events: stop spam (#7611)
* events: don't log updates to internal service accounts Signed-off-by: Jens Langhammer <jens@goauthentik.io> * dont log reputation updates Signed-off-by: Jens Langhammer <jens@goauthentik.io> * don't actually ignore things, stop updating outpost user when not required Signed-off-by: Jens Langhammer <jens@goauthentik.io> * prevent updating internal service account users Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix setattr call Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
aecd4b52ef
commit
98a07cd0ef
|
@ -171,6 +171,11 @@ class UserSerializer(ModelSerializer):
|
||||||
raise ValidationError("Setting a user to internal service account is not allowed.")
|
raise ValidationError("Setting a user to internal service account is not allowed.")
|
||||||
return user_type
|
return user_type
|
||||||
|
|
||||||
|
def validate(self, attrs: dict) -> dict:
|
||||||
|
if self.instance and self.instance.type == UserTypes.INTERNAL_SERVICE_ACCOUNT:
|
||||||
|
raise ValidationError("Can't modify internal service account users")
|
||||||
|
return super().validate(attrs)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = User
|
model = User
|
||||||
fields = [
|
fields = [
|
||||||
|
|
|
@ -27,6 +27,7 @@ from authentik.lib.sentry import before_send
|
||||||
from authentik.lib.utils.errors import exception_to_string
|
from authentik.lib.utils.errors import exception_to_string
|
||||||
from authentik.outposts.models import OutpostServiceConnection
|
from authentik.outposts.models import OutpostServiceConnection
|
||||||
from authentik.policies.models import Policy, PolicyBindingModel
|
from authentik.policies.models import Policy, PolicyBindingModel
|
||||||
|
from authentik.policies.reputation.models import Reputation
|
||||||
from authentik.providers.oauth2.models import AccessToken, AuthorizationCode, RefreshToken
|
from authentik.providers.oauth2.models import AccessToken, AuthorizationCode, RefreshToken
|
||||||
from authentik.providers.scim.models import SCIMGroup, SCIMUser
|
from authentik.providers.scim.models import SCIMGroup, SCIMUser
|
||||||
from authentik.stages.authenticator_static.models import StaticToken
|
from authentik.stages.authenticator_static.models import StaticToken
|
||||||
|
@ -52,11 +53,13 @@ IGNORED_MODELS = (
|
||||||
RefreshToken,
|
RefreshToken,
|
||||||
SCIMUser,
|
SCIMUser,
|
||||||
SCIMGroup,
|
SCIMGroup,
|
||||||
|
Reputation,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
def should_log_model(model: Model) -> bool:
|
def should_log_model(model: Model) -> bool:
|
||||||
"""Return true if operation on `model` should be logged"""
|
"""Return true if operation on `model` should be logged"""
|
||||||
|
# Check for silk by string so this comparison doesn't fail when silk isn't installed
|
||||||
if model.__module__.startswith("silk"):
|
if model.__module__.startswith("silk"):
|
||||||
return False
|
return False
|
||||||
return model.__class__ not in IGNORED_MODELS
|
return model.__class__ not in IGNORED_MODELS
|
||||||
|
|
|
@ -344,12 +344,22 @@ class Outpost(SerializerModel, ManagedModel):
|
||||||
user_created = False
|
user_created = False
|
||||||
if not user:
|
if not user:
|
||||||
user: User = User.objects.create(username=self.user_identifier)
|
user: User = User.objects.create(username=self.user_identifier)
|
||||||
user.set_unusable_password()
|
|
||||||
user_created = True
|
user_created = True
|
||||||
user.type = UserTypes.INTERNAL_SERVICE_ACCOUNT
|
attrs = {
|
||||||
user.name = f"Outpost {self.name} Service-Account"
|
"type": UserTypes.INTERNAL_SERVICE_ACCOUNT,
|
||||||
user.path = USER_PATH_OUTPOSTS
|
"name": f"Outpost {self.name} Service-Account",
|
||||||
user.save()
|
"path": USER_PATH_OUTPOSTS,
|
||||||
|
}
|
||||||
|
dirty = False
|
||||||
|
for key, value in attrs.items():
|
||||||
|
if getattr(user, key) != value:
|
||||||
|
dirty = True
|
||||||
|
setattr(user, key, value)
|
||||||
|
if user.has_usable_password():
|
||||||
|
user.set_unusable_password()
|
||||||
|
dirty = True
|
||||||
|
if dirty:
|
||||||
|
user.save()
|
||||||
if user_created:
|
if user_created:
|
||||||
self.build_user_permissions(user)
|
self.build_user_permissions(user)
|
||||||
return user
|
return user
|
||||||
|
|
Reference in New Issue