fix for stale policy and tom select put api

ChrispyBacon-dev · ChrispyBacon-dev · commit 39bc950dcdc7 · 2025-10-10T11:53:24.000+02:00
diff --git a/dockflare/app/core/access_manager.py b/dockflare/app/core/access_manager.py
@@ -508,14 +508,25 @@ def handle_access_policy_from_labels(rule_key, hostname_config_item):
                 local_state_changed_by_access_policy = True
 
         app_result = None
+        app_update_failed = False
         if effective_app_id:
             logging.info(f"Updating Access App {effective_app_id} for {application_domain}.")
-            app_result = update_cloudflare_access_application(
-                effective_app_id, application_domain, desired_app_name, desired_session_duration,
-                desired_app_launcher_visible, [application_domain], cf_access_policies_or_ids,
-                desired_allowed_idps, desired_auto_redirect, use_reusable
-            )
-        else:
+            try:
+                app_result = update_cloudflare_access_application(
+                    effective_app_id, application_domain, desired_app_name, desired_session_duration,
+                    desired_app_launcher_visible, [application_domain], cf_access_policies_or_ids,
+                    desired_allowed_idps, desired_auto_redirect, use_reusable
+                )
+            except Exception as update_error:
+                error_text = str(update_error)
+                if "access.api.error.unknown_application" in error_text or "404" in error_text:
+                    logging.info(f"Existing Access App {effective_app_id} not found in Cloudflare (404); will recreate for {application_domain}.")
+                    app_update_failed = True
+                else:
+                    logging.error(f"Error updating access app during reconciliation: {update_error}", exc_info=True)
+                    raise
+
+        if not effective_app_id or app_update_failed or not app_result:
             logging.info(f"Creating new Access App for {application_domain}.")
             app_result = create_cloudflare_access_application(
                 application_domain, desired_app_name, desired_session_duration,
diff --git a/dockflare/app/templates/access_policies.html b/dockflare/app/templates/access_policies.html
@@ -827,6 +827,14 @@ <h3 class="font-bold text-lg mb-4">Sync Access Policies from Cloudflare</h3>
         const accessGroupForm = document.getElementById('access_group_form');
         if (accessGroupForm) {
             accessGroupForm.addEventListener('submit', function(e) {
+                // Sync tom-select values to underlying select elements before form submission
+                if (window.enhancedCountrySelector && window.enhancedCountrySelector.tomSelect) {
+                    window.enhancedCountrySelector.tomSelect.sync();
+                }
+                if (window.idpTomSelect) {
+                    window.idpTomSelect.sync();
+                }
+
                 const publicMode = document.getElementById('public_mode').value;
 
                 if (publicMode === 'false') {
diff --git a/dockflare/app/web/routes.py b/dockflare/app/web/routes.py
@@ -1163,7 +1163,7 @@ def stream_state_updates_route():
     def event_stream():
         redis_client = get_redis_client()
         if not redis_client:
-            logging.error("SSE: Redis client not available for pub/sub")
+            logging.warning("SSE: Redis client not available for pub/sub (real-time updates disabled)")
             yield "data: {\"type\": \"error\", \"message\": \"Redis unavailable\"}\n\n"
             return
 
