From b70b62dfef8e4907edeb6825a0b040a6967d5773 Mon Sep 17 00:00:00 2001 From: Conrad Kramer Date: Sun, 19 Apr 2026 00:56:35 -0700 Subject: [PATCH] Fix Zulip bootstrap user handling --- Scripts/authentik-sync-linear-saml.sh | 4 ++-- Scripts/authentik-sync-linear-scim.sh | 7 +------ nixos/modules/burrow-zulip.nix | 8 ++++---- 3 files changed, 7 insertions(+), 12 deletions(-) diff --git a/Scripts/authentik-sync-linear-saml.sh b/Scripts/authentik-sync-linear-saml.sh index 2fd1a90..5da64ad 100755 --- a/Scripts/authentik-sync-linear-saml.sh +++ b/Scripts/authentik-sync-linear-saml.sh @@ -294,8 +294,8 @@ existing_application="$( )" if [[ -n "$existing_application" ]]; then - application_pk="$(printf '%s\n' "$existing_application" | jq -r '.pk')" - api PATCH "/api/v3/core/applications/${application_pk}/" "$application_payload" >/dev/null + application_pk="existing" + api PATCH "/api/v3/core/applications/${application_slug}/" "$application_payload" >/dev/null else create_application_result="$( api_with_status POST "/api/v3/core/applications/" "$application_payload" diff --git a/Scripts/authentik-sync-linear-scim.sh b/Scripts/authentik-sync-linear-scim.sh index 5d42cca..4ef83e4 100644 --- a/Scripts/authentik-sync-linear-scim.sh +++ b/Scripts/authentik-sync-linear-scim.sh @@ -278,12 +278,7 @@ application_payload="$( policy_engine_mode: .policy_engine_mode }' )" -application_pk="$(printf '%s\n' "$application" | jq -r '.pk // empty')" -if [[ -z "$application_pk" ]]; then - echo "error: could not resolve Authentik application primary key for ${application_slug}" >&2 - exit 1 -fi -api PATCH "/api/v3/core/applications/${application_pk}/" "$application_payload" >/dev/null +api PATCH "/api/v3/core/applications/${application_slug}/" "$application_payload" >/dev/null group_pks_json="$(jq -cn --arg owner "$owner_group_pk" --arg admin "$admin_group_pk" --arg guest "$guest_group_pk" '[$owner, $admin, $guest]')" user_pks_json="$( diff --git a/nixos/modules/burrow-zulip.nix b/nixos/modules/burrow-zulip.nix index 238905b..0db3dfd 100644 --- a/nixos/modules/burrow-zulip.nix +++ b/nixos/modules/burrow-zulip.nix @@ -385,8 +385,8 @@ EOF bootstrap_realm_if_needed() { local realm_exists realm_exists="$( - compose run --rm -T --entrypoint bash zulip -lc \ - "su zulip -c '/home/zulip/deployments/current/manage.py list_realms'" \ + compose run --rm -T -u zulip --entrypoint bash zulip -lc \ + "/home/zulip/deployments/current/manage.py list_realms" \ | awk '$NF == "https://${cfg.domain}" { print "yes" }' )" @@ -398,8 +398,8 @@ EOF export ZULIP_ADMIN_EMAIL=${lib.escapeShellArg cfg.administratorEmail} export ZULIP_OWNER_NAME=${lib.escapeShellArg cfg.realmOwnerName} - compose run --rm -T --entrypoint bash zulip -lc ' - su zulip -c "/home/zulip/deployments/current/manage.py create_realm --string-id= --password-file /data/secrets/bootstrap-owner-password --automated \"$ZULIP_REALM_NAME\" \"$ZULIP_ADMIN_EMAIL\" \"$ZULIP_OWNER_NAME\"" + compose run --rm -T -u zulip --entrypoint bash zulip -lc ' + /home/zulip/deployments/current/manage.py create_realm --string-id= --password-file /data/secrets/bootstrap-owner-password --automated "$ZULIP_REALM_NAME" "$ZULIP_ADMIN_EMAIL" "$ZULIP_OWNER_NAME" ' }