policies: raise sentry-ignored error for invalid PolicyEngine parameters

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-02-13 13:23:07 +01:00
parent cefc1a57ee
commit 925477b3a2
No known key found for this signature in database
3 changed files with 10 additions and 6 deletions

View File

@ -37,11 +37,10 @@ def event_notification_handler(event_uuid: str):
@CELERY_APP.task()
def event_trigger_handler(event_uuid: str, trigger_name: str):
"""Check if policies attached to NotificationRule match event"""
events = Event.objects.filter(event_uuid=event_uuid)
if not events.exists():
event: Event = Event.objects.filter(event_uuid=event_uuid).first()
if not event:
LOGGER.warning("event doesn't exist yet or anymore", event_uuid=event_uuid)
return
event: Event = events.first()
trigger: Optional[NotificationRule] = NotificationRule.objects.filter(name=trigger_name).first()
if not trigger:
return

View File

@ -11,6 +11,7 @@ from structlog.stdlib import BoundLogger, get_logger
from authentik.core.models import User
from authentik.policies.apps import HIST_POLICIES_BUILD_TIME
from authentik.policies.exceptions import PolicyEngineException
from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode
from authentik.policies.process import PolicyProcess, cache_key
from authentik.policies.types import PolicyRequest, PolicyResult
@ -51,9 +52,9 @@ class PolicyEngine:
# objects with no policies attached will pass.
self.empty_result = True
if not isinstance(pbm, PolicyBindingModel): # pragma: no cover
raise ValueError(f"{pbm} is not instance of PolicyBindingModel")
raise PolicyEngineException(f"{pbm} is not instance of PolicyBindingModel")
if not user:
raise ValueError("User must be set")
raise PolicyEngineException("User must be set")
self.__pbm = pbm
self.request = PolicyRequest(user)
self.request.obj = pbm
@ -76,7 +77,7 @@ class PolicyEngine:
"""Check policy type, make sure it's not the root class as that has no logic implemented"""
# pyright: reportGeneralTypeIssues=false
if binding.policy is not None and binding.policy.__class__ == Policy:
raise TypeError(f"Policy '{binding.policy}' is root type")
raise PolicyEngineException(f"Policy '{binding.policy}' is root type")
def build(self) -> "PolicyEngine":
"""Build wrapper which monitors performance"""

View File

@ -4,6 +4,10 @@ from typing import Optional
from authentik.lib.sentry import SentryIgnoredException
class PolicyEngineException(SentryIgnoredException):
"""Error raised when a policy engine is configured incorrectly"""
class PolicyException(SentryIgnoredException):
"""Exception that should be raised during Policy Evaluation, and can be recovered from."""