events: stop spam (#7611) * events: don't log updates to internal service accounts * dont log reputation updates * don't actually ignore things, stop updating outpost user when not required * prevent updating internal service account users * fix setattr call --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L <jens@goauthentik.io>
This commit is contained in:
parent
a494c6b6e8
commit
7c3d60ec3a
|
@ -171,6 +171,11 @@ class UserSerializer(ModelSerializer):
|
|||
raise ValidationError("Setting a user to internal service account is not allowed.")
|
||||
return user_type
|
||||
|
||||
def validate(self, attrs: dict) -> dict:
|
||||
if self.instance and self.instance.type == UserTypes.INTERNAL_SERVICE_ACCOUNT:
|
||||
raise ValidationError("Can't modify internal service account users")
|
||||
return super().validate(attrs)
|
||||
|
||||
class Meta:
|
||||
model = User
|
||||
fields = [
|
||||
|
|
|
@ -27,6 +27,7 @@ from authentik.lib.sentry import before_send
|
|||
from authentik.lib.utils.errors import exception_to_string
|
||||
from authentik.outposts.models import OutpostServiceConnection
|
||||
from authentik.policies.models import Policy, PolicyBindingModel
|
||||
from authentik.policies.reputation.models import Reputation
|
||||
from authentik.providers.oauth2.models import AccessToken, AuthorizationCode, RefreshToken
|
||||
from authentik.providers.scim.models import SCIMGroup, SCIMUser
|
||||
from authentik.stages.authenticator_static.models import StaticToken
|
||||
|
@ -52,11 +53,13 @@ IGNORED_MODELS = (
|
|||
RefreshToken,
|
||||
SCIMUser,
|
||||
SCIMGroup,
|
||||
Reputation,
|
||||
)
|
||||
|
||||
|
||||
def should_log_model(model: Model) -> bool:
|
||||
"""Return true if operation on `model` should be logged"""
|
||||
# Check for silk by string so this comparison doesn't fail when silk isn't installed
|
||||
if model.__module__.startswith("silk"):
|
||||
return False
|
||||
return model.__class__ not in IGNORED_MODELS
|
||||
|
|
|
@ -344,11 +344,21 @@ class Outpost(SerializerModel, ManagedModel):
|
|||
user_created = False
|
||||
if not user:
|
||||
user: User = User.objects.create(username=self.user_identifier)
|
||||
user.set_unusable_password()
|
||||
user_created = True
|
||||
user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT
|
||||
user.name = f"Outpost {self.name} Service-Account"
|
||||
user.path = USER_PATH_OUTPOSTS
|
||||
attrs = {
|
||||
"type": UserTypes.INTERNAL_SERVICE_ACCOUNT,
|
||||
"name": f"Outpost {self.name} Service-Account",
|
||||
"path": USER_PATH_OUTPOSTS,
|
||||
}
|
||||
dirty = False
|
||||
for key, value in attrs.items():
|
||||
if getattr(user, key) != value:
|
||||
dirty = True
|
||||
setattr(user, key, value)
|
||||
if user.has_usable_password():
|
||||
user.set_unusable_password()
|
||||
dirty = True
|
||||
if dirty:
|
||||
user.save()
|
||||
if user_created:
|
||||
self.build_user_permissions(user)
|
||||
|
|
Reference in a new issue