blueprints: add !If tag (#4264)

* Added \!If tag

* Fix typo

* Removed trailing whitespace

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>

* format blueprint fixtures

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: sdimovv <36302090+sdimovv@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
sdimovv 2022-12-26 15:20:22 +00:00 committed by GitHub
parent 3eecc76717
commit 8f3579ba45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 239 additions and 104 deletions

View file

@ -1,21 +1,21 @@
version: 1
entries:
- identifiers:
name: "%(id1)s"
slug: "%(id1)s"
model: authentik_flows.flow
conditions:
- true
attrs:
designation: stage_configuration
title: foo
- identifiers:
name: "%(id2)s"
slug: "%(id2)s"
model: authentik_flows.flow
conditions:
- true
- true
attrs:
designation: stage_configuration
title: foo
- identifiers:
name: "%(id1)s"
slug: "%(id1)s"
model: authentik_flows.flow
conditions:
- true
attrs:
designation: stage_configuration
title: foo
- identifiers:
name: "%(id2)s"
slug: "%(id2)s"
model: authentik_flows.flow
conditions:
- true
- true
attrs:
designation: stage_configuration
title: foo

View file

@ -1,21 +1,21 @@
version: 1
entries:
- identifiers:
name: "%(id1)s"
slug: "%(id1)s"
model: authentik_flows.flow
conditions:
- false
attrs:
designation: stage_configuration
title: foo
- identifiers:
name: "%(id2)s"
slug: "%(id2)s"
model: authentik_flows.flow
conditions:
- true
- false
attrs:
designation: stage_configuration
title: foo
- identifiers:
name: "%(id1)s"
slug: "%(id1)s"
model: authentik_flows.flow
conditions:
- false
attrs:
designation: stage_configuration
title: foo
- identifiers:
name: "%(id2)s"
slug: "%(id2)s"
model: authentik_flows.flow
conditions:
- true
- false
attrs:
designation: stage_configuration
title: foo

View file

@ -1,7 +1,7 @@
version: 1
entries:
- identifiers:
name: "%(id)s"
slug: "%(id)s"
model: authentik_flows.flow
state: absent
- identifiers:
name: "%(id)s"
slug: "%(id)s"
model: authentik_flows.flow
state: absent

View file

@ -1,10 +1,10 @@
version: 1
entries:
- identifiers:
name: "%(id)s"
slug: "%(id)s"
model: authentik_flows.flow
state: created
attrs:
designation: stage_configuration
title: foo
- identifiers:
name: "%(id)s"
slug: "%(id)s"
model: authentik_flows.flow
state: created
attrs:
designation: stage_configuration
title: foo

View file

@ -1,10 +1,10 @@
version: 1
entries:
- identifiers:
name: "%(id)s"
slug: "%(id)s"
model: authentik_flows.flow
state: present
attrs:
designation: stage_configuration
title: foo
- identifiers:
name: "%(id)s"
slug: "%(id)s"
model: authentik_flows.flow
state: present
attrs:
designation: stage_configuration
title: foo

View file

@ -1,12 +1,12 @@
version: 1
entries:
- identifiers:
pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
model: authentik_stages_prompt.prompt
attrs:
field_key: username
label: Username
type: username
required: true
placeholder: Username
order: 0
- identifiers:
pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
model: authentik_stages_prompt.prompt
attrs:
field_key: username
label: Username
type: username
required: true
placeholder: Username
order: 0

View file

@ -4,37 +4,97 @@ context:
policy_property: name
policy_property_value: foo-bar-baz-qux
entries:
- model: authentik_sources_oauth.oauthsource
identifiers:
slug: test
attrs:
name: test
provider_type: github
consumer_key: !Env foo
consumer_secret: !Env [bar, baz]
authentication_flow: !Find [authentik_flows.Flow, [slug, default-source-authentication]]
enrollment_flow: !Find [authentik_flows.Flow, [slug, default-source-enrollment]]
- attrs:
expression: return True
identifiers:
name: !Format [foo-%s-%s-%s, !Context foo, !Context bar, qux]
id: policy
model: authentik_policies_expression.expressionpolicy
- attrs:
attributes:
policy_pk1: !Format ["%s-%s", !Find [authentik_policies_expression.expressionpolicy, [!Context policy_property, !Context policy_property_value], [expression, return True]], suffix]
policy_pk2: !Format ["%s-%s", !KeyOf policy, suffix]
boolAnd: !Condition [AND, !Context foo, !Format ["%s", "a_string"], 1]
boolNand: !Condition [NAND, !Context foo, !Format ["%s", "a_string"], 1]
boolOr: !Condition [OR, !Context foo, !Format ["%s", "a_string"], null]
boolNor: !Condition [NOR, !Context foo, !Format ["%s", "a_string"], null]
boolXor: !Condition [XOR, !Context foo, !Format ["%s", "a_string"], 1]
boolXnor: !Condition [XNOR, !Context foo, !Format ["%s", "a_string"], 1]
boolComplex: !Condition [XNOR, !Condition [AND, !Context non_existing], !Condition [NOR, a string], !Condition [XOR, null]]
identifiers:
name: test
conditions:
- !Condition [AND, true, true, text]
- true
- text
model: authentik_core.group
- model: authentik_sources_oauth.oauthsource
identifiers:
slug: test
attrs:
name: test
provider_type: github
consumer_key: !Env foo
consumer_secret: !Env [bar, baz]
authentication_flow:
!Find [
authentik_flows.Flow,
[slug, default-source-authentication],
]
enrollment_flow:
!Find [authentik_flows.Flow, [slug, default-source-enrollment]]
- attrs:
expression: return True
identifiers:
name: !Format [foo-%s-%s-%s, !Context foo, !Context bar, qux]
id: policy
model: authentik_policies_expression.expressionpolicy
- attrs:
attributes:
policy_pk1:
!Format [
"%s-%s",
!Find [
authentik_policies_expression.expressionpolicy,
[
!Context policy_property,
!Context policy_property_value,
],
[expression, return True],
],
suffix,
]
policy_pk2: !Format ["%s-%s", !KeyOf policy, suffix]
boolAnd:
!Condition [AND, !Context foo, !Format ["%s", "a_string"], 1]
boolNand:
!Condition [NAND, !Context foo, !Format ["%s", "a_string"], 1]
boolOr:
!Condition [
OR,
!Context foo,
!Format ["%s", "a_string"],
null,
]
boolNor:
!Condition [
NOR,
!Context foo,
!Format ["%s", "a_string"],
null,
]
boolXor:
!Condition [XOR, !Context foo, !Format ["%s", "a_string"], 1]
boolXnor:
!Condition [XNOR, !Context foo, !Format ["%s", "a_string"], 1]
boolComplex:
!Condition [
XNOR,
!Condition [AND, !Context non_existing],
!Condition [NOR, a string],
!Condition [XOR, null],
]
if_true_complex:
!If [
true,
{
dictionary:
{
with: { keys: "and_values" },
and_nested_custom_tags:
!Format ["foo-%s", !Context foo],
},
},
null,
]
if_false_complex:
!If [
!Condition [AND, false],
null,
[list, with, items, !Format ["foo-%s", !Context foo]],
]
if_true_simple: !If [!Context foo, true, text]
if_false_simple: !If [null, false, 2]
identifiers:
name: test
conditions:
- !Condition [AND, true, true, text]
- true
- text
model: authentik_core.group

