Description
In Settings → Events → Configure Event Triggers, when the operator tries to associate a trigger with the Certificate uploaded event, the backend rejects the association with HTTP 422 if the trigger's rule contains a condition on a Custom Attribute field source:
[
"Trigger <trigger_name> cannot be associated with event 'Certificate uploaded' as it contains rule with invalid field source, which is not allowed for this event."
]
This restriction is inconsistent with how Certificate uploads actually work. Custom attributes are part of the certificate upload payload — the operator can set them at the moment of upload. Filtering by these values is a valid and expected use case (e.g. auto-reject uploads whose custom attribute Criticality = Low, or apply categorization based on custom attribute values — which is directly in line with the intent of Epic #115 "Categorization of uploaded certificates").
Blocking Custom Attribute conditions for this event undermines the entire "categorize / reject based on the uploaded cert's properties" scenario that the platform advertises.
Steps to Reproduce
- Create a Condition with
Resource = Certificate, Filter Field Source = Custom Attribute, any field / operator / value
- Wrap it in a Rule and attach the rule to a Trigger (e.g. an ignore trigger or a regular trigger with an action)
- Navigate to Settings → Events → Certificate uploaded → Configure Event Triggers
- In the trigger dropdown select the trigger from step 2
- Click Add / Save
Expected Behavior
- Backend accepts the association
- The trigger fires on
Certificate uploaded events and evaluates the Custom Attribute condition against the uploaded certificate's custom attributes (which were sent as part of the upload payload)
- Categorization / rejection based on Custom Attribute values works end-to-end
Actual Behavior
- Backend returns HTTP 422:
["Trigger <trigger_name> cannot be associated with event 'Certificate uploaded' as it contains rule with invalid field source, which is not allowed for this event."]
- Association is refused
- Operator cannot express a valid business rule based on custom attributes provided at upload time
Severity
Major
Module
Core
Attachments
Logs
No response
Environment
ILM Core: 2.18.1-SNAPSHOT (2 Jul 2026, 09:00)
Commit: 633d1f0
Branch: main
Build time: 2026-07-02T07:00:20Z
ILM Frontend: 2.18.0 (1 Jul 2026, 18:28)
PostgreSQL: 15.6 (Debian 15.6-0+deb12u1)
Client:
- macOS Tahoe 26.5.1
- Chrome 149.0.7827.103 (arm64)
Description
In Settings → Events → Configure Event Triggers, when the operator tries to associate a trigger with the Certificate uploaded event, the backend rejects the association with HTTP 422 if the trigger's rule contains a condition on a Custom Attribute field source:
This restriction is inconsistent with how Certificate uploads actually work. Custom attributes are part of the certificate upload payload — the operator can set them at the moment of upload. Filtering by these values is a valid and expected use case (e.g. auto-reject uploads whose custom attribute
Criticality = Low, or apply categorization based on custom attribute values — which is directly in line with the intent of Epic #115 "Categorization of uploaded certificates").Blocking Custom Attribute conditions for this event undermines the entire "categorize / reject based on the uploaded cert's properties" scenario that the platform advertises.
Steps to Reproduce
Resource = Certificate,Filter Field Source = Custom Attribute, any field / operator / valueExpected Behavior
Certificate uploadedevents and evaluates the Custom Attribute condition against the uploaded certificate's custom attributes (which were sent as part of the upload payload)Actual Behavior
Severity
Major
Module
Core
Attachments
Logs
No response
Environment
ILM Core: 2.18.1-SNAPSHOT (2 Jul 2026, 09:00)
Commit: 633d1f0
Branch: main
Build time: 2026-07-02T07:00:20Z
ILM Frontend: 2.18.0 (1 Jul 2026, 18:28)
PostgreSQL: 15.6 (Debian 15.6-0+deb12u1)
Client: