events: improve infinite loop detection
This commit is contained in:
parent
a2bddc6d91
commit
d637bd0bf9
|
@ -11,6 +11,7 @@ from authentik.events.models import (
|
||||||
)
|
)
|
||||||
from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
|
from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
|
||||||
from authentik.policies.engine import PolicyEngine, PolicyEngineMode
|
from authentik.policies.engine import PolicyEngine, PolicyEngineMode
|
||||||
|
from authentik.policies.models import PolicyBinding
|
||||||
from authentik.root.celery import CELERY_APP
|
from authentik.root.celery import CELERY_APP
|
||||||
|
|
||||||
LOGGER = get_logger()
|
LOGGER = get_logger()
|
||||||
|
@ -33,9 +34,15 @@ def event_trigger_handler(event_uuid: str, trigger_name: str):
|
||||||
|
|
||||||
if "policy_uuid" in event.context:
|
if "policy_uuid" in event.context:
|
||||||
policy_uuid = event.context["policy_uuid"]
|
policy_uuid = event.context["policy_uuid"]
|
||||||
if trigger.policies.filter(policy_uuid=policy_uuid).exists():
|
if PolicyBinding.objects.filter(
|
||||||
# Event has been created by a policy that is attached
|
target__in=NotificationTrigger.objects.all().values_list(
|
||||||
# to this trigger. To prevent infinite loops, we stop here
|
"pbm_uuid", flat=True
|
||||||
|
),
|
||||||
|
policy=policy_uuid,
|
||||||
|
).exists():
|
||||||
|
# If policy that caused this event to be created is attached
|
||||||
|
# to *any* NotificationTrigger, we return early.
|
||||||
|
# This is the most effective way to prevent infinite loops.
|
||||||
LOGGER.debug(
|
LOGGER.debug(
|
||||||
"e(trigger): attempting to prevent infinite loop", trigger=trigger
|
"e(trigger): attempting to prevent infinite loop", trigger=trigger
|
||||||
)
|
)
|
||||||
|
|
|
@ -2,6 +2,10 @@
|
||||||
title: Notifications
|
title: Notifications
|
||||||
---
|
---
|
||||||
|
|
||||||
|
:::note
|
||||||
|
To prevent infinite loops (events created by policies which are attached to a Notification rule), **any events created by a policy which is attached to any Notification Trigger do not trigger notifications.**
|
||||||
|
:::
|
||||||
|
|
||||||
## Filtering Events
|
## Filtering Events
|
||||||
|
|
||||||
Starting with authentik 0.15, you can create notification triggers, which can alert you based on the creation of certain events.
|
Starting with authentik 0.15, you can create notification triggers, which can alert you based on the creation of certain events.
|
||||||
|
|
Reference in a new issue