enterprise/lifecycle: implement Object Lifecycle Management (#13265)

[atereshkin]

Details

This implements Object Lifecycle Management: a way to schedule and track periodic reviews for Applications, Groups and Roles (and eventually more objects).
On the backend, a new app is added called "enterprise/lifecycle".
On the frontend, 3 new screens are added: Events -> Lifecycle Rules, Events -> Access Reviews and the Lifecycle tab on Application/Group/Role detail page. Most of the code is in admin/lifecycle

closes #13265

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make docs)

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	7fa6eda
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/6984428690bcb30008a3b768
😎 Deploy Preview	https://deploy-preview-20015--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	7fa6eda
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/698442874655c90008a9d5b2
😎 Deploy Preview	https://deploy-preview-20015--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	e274514
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/6984c76d3bc46e00073fd1fd
😎 Deploy Preview	https://deploy-preview-20015--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	6e28d21
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/6984c75878ee0f0009d90377
😎 Deploy Preview	https://deploy-preview-20015--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[BeryJu]

mostly typing things

[BeryJu]

what's this required for?

[atereshkin]

I wanted to emphasize that it's not the generic list endpoint, but a specialized one just for getting open reviews. There's (currently) no reason to retrieve the closed (let alone canceled) reviews, so I figured it should be emphasized in the API. Do you think a generic one with a filter would be better?

[rissson]

Suggested change

	class Attestation(SerializerModel):
	class LifecycleReview(SerializerModel):

After discussion with the team, we'd like to name this "review", but this causes a conflict with the above model. Maybe rename the above one as LifecycleStatus or LifecycleReviewStatus

[atereshkin]

@rissson not a fan of these tbh, because it's not just a status storage, but a "review round". I.e. it's not immediately clear from either of these names why an object would have multiple review statuses rather one. How about ReviewCycle or ReviewRound? Or maybe LifecycleIteration?

Also, what about the UI? Is it still OK to call that section "Access reviews" (regardless of how we call the model)?

[rissson]

Usually when we use rel_obj we also have a section on the frontend that will show associated tasks, because they don't show up by default in the "System tasks" page.

[atereshkin]

@rissson Do you think it would be useful to have that here? Or maybe we should just remove rel_obj? I was thinking we could eventually show open reviews when you expand a lifecycle rule in the list.