Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add data source policy #546

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add data source policy #546

wants to merge 4 commits into from

Conversation

l-with
Copy link
Contributor

@l-with l-with commented Aug 12, 2024

useful to rebuild default flows with dedicated changes

@l-with l-with requested a review from a team as a code owner August 12, 2024 10:08
@codecov Codecov
Copy link

codecov bot commented Aug 12, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 92.59259% with 2 lines in your changes missing coverage. Please review.

Project coverage is 83.69%. Comparing base (19e6a19) to head (9157fc7).

Files Patch % Lines
internal/provider/data_source_policy.go 92.30% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #546      +/-   ##
==========================================
- Coverage   83.81%   83.69%   -0.13%     
==========================================
  Files          95       96       +1     
  Lines        9103     9130      +27     
==========================================
+ Hits         7630     7641      +11     
- Misses       1047     1055       +8     
- Partials      426      434       +8

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@l-with l-with force-pushed the add-data-source-policy branch from 05bfb1c to 9157fc7 Compare August 14, 2024 15:16
@rissson
Copy link
Member

rissson commented Aug 14, 2024

Instead of a single authentik_policy datasource, I'd probably go with one for each type of policies, so authentik_policy_expression, authentik_policies_dummy, authentik_policies_geoip, authentik_policies_reputation, authentik_policies_expiry and so on.

@l-with
Copy link
Contributor Author

l-with commented Aug 15, 2024

@rissson
By "useful to rebuild default flows with dedicated changes" I mean the possibility to replace the following code (copying python code from an existing policy)

resource "authentik_policy_expression" "authentication-flow-password-stage" {
  expression = <<EOT
  flow_plan = request.context.get("flow_plan")
if not flow_plan:
    return True
# If the user does not have a backend attached to it, they haven't
# been authenticated yet and we need the password stage
return not hasattr(flow_plan.context.get("pending_user"), "backend")
EOT
  name       = "authentication-flow-password-stage"
}

resource "authentik_policy_binding" "my-default-authentication-password_" {
  policy = authentik_policy_expression.authentication-flow-password-stage.id
  target = authentik_flow_stage_binding.my-default-authentication-password.id
  order  = 10
}

by this one (use the id of a data source)

data "authentik_policy" "default-authentication-flow-password-stage" {
  name = "default-authentication-flow-password-stage"
}

resource "authentik_policy_binding" "my-default-authentication-password_" {
  policy = data.authentik_policy.authentication-flow-password-stage.id
  target = authentik_flow_stage_binding.my-default-authentication-password.id
  order  = 10
}

This is much smarter and needs only the id.
For retrieving the id of a policy a generic data source is sufficient.

This is the same as when using the data source stage for flow bindings which works nicely.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@l-with @rissson