"Fossies" - the Fresh Open Source Software Archive

Member "keystone-18.0.0/keystone/identity/backends/resource_options.py" (14 Oct 2020, 5086 Bytes) of package /linux/misc/openstack/keystone-18.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. For more information about "resource_options.py" see the Fossies "Dox" file reference documentation and the latest Fossies "Diffs" side-by-side code changes report: 17.0.0_vs_18.0.0.

    1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    2 # not use this file except in compliance with the License. You may obtain
    3 # a copy of the License at
    4 #
    5 #      http://www.apache.org/licenses/LICENSE-2.0
    6 #
    7 # Unless required by applicable law or agreed to in writing, software
    8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   10 # License for the specific language governing permissions and limitations
   11 # under the License.
   12 
   13 from keystone.common import resource_options
   14 from keystone.common.validation import parameter_types
   15 from keystone.i18n import _
   16 
   17 
   18 def _mfa_rules_validator_list_of_lists_of_strings_no_duplicates(value):
   19     # NOTE(notmorgan): This should possibly validate that the auth-types
   20     # are enabled? For now it simply validates the following:
   21     #
   22     # Must be a list of lists, each sub list must be a list of strings
   23     # e.g. [['str1', 'str2'], ['str3', 'str4']]
   24     # No sub-list may be empty. Duplication of sub-lists and duplication of
   25     # string elements are not permitted.
   26     msg = _('Invalid data type, must be a list of lists comprised of strings. '
   27             'Sub-lists may not be duplicated. Strings in sub-lists may not be '
   28             'duplicated.')
   29     if not isinstance(value, list):
   30         # Value is not a List, TypeError
   31         raise TypeError(msg)
   32     sublists = []
   33     for sublist in value:
   34         # Sublist element tracker is reset for each sublist.
   35         string_set = set()
   36         if not isinstance(sublist, list):
   37             # Sublist is not a List, TypeError
   38             raise TypeError(msg)
   39         if not sublist:
   40             # Sublist is Empty, ValueError
   41             raise ValueError(msg)
   42         if sublist in sublists:
   43             # Sublist is duplicated, ValueError
   44             raise ValueError(msg)
   45         # Add the sublist to the tracker
   46         sublists.append(sublist)
   47         for element in sublist:
   48             if not isinstance(element, str):
   49                 # Element of sublist is not a string, TypeError
   50                 raise TypeError(msg)
   51             if element in string_set:
   52                 # Element of sublist is duplicated, ValueError
   53                 raise ValueError(msg)
   54             # add element to the sublist element tracker
   55             string_set.add(element)
   56 
   57 
   58 USER_OPTIONS_REGISTRY = resource_options.ResourceOptionRegistry('USER')
   59 IGNORE_CHANGE_PASSWORD_OPT = (
   60     resource_options.ResourceOption(
   61         option_id='1000',
   62         option_name='ignore_change_password_upon_first_use',
   63         validator=resource_options.boolean_validator,
   64         json_schema_validation=parameter_types.boolean))
   65 IGNORE_PASSWORD_EXPIRY_OPT = (
   66     resource_options.ResourceOption(
   67         option_id='1001',
   68         option_name='ignore_password_expiry',
   69         validator=resource_options.boolean_validator,
   70         json_schema_validation=parameter_types.boolean))
   71 IGNORE_LOCKOUT_ATTEMPT_OPT = (
   72     resource_options.ResourceOption(
   73         option_id='1002',
   74         option_name='ignore_lockout_failure_attempts',
   75         validator=resource_options.boolean_validator,
   76         json_schema_validation=parameter_types.boolean))
   77 LOCK_PASSWORD_OPT = (
   78     resource_options.ResourceOption(
   79         option_id='1003',
   80         option_name='lock_password',
   81         validator=resource_options.boolean_validator,
   82         json_schema_validation=parameter_types.boolean))
   83 IGNORE_USER_INACTIVITY_OPT = (
   84     resource_options.ResourceOption(
   85         option_id='1004',
   86         option_name='ignore_user_inactivity',
   87         validator=resource_options.boolean_validator,
   88         json_schema_validation=parameter_types.boolean))
   89 MFA_RULES_OPT = (
   90     resource_options.ResourceOption(
   91         option_id='MFAR',
   92         option_name='multi_factor_auth_rules',
   93         validator=_mfa_rules_validator_list_of_lists_of_strings_no_duplicates,
   94         json_schema_validation={
   95             # List
   96             'type': 'array',
   97             'items': {
   98                 # Of Lists
   99                 'type': 'array',
  100                 'items': {
  101                     # Of Strings, each string must be unique, minimum 1
  102                     # element
  103                     'type': 'string',
  104                 },
  105                 'minItems': 1,
  106                 'uniqueItems': True
  107             },
  108             'uniqueItems': True
  109         }))
  110 MFA_ENABLED_OPT = (
  111     resource_options.ResourceOption(
  112         option_id='MFAE',
  113         option_name='multi_factor_auth_enabled',
  114         validator=resource_options.boolean_validator,
  115         json_schema_validation=parameter_types.boolean))
  116 
  117 
  118 # NOTE(notmorgan): wrap this in a function for testing purposes.
  119 # This is called on import by design.
  120 def register_user_options():
  121     for opt in [
  122         IGNORE_CHANGE_PASSWORD_OPT,
  123         IGNORE_PASSWORD_EXPIRY_OPT,
  124         IGNORE_LOCKOUT_ATTEMPT_OPT,
  125         LOCK_PASSWORD_OPT,
  126         IGNORE_USER_INACTIVITY_OPT,
  127         MFA_RULES_OPT,
  128         MFA_ENABLED_OPT,
  129     ]:
  130         USER_OPTIONS_REGISTRY.register_option(opt)
  131 
  132 
  133 register_user_options()