authentik.policies.signals

 1"""authentik policy signals"""
 2
 3from django.core.cache import cache
 4from django.db import connection
 5from django.db.models.signals import post_save
 6from django.dispatch import receiver
 7from structlog.stdlib import get_logger
 8
 9from authentik.core.api.applications import user_app_cache_key
10from authentik.core.models import Group, User
11from authentik.policies.apps import GAUGE_POLICIES_CACHED
12from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel
13from authentik.policies.types import CACHE_PREFIX
14from authentik.root.monitoring import monitoring_set
15
16LOGGER = get_logger()
17
18
19@receiver(monitoring_set)
20def monitoring_set_policies(sender, **kwargs):
21    """set policy gauges"""
22    GAUGE_POLICIES_CACHED.labels(tenant=connection.schema_name).set(
23        len(cache.keys(f"{CACHE_PREFIX}*") or [])
24    )
25
26
27@receiver(post_save, sender=Policy)
28@receiver(post_save, sender=PolicyBinding)
29@receiver(post_save, sender=PolicyBindingModel)
30@receiver(post_save, sender=Group)
31@receiver(post_save, sender=User)
32def invalidate_policy_cache(sender, instance, **_):
33    """Invalidate Policy cache when policy is updated"""
34    if sender == Policy:
35        total = 0
36        for binding in PolicyBinding.objects.filter(policy=instance):
37            prefix = f"{CACHE_PREFIX}{binding.policy_binding_uuid.hex}_{binding.policy.pk.hex}*"
38            keys = cache.keys(prefix)
39            total += len(keys)
40            cache.delete_many(keys)
41        LOGGER.debug("Invalidating policy cache", policy=instance, keys=total)
42    # Also delete user application cache
43    keys = cache.keys(user_app_cache_key("*")) or []
44    cache.delete_many(keys)