core: app entitlements

[BeryJu]

Details

Application scoped entitlements which can be used to configure authorization within a given application. Entitlements can be assigned to individual users or groups and can store attributes

• [ ] Add scope mapping for entitlements
• [ ] Add docs
• [ ] Add note that policies are not supported for bindings to the entitlements yet
• [ ] Add validation that policies cant be set in bindings to this target type

---

Checklist

• [x] Local tests pass (ak test authentik/)
• [x] The code has been formatted (make lint-fix)

If an API change has been made

• [x] The API schema has been updated (make gen-build)

If changes to the frontend have been made

• [x] The code has been formatted (make web)

If applicable

• [ ] The documentation has been updated
• [ ] The documentation has been formatted (make website)

[netlify[bot]]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	fb0543402ad9af227ea1dd867a5c508e774737a3
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/6744ad2d9979b90008e3ac28

[netlify[bot]]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	fb0543402ad9af227ea1dd867a5c508e774737a3
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/6744ad2d4ae26d0008ab48d8

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 98.76543% with 1 line in your changes missing coverage. Please review.

Project coverage is 92.69%. Comparing base (630e0e6) to head (fb05434). Report is 1 commits behind head on main.

:white_check_mark: All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
authentik/core/models.py	94.11%	1 Missing :warning:

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #12090 +/- ## ========================================== - Coverage 92.69% 92.69% -0.01% ========================================== Files 761 763 +2 Lines 38025 38105 +80 ========================================== + Hits 35249 35323 +74 - Misses 2776 2782 +6 ``` | [Flag](https://app.codecov.io/gh/goauthentik/authentik/pull/12090/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=goauthentik) | Coverage Δ | | |---|---|---| | [e2e](https://app.codecov.io/gh/goauthentik/authentik/pull/12090/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=goauthentik) | `49.19% <37.03%> (-0.04%)` | :arrow_down: | | [integration](https://app.codecov.io/gh/goauthentik/authentik/pull/12090/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=goauthentik) | `24.80% <13.58%> (-0.03%)` | :arrow_down: | | [unit](https://app.codecov.io/gh/goauthentik/authentik/pull/12090/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=goauthentik) | `90.22% <98.76%> (+0.01%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=goauthentik#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• JS Bundle Analysis - Avoid shipping oversized bundles

[github-actions[bot]]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your `.env` file: ```shell AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server AUTHENTIK_TAG=gh-fb0543402ad9af227ea1dd867a5c508e774737a3 AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s ``` For arm64, use these values: ```shell AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server AUTHENTIK_TAG=gh-fb0543402ad9af227ea1dd867a5c508e774737a3-arm64 AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s ``` Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your `values.yml` file: ```yaml authentik: outposts: container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s global: image: repository: ghcr.io/goauthentik/dev-server tag: gh-fb0543402ad9af227ea1dd867a5c508e774737a3 ``` For arm64, use these values: ```yaml authentik: outposts: container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s global: image: repository: ghcr.io/goauthentik/dev-server tag: gh-fb0543402ad9af227ea1dd867a5c508e774737a3-arm64 ``` Afterwards, run the upgrade commands from the latest release notes.