View file

@ -153,6 +153,15 @@ class TestBlueprintsV1(TransactionTestCase):
"boolXor": True,
"boolXnor": False,
"boolComplex": True,
"if_true_complex": {
"dictionary": {
"with": {"keys": "and_values"},
"and_nested_custom_tags": "foo-bar",
}
},
"if_false_complex": ["list", "with", "items", "foo-bar"],
"if_true_simple": True,
"if_false_simple": 2,
}
)
)

View file

@ -312,6 +312,35 @@ class Condition(YAMLTag):
raise EntryInvalidError(exc)
class If(YAMLTag):
"""Select YAML to use based on condition"""
condition: Any
when_true: Any
when_false: Any
# pylint: disable=unused-argument
def __init__(self, loader: "BlueprintLoader", node: SequenceNode) -> None:
super().__init__()
self.condition = loader.construct_object(node.value[0])
self.when_true = loader.construct_object(node.value[1])
self.when_false = loader.construct_object(node.value[2])
def resolve(self, entry: BlueprintEntry, blueprint: Blueprint) -> Any:
if isinstance(self.condition, YAMLTag):
condition = self.condition.resolve(entry, blueprint)
else:
condition = self.condition
try:
return entry.tag_resolver(
self.when_true if condition else self.when_false,
blueprint,
)
except TypeError as exc:
raise EntryInvalidError(exc)
class BlueprintDumper(SafeDumper):
"""Dump dataclasses to yaml"""
@ -353,6 +382,7 @@ class BlueprintLoader(SafeLoader):
self.add_constructor("!Context", Context)
self.add_constructor("!Format", Format)
self.add_constructor("!Condition", Condition)
self.add_constructor("!If", If)
self.add_constructor("!Env", Env)

View file

@ -45,6 +45,42 @@ Example: `name: !Format [my-policy-%s, !Context instance_name]`
Format a string using python's % formatting. First argument is the format string, any remaining arguments are used for formatting.
#### `!If`
Minimal example:
`required: !If [true, true, false] # !If [<condition>, <when true>, <when false>`
Full example:
```
attributes: !If [
!Condition [...], # Or any valid YAML or custom tag. Evaluated as boolean in Python
{ # When condition evaluates to true
dictionary:
{
with:
{
keys: "and_values"
},
and_nested_custom_tags: !Format ["foo-%s", !Context foo]
}
},
[ # When condition evaluates to false
list,
with,
items,
!Format ["foo-%s", !Context foo]
]
]
```
Conditionally add YAML to a blueprint.
Similar to a one-line if, the first argument is the condition, which can be any valid yaml or custom tag. It will be evaluted as boolean in python. However, keep in mind that dictionaries and lists will always evaluate to `true`, unless they are empty.
The second argument is used when the condition is `true`, and the third - when `false`. The YAML inside both arguments will be fully resolved, thus it is possible to use custom YAML tags and even nest them inside dictionaries and lists.
#### `!Condition`
Minimal example:
@ -68,4 +104,4 @@ Requires at least one argument after the mode selection.
If only a single argument is provided, its boolean representation will be returned for all normal modes and its negated boolean representation will be returned for all negated modes.
Normally, it should be used to define complex conditions for the `conditions` attribute of a blueprint entry (see [the blueprint file structure](./structure.md)). However, this is essentially just a boolean evaluator so it can be used everywhere a boolean representation is required.
Normally, it should be used to define complex conditions for use with an `!If` tag or for the `conditions` attribute of a blueprint entry (see [the blueprint file structure](./structure.md)). However, this is essentially just a boolean evaluator so it can be used everywhere a boolean representation is required.