outpost/proxyv2: handle PostgreSQL passwords with spaces and special chars + more tests

[dominic-r]

And modify / add some more tests and a bit of refactoring

Closes: #18175

Details

REPLACE ME

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make docs)

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	ead227a
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/691bdc20658e690008db7585

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	ead227a
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/691bdc20721baf00089eee61
😎 Deploy Preview	https://deploy-preview-18211--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-integrations canceled.

Name	Link
🔨 Latest commit	ead227a
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/691bdc20aa90c1000889deba

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.91%. Comparing base (3532999) to head (ead227a).
⚠️ Report is 11 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #18211      +/-   ##
==========================================
- Coverage   92.95%   92.91%   -0.05%     
==========================================
  Files         869      869              
  Lines       48116    48116              
==========================================
- Hits        44728    44706      -22     
- Misses       3388     3410      +22     

Flag	Coverage Δ
e2e	45.20% <ø> (+0.02%)	⬆️
integration	23.13% <ø> (-0.06%)	⬇️
unit	91.07% <ø> (+<0.01%)	⬆️
unit-migrate	91.12% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ead227a27273f5b6a4cda7da89abc81741f0ba14
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-ead227a27273f5b6a4cda7da89abc81741f0ba14

Afterwards, run the upgrade commands from the latest release notes.

[JohnTheNerd]

I think this change, as-is, is a breaking change that does not conform to the Postgres or Authentik documentation. If SSL mode is set to require, the documented behavior is to not check certificate validity:

• https://www.postgresql.org/docs/current/libpq-ssl.html

• https://docs.goauthentik.io/install-config/configuration/ (currently not viewable due to the ongoing CloudFlare outage)

This change instead makes "require" equivalent to "verify-ca". If this is intended to be the case, it should be documented as a breaking change.

[dominic-r]

Yea, I need to change that, Good catch.