Receive a notification each time a device is on registration VLAN

[nqb]

Is your feature request related to a problem? Please describe.
I would like to be notify each time a device is on registration VLAN because it's something uncommon: all my devices should be on production VLAN. So I want to detect it.

Using following VLAN filter:

[test]
condition=node_info.status == "unreg"
status=enabled
description=test
run_actions=enabled
scopes=RegistrationRole
top_op=and
action.0=trigger_security_event: mac, $mac, tid, registration, type, CUSTOM

and a security event, a node will match this VLAN filter in two cases;

1. if device is not registered when a RADIUS request is received (expected behavior)
2. if device reach unregistration date and is unregistered by nodes_maintenance task (side effect)

I would like my VLAN filter to match only in 1 because 2 will apply to almost all devices.

Describe the solution you'd like
Have a way to match VLAN filter only in 1.

I look at conditions on VLAN filter but I don't find a suitable condition to match 1 and not 2.

I think a solution could be to use a dedicated scope when we deauthenticate a device. Currently, we call fetchRoleForNode from _should_we_reassign_vlan which means that we are in the same code path in 1 and 2 at some point.

Describe alternatives you've considered
Use a different approach like a report