events: improve infinite loop detection
This commit is contained in:
parent
a2bddc6d91
commit
d637bd0bf9
|
@ -11,6 +11,7 @@ from authentik.events.models import (
|
|||
)
|
||||
from authentik.lib.tasks import MonitoredTask, TaskResult, TaskResultStatus
|
||||
from authentik.policies.engine import PolicyEngine, PolicyEngineMode
|
||||
from authentik.policies.models import PolicyBinding
|
||||
from authentik.root.celery import CELERY_APP
|
||||
|
||||
LOGGER = get_logger()
|
||||
|
@ -33,9 +34,15 @@ def event_trigger_handler(event_uuid: str, trigger_name: str):
|
|||
|
||||
if "policy_uuid" in event.context:
|
||||
policy_uuid = event.context["policy_uuid"]
|
||||
if trigger.policies.filter(policy_uuid=policy_uuid).exists():
|
||||
# Event has been created by a policy that is attached
|
||||
# to this trigger. To prevent infinite loops, we stop here
|
||||
if PolicyBinding.objects.filter(
|
||||
target__in=NotificationTrigger.objects.all().values_list(
|
||||
"pbm_uuid", flat=True
|
||||
),
|
||||
policy=policy_uuid,
|
||||
).exists():
|
||||
# If policy that caused this event to be created is attached
|
||||
# to *any* NotificationTrigger, we return early.
|
||||
# This is the most effective way to prevent infinite loops.
|
||||
LOGGER.debug(
|
||||
"e(trigger): attempting to prevent infinite loop", trigger=trigger
|
||||
)
|
||||
|
|
|
@ -2,6 +2,10 @@
|
|||
title: Notifications
|
||||
---
|
||||
|
||||
:::note
|
||||
To prevent infinite loops (events created by policies which are attached to a Notification rule), **any events created by a policy which is attached to any Notification Trigger do not trigger notifications.**
|
||||
:::
|
||||
|
||||
## Filtering Events
|
||||
|
||||
Starting with authentik 0.15, you can create notification triggers, which can alert you based on the creation of certain events.
|
||||
|
|
Reference in a new issue