From 0fe751269e2d11c9cc778e113f4ff76dbda628f1 Mon Sep 17 00:00:00 2001
From: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Date: Fri, 5 Jul 2024 13:14:28 +0200
Subject: [PATCH] outposts: make refresh interval configurable (#10138)

* outposts: make refresh interval configurable

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* frontend

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* black again

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* switch to using config attribute

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

* lint

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>

---------

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---
 authentik/outposts/api/outposts.py | 9 ++++++++-
 authentik/outposts/models.py       | 1 +
 internal/outpost/ak/api_ws.go      | 3 ++-
 schema.yml                         | 4 ++++
 website/docs/outposts/_config.md   | 5 +++++
 5 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/authentik/outposts/api/outposts.py b/authentik/outposts/api/outposts.py
index 2106a0f4d9..a79f48f883 100644
--- a/authentik/outposts/api/outposts.py
+++ b/authentik/outposts/api/outposts.py
@@ -20,6 +20,7 @@ from authentik.core.api.utils import JSONDictField, ModelSerializer, PassiveSeri
 from authentik.core.models import Provider
 from authentik.enterprise.license import LicenseKey
 from authentik.enterprise.providers.rac.models import RACProvider
+from authentik.lib.utils.time import timedelta_from_string, timedelta_string_validator
 from authentik.outposts.api.service_connections import ServiceConnectionSerializer
 from authentik.outposts.apps import MANAGED_OUTPOST, MANAGED_OUTPOST_NAME
 from authentik.outposts.models import (
@@ -49,6 +50,10 @@ class OutpostSerializer(ModelSerializer):
     service_connection_obj = ServiceConnectionSerializer(
         source="service_connection", read_only=True
     )
+    refresh_interval_s = SerializerMethodField()
+
+    def get_refresh_interval_s(self, obj: Outpost) -> int:
+        return int(timedelta_from_string(obj.config.refresh_interval).total_seconds())
 
     def validate_name(self, name: str) -> str:
         """Validate name (especially for embedded outpost)"""
@@ -84,7 +89,8 @@ class OutpostSerializer(ModelSerializer):
     def validate_config(self, config) -> dict:
         """Check that the config has all required fields"""
         try:
-            from_dict(OutpostConfig, config)
+            parsed = from_dict(OutpostConfig, config)
+            timedelta_string_validator(parsed.refresh_interval)
         except DaciteError as exc:
             raise ValidationError(f"Failed to validate config: {str(exc)}") from exc
         return config
@@ -99,6 +105,7 @@ class OutpostSerializer(ModelSerializer):
             "providers_obj",
             "service_connection",
             "service_connection_obj",
+            "refresh_interval_s",
             "token_identifier",
             "config",
             "managed",
diff --git a/authentik/outposts/models.py b/authentik/outposts/models.py
index 1a10e11c3d..327d23ca46 100644
--- a/authentik/outposts/models.py
+++ b/authentik/outposts/models.py
@@ -61,6 +61,7 @@ class OutpostConfig:
 
     log_level: str = CONFIG.get("log_level")
     object_naming_template: str = field(default="ak-outpost-%(name)s")
+    refresh_interval: str = "minutes=5"
 
     container_image: str | None = field(default=None)
 
diff --git a/internal/outpost/ak/api_ws.go b/internal/outpost/ak/api_ws.go
index c48cebba37..4b2f1f8c4f 100644
--- a/internal/outpost/ak/api_ws.go
+++ b/internal/outpost/ak/api_ws.go
@@ -183,7 +183,7 @@ func (ac *APIController) startWSHealth() {
 
 func (ac *APIController) startIntervalUpdater() {
 	logger := ac.logger.WithField("loop", "interval-updater")
-	ticker := time.NewTicker(5 * time.Minute)
+	ticker := time.NewTicker(time.Duration(ac.Outpost.RefreshIntervalS) * time.Second)
 	for ; true; <-ticker.C {
 		logger.Debug("Running interval update")
 		err := ac.OnRefresh()
@@ -198,6 +198,7 @@ func (ac *APIController) startIntervalUpdater() {
 				"build":        constants.BUILD("tagged"),
 			}).SetToCurrentTime()
 		}
+		ticker.Reset(time.Duration(ac.Outpost.RefreshIntervalS) * time.Second)
 	}
 }
 
diff --git a/schema.yml b/schema.yml
index 31b0d9c515..8bea73554b 100644
--- a/schema.yml
+++ b/schema.yml
@@ -39497,6 +39497,9 @@ components:
           allOf:
           - $ref: '#/components/schemas/ServiceConnection'
           readOnly: true
+        refresh_interval_s:
+          type: integer
+          readOnly: true
         token_identifier:
           type: string
           description: Get Token identifier
@@ -39518,6 +39521,7 @@ components:
       - pk
       - providers
       - providers_obj
+      - refresh_interval_s
       - service_connection_obj
       - token_identifier
       - type
diff --git a/website/docs/outposts/_config.md b/website/docs/outposts/_config.md
index 97b3dd52fa..7be85dfab0 100644
--- a/website/docs/outposts/_config.md
+++ b/website/docs/outposts/_config.md
@@ -3,6 +3,11 @@
 # Allowed levels: trace, debug, info, warning, error
 # Applies to: non-embedded
 log_level: debug
+# Interval at which the outpost will refresh the providers
+# from authentik. For caching outposts (such as LDAP), the
+# cache will also be invalidated at that interval.
+# (Format: hours=1;minutes=2;seconds=3).
+refresh_interval: minutes=5
 ########################################
 # The settings below are only relevant when using a managed outpost
 ########################################