policies: specify failure result (#6887)
This commit is contained in:
Jens L
@ -77,6 +77,7 @@ class PolicyBindingSerializer(ModelSerializer):
|
||||
"enabled",
|
||||
"order",
|
||||
"timeout",
|
||||
"failure_result",
|
||||
]
|
||||
|
||||
def validate(self, attrs: OrderedDict) -> OrderedDict:
|
||||
|
||||
@ -0,0 +1,26 @@
|
||||
# Generated by Django 4.2.5 on 2023-09-13 18:07
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
("authentik_policies", "0010_alter_policy_name"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name="policybinding",
|
||||
name="failure_result",
|
||||
field=models.BooleanField(
|
||||
default=False, help_text="Result if the Policy execution fails."
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="policybinding",
|
||||
name="timeout",
|
||||
field=models.PositiveIntegerField(
|
||||
default=30, help_text="Timeout after which Policy execution is terminated."
|
||||
),
|
||||
),
|
||||
]
|
||||
@ -85,9 +85,12 @@ class PolicyBinding(SerializerModel):
|
||||
default=False,
|
||||
help_text=_("Negates the outcome of the policy. Messages are unaffected."),
|
||||
)
|
||||
timeout = models.IntegerField(
|
||||
timeout = models.PositiveIntegerField(
|
||||
default=30, help_text=_("Timeout after which Policy execution is terminated.")
|
||||
)
|
||||
failure_result = models.BooleanField(
|
||||
default=False, help_text=_("Result if the Policy execution fails.")
|
||||
)
|
||||
|
||||
order = models.IntegerField()
|
||||
|
||||
|
||||
@ -98,8 +98,8 @@ class PolicyProcess(PROCESS_CLASS):
|
||||
# Create policy exception event, only when we're not debugging
|
||||
if not self.request.debug:
|
||||
self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
|
||||
LOGGER.debug("P_ENG(proc): error", exc=src_exc)
|
||||
policy_result = PolicyResult(False, str(src_exc))
|
||||
LOGGER.debug("P_ENG(proc): error, using failure result", exc=src_exc)
|
||||
policy_result = PolicyResult(self.binding.failure_result, str(src_exc))
|
||||
policy_result.source_binding = self.binding
|
||||
should_cache = self.request.should_cache
|
||||
if should_cache:
|
||||
|
||||
@ -97,6 +97,17 @@ class TestPolicyEngine(TestCase):
|
||||
self.assertEqual(result.passing, False)
|
||||
self.assertEqual(result.messages, ("division by zero",))
|
||||
|
||||
def test_engine_policy_error_failure(self):
|
||||
"""Test policy raising an error flag"""
|
||||
pbm = PolicyBindingModel.objects.create()
|
||||
PolicyBinding.objects.create(
|
||||
target=pbm, policy=self.policy_raises, order=0, failure_result=True
|
||||
)
|
||||
engine = PolicyEngine(pbm, self.user)
|
||||
result = engine.build().result
|
||||
self.assertEqual(result.passing, True)
|
||||
self.assertEqual(result.messages, ("division by zero",))
|
||||
|
||||
def test_engine_policy_type(self):
|
||||
"""Test invalid policy type"""
|
||||
pbm = PolicyBindingModel.objects.create()
|
||||
|
||||
@ -3650,10 +3650,15 @@
|
||||
},
|
||||
"timeout": {
|
||||
"type": "integer",
|
||||
"minimum": -2147483648,
|
||||
"minimum": 0,
|
||||
"maximum": 2147483647,
|
||||
"title": "Timeout",
|
||||
"description": "Timeout after which Policy execution is terminated."
|
||||
},
|
||||
"failure_result": {
|
||||
"type": "boolean",
|
||||
"title": "Failure result",
|
||||
"description": "Result if the Policy execution fails."
|
||||
}
|
||||
},
|
||||
"required": []
|
||||
|
||||
15
schema.yml
15
schema.yml
@ -35954,8 +35954,11 @@ components:
|
||||
timeout:
|
||||
type: integer
|
||||
maximum: 2147483647
|
||||
minimum: -2147483648
|
||||
minimum: 0
|
||||
description: Timeout after which Policy execution is terminated.
|
||||
failure_result:
|
||||
type: boolean
|
||||
description: Result if the Policy execution fails.
|
||||
PatchedPromptRequest:
|
||||
type: object
|
||||
description: Prompt Serializer
|
||||
@ -37046,8 +37049,11 @@ components:
|
||||
timeout:
|
||||
type: integer
|
||||
maximum: 2147483647
|
||||
minimum: -2147483648
|
||||
minimum: 0
|
||||
description: Timeout after which Policy execution is terminated.
|
||||
failure_result:
|
||||
type: boolean
|
||||
description: Result if the Policy execution fails.
|
||||
required:
|
||||
- group_obj
|
||||
- order
|
||||
@ -37085,8 +37091,11 @@ components:
|
||||
timeout:
|
||||
type: integer
|
||||
maximum: 2147483647
|
||||
minimum: -2147483648
|
||||
minimum: 0
|
||||
description: Timeout after which Policy execution is terminated.
|
||||
failure_result:
|
||||
type: boolean
|
||||
description: Result if the Policy execution fails.
|
||||
required:
|
||||
- order
|
||||
- target
|
||||
|
||||
@ -3,6 +3,7 @@ import { first, groupBy } from "@goauthentik/common/utils";
|
||||
import "@goauthentik/components/ak-toggle-group";
|
||||
import "@goauthentik/elements/forms/HorizontalFormElement";
|
||||
import { ModelForm } from "@goauthentik/elements/forms/ModelForm";
|
||||
import "@goauthentik/elements/forms/Radio";
|
||||
import "@goauthentik/elements/forms/SearchSelect";
|
||||
|
||||
import { msg } from "@lit/localize";
|
||||
@ -298,6 +299,26 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
|
||||
required
|
||||
/>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal name="failureResult" label=${msg("Failure result")}>
|
||||
<ak-radio
|
||||
.options=${[
|
||||
{
|
||||
label: msg("Pass"),
|
||||
value: true,
|
||||
},
|
||||
{
|
||||
label: msg("Don't pass"),
|
||||
value: false,
|
||||
default: true,
|
||||
},
|
||||
]}
|
||||
.value=${this.instance?.failureResult}
|
||||
>
|
||||
</ak-radio>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${msg("Result used when policy execution fails.")}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
</form>`;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user