policies: add policy log messages to test endpoints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-04-01 22:07:35 +02:00
parent 4be238018b
commit d84ff2bbca
18 changed files with 2065 additions and 2302 deletions

View file

@ -17,6 +17,7 @@ from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet
from rest_framework_guardian.filters import ObjectPermissionsFilter
from structlog.stdlib import get_logger
from structlog.testing import capture_logs
from authentik.admin.api.metrics import CoordinateSerializer
from authentik.api.decorators import permission_required
@ -132,13 +133,22 @@ class ApplicationViewSet(UsedByMixin, ModelViewSet):
return HttpResponseBadRequest("for_user must be numerical")
engine = PolicyEngine(application, for_user, request)
engine.use_cache = False
engine.build()
result = engine.result
with capture_logs() as logs:
engine.build()
result = engine.result
response = PolicyTestResultSerializer(PolicyResult(False))
if result.passing:
response = PolicyTestResultSerializer(PolicyResult(True))
if request.user.is_superuser:
log_messages = []
for log in logs:
if log.get("process", "") == "PolicyProcess":
continue
log_messages.append(log)
result.log_messages = log_messages
response = PolicyTestResultSerializer(result)
# print(response.log_messages)
print(response.data)
return Response(response.data)
@extend_schema(

View file

@ -1,5 +1,5 @@
"""Serializer for policy execution"""
from rest_framework.fields import BooleanField, CharField, JSONField, ListField
from rest_framework.fields import BooleanField, CharField, DictField, JSONField, ListField
from rest_framework.relations import PrimaryKeyRelatedField
from authentik.core.api.utils import PassiveSerializer, is_dict
@ -18,3 +18,4 @@ class PolicyTestResultSerializer(PassiveSerializer):
passing = BooleanField()
messages = ListField(child=CharField(), read_only=True)
log_messages = ListField(child=DictField(), read_only=True)

View file

@ -11,6 +11,7 @@ from rest_framework.response import Response
from rest_framework.serializers import ModelSerializer, SerializerMethodField
from rest_framework.viewsets import GenericViewSet
from structlog.stdlib import get_logger
from structlog.testing import capture_logs
from authentik.api.decorators import permission_required
from authentik.core.api.applications import user_app_cache_key
@ -166,6 +167,13 @@ class PolicyViewSet(
p_request.context = test_params.validated_data.get("context", {})
proc = PolicyProcess(PolicyBinding(policy=policy), p_request, None)
result = proc.execute()
with capture_logs() as logs:
result = proc.execute()
log_messages = []
for log in logs:
if log.get("process", "") == "PolicyProcess":
continue
log_messages.append(log)
result.log_messages = log_messages
response = PolicyTestResultSerializer(result)
return Response(response.data)

View file

@ -90,6 +90,7 @@ class PolicyProcess(PROCESS_CLASS):
"P_ENG(proc): Running policy",
policy=self.binding.policy,
user=self.request.user,
# this is used for filtering in access checking where logs are sent to the admin
process="PolicyProcess",
)
try:
@ -121,6 +122,7 @@ class PolicyProcess(PROCESS_CLASS):
"P_ENG(proc): finished and cached ",
policy=self.binding.policy,
result=policy_result,
# this is used for filtering in access checking where logs are sent to the admin
process="PolicyProcess",
passing=policy_result.passing,
user=self.request.user,

View file

@ -67,6 +67,8 @@ class PolicyResult:
source_binding: Optional["PolicyBinding"]
source_results: Optional[list["PolicyResult"]]
log_messages: Optional[list[dict]]
def __init__(self, passing: bool, *messages: str):
super().__init__()
self.passing = passing

View file

@ -28761,7 +28761,14 @@ components:
items:
type: string
readOnly: true
log_messages:
type: array
items:
type: object
additionalProperties: {}
readOnly: true
required:
- log_messages
- messages
- passing
Prompt:

