Refactor out logic for ignoring disabled clients

iteratec · Dec 13, 2024 · 8c12224 · 8c12224
1 parent 364c094
commit 8c12224
Showing 1 changed file with 17 additions and 7 deletions.
diff --git a/kcwarden/api/auditor.py b/kcwarden/api/auditor.py
@@ -74,20 +74,30 @@ def _get_ignore_list(self) -> list[str]:
         assert isinstance(ignore_dict, dict)
         return ignore_dict.get(self.get_classname(), [])
 
+    # Check if the provided object is a Client.
+    # If so, check if the client is disabled and if the settings say that
+    # inactive clients should be ignored.
+    def is_ignored_disabled_client(self, keycloak_object: Dataclass) -> bool:
+        if isinstance(keycloak_object, Client):
+            # If it is enabled, it should always be considered
+            if keycloak_object.is_enabled():
+                return False
+            # Otherwise, it should be considered if "ignore disabled clients" is not set
+            return self.get_config(config_keys.IGNORE_DISABLED_CLIENTS)
+        # If it is not a client, return False either way
+        return False
+
     # More generic ignores (also calls specific ignore list from config)
     def is_not_ignored(self, keycloak_object: Dataclass) -> bool:
         # Check if the provided object should be considered, based on the audit configuration.
         # If the object is in the explicit ignore list for the auditor, it should always be ignored.
         if helper.matches_list_of_regexes(keycloak_object.get_name(), self._get_ignore_list()):
             return False
 
-        # Checks for clients:
-        if isinstance(keycloak_object, Client):
-            # If it is enabled, it should always be considered
-            if keycloak_object.is_enabled():
-                return True
-            # Otherwise, it should be considered if "ignore disabled clients" is not set
-            return not self.get_config(config_keys.IGNORE_DISABLED_CLIENTS)
+        # Checks if it is a client that should be ignored because it is disabled
+        if self.is_ignored_disabled_client(keycloak_object):
+            return False
+
         # Anything that doesn't have specific ignore rules associated with it is always considered.
         return True