authentik/website/docs/customize/blueprints/v1/structure.md

83 lines
3.3 KiB
Markdown

# File structure
Blueprints are YAML files, which can use some additional tags to ease blueprint creation.
## Schema
The blueprint schema is available under `https://goauthentik.io/blueprints/schema.json`. It is also possible to target a specific version's blueprint schema by using `https://version-2023-4.goauthentik.io/blueprints/schema.json`.
To use the schema with Visual Studio code and the YAML extension, add this comment at the top of your blueprint files:
```yaml
# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
```
## Example
```yaml
# yaml-language-server: $schema=https://goauthentik.io/blueprints/schema.json
# The version of this blueprint, currently 1
version: 1
# Optional block of metadata, name is required if metadata is set
metadata:
# Arbitrary key=value store, special labels are listed below
labels:
foo: bar
name: example-blueprint
# Optional default context, instance context is merged over this.
context:
foo: bar
# List of entries (required)
entries:
- # Model in app.model notation, possibilities are listed in the schema (required)
model: authentik_flows.flow
# The state this object should be in (optional, can be "present", "created" or "absent")
# Present will keep the object in sync with its definition here, created will only ensure
# the object is created (and create it with the values given here), and "absent" will
# delete the object
state: present
# An optional list of boolean-like conditions. If all conditions match (or
# no conditions are provided) the entry will be evaluated and acted upon
# as normal. Otherwise, the entry is skipped as if not defined at all.
# Each condition will be evaluated in Python to its boolean representation
# bool(<condition>). Furthermore, complex conditions can be built using
# a special !Condition tag. See the documentattion for custom tags for more
# information.
conditions:
- true
- text
- 2
- !Condition [AND, ...] # See custom tags section
# Key:value filters to uniquely identify this object (required)
identifiers:
slug: initial-setup
# Optional ID for use with !KeyOf
id: flow
# Attributes to set on the object. Only explicitly required settings should be stated
# as these values will override existing attributes
attrs:
denied_action: message_continue
designation: stage_configuration
name: default-oobe-setup
title: Welcome to authentik!
# Optionally set object-level permissions on the object
# Requires authentik 2024.8
permissions:
- permission: inspect_flow
user: !Find [authentik_core.user, [username, akadmin]]
```
## Special Labels
#### `blueprints.goauthentik.io/system`:
Used by authentik's packaged blueprints to keep globals up-to-date. Should only be removed in special cases.
#### `blueprints.goauthentik.io/instantiate`:
Configure if this blueprint should automatically be instantiated (defaults to `"true"`). When set to `"false"`, blueprints are listed and available to be instantiated via API/Browser.
#### `blueprints.goauthentik.io/description`:
Optionally set a description, which can be seen in the web interface.