View file

@ -2811,6 +2811,11 @@ msgstr "Lokal"
#~ msgid "Locale"
#~ msgstr "Gebietsschema"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "Log messages"
msgstr ""
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Log the currently pending user in."
msgstr "Melden Sie den aktuell ausstehenden Benutzer an."
@ -3172,6 +3177,11 @@ msgstr "Kein Formular gefunden"
msgid "No integration active"
msgstr "Keine Integrationen aktiv"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "No log messages."
msgstr ""
#: src/elements/events/ObjectChangelog.ts
#: src/elements/events/UserEvents.ts
msgid "No matching events could be found."

View file

@ -2855,6 +2855,11 @@ msgstr "Local"
#~ msgid "Locale"
#~ msgstr "Locale"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "Log messages"
msgstr "Log messages"
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Log the currently pending user in."
msgstr "Log the currently pending user in."
@ -3217,6 +3222,11 @@ msgstr "No form found"
msgid "No integration active"
msgstr "No integration active"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "No log messages."
msgstr "No log messages."
#: src/elements/events/ObjectChangelog.ts
#: src/elements/events/UserEvents.ts
msgid "No matching events could be found."

View file

@ -2804,6 +2804,11 @@ msgstr "Local"
#~ msgid "Locale"
#~ msgstr "Lugar"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "Log messages"
msgstr ""
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Log the currently pending user in."
msgstr "Registra al usuario pendiente en ese momento."
@ -3165,6 +3170,11 @@ msgstr "No se encontró ningún formulario"
msgid "No integration active"
msgstr "Sin integración activa"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "No log messages."
msgstr ""
#: src/elements/events/ObjectChangelog.ts
#: src/elements/events/UserEvents.ts
msgid "No matching events could be found."

View file

@ -2835,6 +2835,11 @@ msgstr "Local"
#~ msgid "Locale"
#~ msgstr ""
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "Log messages"
msgstr ""
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Log the currently pending user in."
msgstr "Ouvre la session de l'utilisateur courant."
@ -3196,6 +3201,11 @@ msgstr "Aucun formulaire trouvé"
msgid "No integration active"
msgstr "Aucune intégration active"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "No log messages."
msgstr ""
#: src/elements/events/ObjectChangelog.ts
#: src/elements/events/UserEvents.ts
msgid "No matching events could be found."

View file

@ -2801,6 +2801,11 @@ msgstr "Lokalny"
#~ msgid "Locale"
#~ msgstr "Język"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "Log messages"
msgstr ""
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Log the currently pending user in."
msgstr "Loguj aktualnie oczekującego użytkownika."
@ -3162,6 +3167,11 @@ msgstr "Nie znaleziono formularza"
msgid "No integration active"
msgstr "Brak aktywnej integracji"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "No log messages."
msgstr ""
#: src/elements/events/ObjectChangelog.ts
#: src/elements/events/UserEvents.ts
msgid "No matching events could be found."

View file

@ -2845,6 +2845,11 @@ msgstr ""
#~ msgid "Locale"
#~ msgstr ""
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "Log messages"
msgstr ""
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Log the currently pending user in."
msgstr ""
@ -3207,6 +3212,11 @@ msgstr ""
msgid "No integration active"
msgstr ""
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "No log messages."
msgstr ""
#: src/elements/events/ObjectChangelog.ts
#: src/elements/events/UserEvents.ts
msgid "No matching events could be found."

View file

@ -2805,6 +2805,11 @@ msgstr "Yerel"
#~ msgid "Locale"
#~ msgstr "Yerelleştirme"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "Log messages"
msgstr ""
#: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Log the currently pending user in."
msgstr "Şu anda bekleyen kullanıcıya oturum açın."
@ -3166,6 +3171,11 @@ msgstr "Form bulunamadı"
msgid "No integration active"
msgstr "Entegrasyon etkin"
#: src/pages/applications/ApplicationCheckAccessForm.ts
#: src/pages/policies/PolicyTestForm.ts
msgid "No log messages."
msgstr ""
#: src/elements/events/ObjectChangelog.ts
#: src/elements/events/UserEvents.ts
msgid "No matching events could be found."

