage: user-create.sh -u <username> -n <name> -e <email> [-p password] [-g group] [-a instance]
|
||||
#
|
||||
# Options:
|
||||
# -u username Username (required)
|
||||
@@ -11,6 +11,7 @@
|
||||
# -p password Initial password (optional — user gets set-password flow if omitted)
|
||||
# -g group Group name to add user to (optional)
|
||||
# -f format Output format: table (default), json
|
||||
# -a instance Authentik instance name (e.g. usc, mosaic)
|
||||
# -h Show this help
|
||||
#
|
||||
# Environment variables (or credentials.json):
|
||||
@@ -20,11 +21,10 @@ set -euo pipefail
|
||||
MOSAIC_HOME="${MOSAIC_HOME:-$HOME/.config/mosaic}"
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
source "$MOSAIC_HOME/tools/_lib/credentials.sh"
|
||||
load_credentials authentik
|
||||
|
||||
USERNAME="" NAME="" EMAIL="" PASSWORD="" GROUP="" FORMAT="table"
|
||||
USERNAME="" NAME="" EMAIL="" PASSWORD="" GROUP="" FORMAT="table" AK_INSTANCE=""
|
||||
|
||||
while getopts "u:n:e:p:g:f:h" opt; do
|
||||
while getopts "u:n:e:p:g:f:a:h" opt; do
|
||||
case $opt in
|
||||
u) USERNAME="$OPTARG" ;;
|
||||
n) NAME="$OPTARG" ;;
|
||||
@@ -32,17 +32,24 @@ while getopts "u:n:e:p:g:f:h" opt; do
|
||||
p) PASSWORD="$OPTARG" ;;
|
||||
g) GROUP="$OPTARG" ;;
|
||||
f) FORMAT="$OPTARG" ;;
|
||||
h) head -18 "$0" | grep "^#" | sed 's/^# \?//'; exit 0 ;;
|
||||
*) echo "Usage: $0 -u <username> -n <name> -e <email> [-p password] [-g group]" >&2; exit 1 ;;
|
||||
a) AK_INSTANCE="$OPTARG" ;;
|
||||
h) head -19 "$0" | grep "^#" | sed 's/^# \?//'; exit 0 ;;
|
||||
*) echo "Usage: $0 -u <username> -n <name> -e <email> [-p password] [-g group] [-a instance]" >&2; exit 1 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -n "$AK_INSTANCE" ]]; then
|
||||
load_credentials "authentik-${AK_INSTANCE}"
|
||||
else
|
||||
load_credentials authentik
|
||||
fi
|
||||
|
||||
if [[ -z "$USERNAME" || -z "$NAME" || -z "$EMAIL" ]]; then
|
||||
echo "Error: -u username, -n name, and -e email are required" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
TOKEN=$("$SCRIPT_DIR/auth-token.sh" -q)
|
||||
TOKEN=$("$SCRIPT_DIR/auth-token.sh" -q ${AK_INSTANCE:+-a "$AK_INSTANCE"})
|
||||
|
||||
# Build user payload
|
||||
payload=$(jq -n \
|
||||
|
||||
Reference in New Issue
Block a user