This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/policies/process.py

64 lines
2 KiB
Python
Raw Normal View History

"""passbook policy task"""
from multiprocessing import Process
from multiprocessing.connection import Connection
2019-10-07 14:33:48 +00:00
from django.core.cache import cache
2019-10-01 08:24:10 +00:00
from structlog import get_logger
from passbook.core.models import Policy, User
2019-10-07 14:33:48 +00:00
from passbook.policies.exceptions import PolicyException
from passbook.policies.types import PolicyRequest, PolicyResult
LOGGER = get_logger()
def cache_key(policy: Policy, user: User = None) -> str:
2019-10-07 14:33:48 +00:00
"""Generate Cache key for policy"""
prefix = f"policy_{policy.pk}"
if user:
prefix += f"#{user.pk}"
return prefix
2019-12-31 11:51:16 +00:00
class PolicyProcess(Process):
"""Evaluate a single policy within a seprate process"""
2019-10-04 11:44:26 +00:00
connection: Connection
policy: Policy
request: PolicyRequest
2019-10-04 11:44:26 +00:00
def __init__(self, policy: Policy, request: PolicyRequest, connection: Connection):
super().__init__()
self.policy = policy
self.request = request
self.connection = connection
def run(self):
"""Task wrapper to run policy checking"""
2019-12-31 11:51:16 +00:00
LOGGER.debug(
"P_ENG(proc): Running policy",
2019-12-31 11:51:16 +00:00
policy=self.policy,
user=self.request.user,
process="PolicyProcess",
)
2019-10-02 20:28:39 +00:00
try:
policy_result = self.policy.passes(self.request)
2019-10-02 20:28:39 +00:00
except PolicyException as exc:
LOGGER.debug("P_ENG(proc): error", exc=exc)
2019-10-02 20:28:39 +00:00
policy_result = PolicyResult(False, str(exc))
# Invert result if policy.negate is set
if self.policy.negate:
policy_result.passing = not policy_result.passing
2019-12-31 11:51:16 +00:00
LOGGER.debug(
"P_ENG(proc): Finished",
2019-12-31 11:51:16 +00:00
policy=self.policy,
result=policy_result,
process="PolicyProcess",
passing=policy_result.passing,
user=self.request.user,
)
2019-10-07 14:33:48 +00:00
key = cache_key(self.policy, self.request.user)
cache.set(key, policy_result)
LOGGER.debug("P_ENG(proc): Cached policy evaluation", key=key)
2019-10-04 11:44:26 +00:00
self.connection.send(policy_result)