Merge "Service parameters for pwd rules in keystone.conf"

This commit is contained in:
Zuul 2021-10-25 17:03:29 +00:00 committed by Gerrit Code Review
commit 62ac3bd546
2 changed files with 45 additions and 1 deletions

View File

@ -1194,6 +1194,12 @@ SERVICE_PARAM_NAME_PLATFORM_AUDITD = 'audit'
SERVICE_PARAM_PLATFORM_AUDITD_DISABLED = '0'
SERVICE_PARAM_PLATFORM_AUDITD_ENABLED = '1'
# platform keystone security compliance config
SERVICE_PARAM_SECTION_SECURITY_COMPLIANCE = 'security_compliance'
SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT = 'unique_last_password_count'
SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX = 'password_regex'
SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION = 'password_regex_description'
# TIS part number, CPE = combined load, STD = standard load
TIS_STD_BUILD = 'Standard'
TIS_AIO_BUILD = 'All-in-one'

View File

@ -411,6 +411,15 @@ def _validate_kernel_audit(name, value):
constants.SERVICE_PARAM_PLATFORM_AUDITD_ENABLED)))
def _validate_regex(name, value):
"""Check if specified regex is valid"""
try:
re.compile(value)
except re.error:
raise wsme.exc.ClientSideError(_(
"Parameter %s must be a valid regex" % name))
PLATFORM_CONFIG_PARAMETER_OPTIONAL = [
constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL,
]
@ -543,15 +552,39 @@ PLATFORM_KERNEL_PARAMETER_OPTIONAL = [
constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD,
]
PLATFORM_KEYSTONE_PARAMETER_OPTIONAL = [
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT,
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX,
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION,
]
PLATFORM_KERNEL_PARAMETER_VALIDATOR = {
constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD: _validate_kernel_audit,
}
PLATFORM_KEYSTONE_PARAMETER_VALIDATOR = {
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT:
_validate_integer,
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX:
_validate_regex,
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION:
_validate_not_empty
}
PLATFORM_KERNEL_PARAMETER_RESOURCE = {
constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD:
'platform::compute::grub::params::g_audit',
}
PLATFORM_KEYSTONE_PARAMETER_RESOURCE = {
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT:
'keystone::security_compliance::unique_last_password_count',
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX:
'keystone::security_compliance::password_regex',
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION:
'keystone::security_compliance::password_regex_description',
}
RADOSGW_CONFIG_PARAMETER_MANDATORY = [
constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED,
]
@ -797,6 +830,11 @@ SERVICE_PARAMETER_SCHEMA = {
SERVICE_PARAM_VALIDATOR: IDENTITY_CONFIG_PARAMETER_VALIDATOR,
SERVICE_PARAM_RESOURCE: IDENTITY_CONFIG_PARAMETER_RESOURCE,
},
constants.SERVICE_PARAM_SECTION_SECURITY_COMPLIANCE: {
SERVICE_PARAM_OPTIONAL: PLATFORM_KEYSTONE_PARAMETER_OPTIONAL,
SERVICE_PARAM_VALIDATOR: PLATFORM_KEYSTONE_PARAMETER_VALIDATOR,
SERVICE_PARAM_RESOURCE: PLATFORM_KEYSTONE_PARAMETER_RESOURCE,
}
},
constants.SERVICE_TYPE_PLATFORM: {
constants.SERVICE_PARAM_SECTION_PLATFORM_CONFIG: {
@ -829,7 +867,7 @@ SERVICE_PARAMETER_SCHEMA = {
SERVICE_PARAM_OPTIONAL: PLATFORM_KERNEL_PARAMETER_OPTIONAL,
SERVICE_PARAM_VALIDATOR: PLATFORM_KERNEL_PARAMETER_VALIDATOR,
SERVICE_PARAM_RESOURCE: PLATFORM_KERNEL_PARAMETER_RESOURCE,
},
}
},
constants.SERVICE_TYPE_HORIZON: {
constants.SERVICE_PARAM_SECTION_HORIZON_AUTH: {