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -1,9 +1,11 @@
import { t } from "@lingui/macro";
import { TemplateResult, html } from "lit";
import { CSSResult, TemplateResult, html } from "lit";
import { customElement, property } from "lit/decorators.js";
import { until } from "lit/directives/until.js";
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
import { Application, CoreApi, PolicyTestResult } from "@goauthentik/api";
import { DEFAULT_CONFIG } from "../../api/Config";
@ -42,8 +44,13 @@ export class ApplicationCheckAccessForm extends Form<{ forUser: number }> {
this.result = undefined;
}
static get styles(): CSSResult[] {
return super.styles.concat(PFDescriptionList);
}
renderResult(): TemplateResult {
return html` <ak-form-element-horizontal label=${t`Passing`}>
return html`
<ak-form-element-horizontal label=${t`Passing`}>
<div class="pf-c-form__group-label">
<div class="c-form__horizontal-group">
<span class="pf-c-form__label-text">
@ -70,7 +77,38 @@ export class ApplicationCheckAccessForm extends Form<{ forUser: number }> {
</ul>
</div>
</div>
</ak-form-element-horizontal>`;
</ak-form-element-horizontal>
<ak-form-element-horizontal label=${t`Log messages`}>
<div class="pf-c-form__group-label">
<div class="c-form__horizontal-group">
<dl class="pf-c-description-list pf-m-horizontal">
${(this.result?.logMessages || []).length > 0
? this.result?.logMessages?.map((m) => {
return html`<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${m.log_level}</span
>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
${m.event}
</div>
</dd>
</div>`;
})
: html`<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${t`No log messages.`}</span
>
</dt>
</div>`}
</dl>
</div>
</div>
</ak-form-element-horizontal>
`;
}
renderForm(): TemplateResult {

View file

@ -2,10 +2,12 @@ import YAML from "yaml";
import { t } from "@lingui/macro";
import { TemplateResult, html } from "lit";
import { CSSResult, TemplateResult, html } from "lit";
import { customElement, property } from "lit/decorators.js";
import { until } from "lit/directives/until.js";
import PFDescriptionList from "@patternfly/patternfly/components/DescriptionList/description-list.css";
import {
CoreApi,
PoliciesApi,
@ -47,8 +49,13 @@ export class PolicyTestForm extends Form<PolicyTestRequest> {
.then((result) => (this.result = result));
};
static get styles(): CSSResult[] {
return super.styles.concat(PFDescriptionList);
}
renderResult(): TemplateResult {
return html` <ak-form-element-horizontal label=${t`Passing`}>
return html`
<ak-form-element-horizontal label=${t`Passing`}>
<div class="pf-c-form__group-label">
<div class="c-form__horizontal-group">
<span class="pf-c-form__label-text">
@ -75,7 +82,39 @@ export class PolicyTestForm extends Form<PolicyTestRequest> {
</ul>
</div>
</div>
</ak-form-element-horizontal>`;
</ak-form-element-horizontal>
<ak-form-element-horizontal label=${t`Log messages`}>
<div class="pf-c-form__group-label">
<div class="c-form__horizontal-group">
<dl class="pf-c-description-list pf-m-horizontal">
${(this.result?.logMessages || []).length > 0
? this.result?.logMessages?.map((m) => {
return html`<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${m.log_level}</span
>
</dt>
<dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text">
${m.event}
</div>
</dd>
</div>`;
})
: html`<div class="pf-c-description-list__group">
<dt class="pf-c-description-list__term">
<span class="pf-c-description-list__text"
>${t`No log messages.`}</span
>
</dt>
</div>`}
</dl>
</div>
</div>
</ak-form-element-horizontal>
`;
}
renderForm(): TemplateResult {