import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { first } from "@goauthentik/common/utils"; import "@goauthentik/elements/forms/FormGroup"; import "@goauthentik/elements/forms/HorizontalFormElement"; import { ModelForm } from "@goauthentik/elements/forms/ModelForm"; import "@goauthentik/elements/forms/SearchSelect"; import { msg } from "@lit/localize"; import { TemplateResult, html } from "lit"; import { customElement } from "lit/decorators.js"; import { ifDefined } from "lit/directives/if-defined.js"; import { AdminApi, App, EventMatcherPolicy, EventsApi, PoliciesApi, TypeCreate, } from "@goauthentik/api"; @customElement("ak-policy-event-matcher-form") export class EventMatcherPolicyForm extends ModelForm { loadInstance(pk: string): Promise { return new PoliciesApi(DEFAULT_CONFIG).policiesEventMatcherRetrieve({ policyUuid: pk, }); } getSuccessMessage(): string { if (this.instance) { return msg("Successfully updated policy."); } else { return msg("Successfully created policy."); } } async send(data: EventMatcherPolicy): Promise { if (this.instance) { return new PoliciesApi(DEFAULT_CONFIG).policiesEventMatcherUpdate({ policyUuid: this.instance.pk || "", eventMatcherPolicyRequest: data, }); } else { return new PoliciesApi(DEFAULT_CONFIG).policiesEventMatcherCreate({ eventMatcherPolicyRequest: data, }); } } renderForm(): TemplateResult { return html`
${msg( "Matches an event against a set of criteria. If any of the configured values match, the policy passes.", )}

${msg( "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged.", )}

${msg("Policy-specific settings")}
=> { const items = await new EventsApi( DEFAULT_CONFIG, ).eventsEventsActionsList(); return items.filter((item) => query ? item.name.includes(query) : true, ); }} .renderElement=${(item: TypeCreate): string => { return item.name; }} .value=${(item: TypeCreate | undefined): string | undefined => { return item?.component; }} .selected=${(item: TypeCreate): boolean => { return this.instance?.action === item.component; }} ?blankable=${true} >

${msg( "Match created events with this action type. When left empty, all action types will be matched.", )}

${msg( "Matches Event's Client IP (strict matching, for network matching use an Expression Policy.", )}

=> { const items = await new AdminApi(DEFAULT_CONFIG).adminAppsList(); return items.filter((item) => query ? item.name.includes(query) : true, ); }} .renderElement=${(item: App): string => { return item.label; }} .value=${(item: App | undefined): string | undefined => { return item?.name; }} .selected=${(item: App): boolean => { return this.instance?.app === item.name; }} ?blankable=${true} >

${msg( "Match events created by selected application. When left empty, all applications are matched.", )}

=> { const items = await new AdminApi(DEFAULT_CONFIG).adminModelsList(); return items .filter((item) => (query ? item.name.includes(query) : true)) .sort((a, b) => { if (a.name < b.name) return -1; if (a.name > b.name) return 1; return 0; }); }} .renderElement=${(item: App): string => { return `${item.label} (${item.name.split(".")[0]})`; }} .value=${(item: App | undefined): string | undefined => { return item?.name; }} .selected=${(item: App): boolean => { return this.instance?.model === item.name; }} ?blankable=${true} >

${msg( "Match events created by selected model. When left empty, all models are matched.", )}

`; } }