Merge "Service parameters for pwd rules in keystone.conf"
This commit is contained in:
commit
62ac3bd546
@ -1194,6 +1194,12 @@ SERVICE_PARAM_NAME_PLATFORM_AUDITD = 'audit'
|
||||
SERVICE_PARAM_PLATFORM_AUDITD_DISABLED = '0'
|
||||
SERVICE_PARAM_PLATFORM_AUDITD_ENABLED = '1'
|
||||
|
||||
# platform keystone security compliance config
|
||||
SERVICE_PARAM_SECTION_SECURITY_COMPLIANCE = 'security_compliance'
|
||||
SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT = 'unique_last_password_count'
|
||||
SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX = 'password_regex'
|
||||
SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION = 'password_regex_description'
|
||||
|
||||
# TIS part number, CPE = combined load, STD = standard load
|
||||
TIS_STD_BUILD = 'Standard'
|
||||
TIS_AIO_BUILD = 'All-in-one'
|
||||
|
@ -411,6 +411,15 @@ def _validate_kernel_audit(name, value):
|
||||
constants.SERVICE_PARAM_PLATFORM_AUDITD_ENABLED)))
|
||||
|
||||
|
||||
def _validate_regex(name, value):
|
||||
"""Check if specified regex is valid"""
|
||||
try:
|
||||
re.compile(value)
|
||||
except re.error:
|
||||
raise wsme.exc.ClientSideError(_(
|
||||
"Parameter %s must be a valid regex" % name))
|
||||
|
||||
|
||||
PLATFORM_CONFIG_PARAMETER_OPTIONAL = [
|
||||
constants.SERVICE_PARAM_NAME_PLAT_CONFIG_VIRTUAL,
|
||||
]
|
||||
@ -543,15 +552,39 @@ PLATFORM_KERNEL_PARAMETER_OPTIONAL = [
|
||||
constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD,
|
||||
]
|
||||
|
||||
PLATFORM_KEYSTONE_PARAMETER_OPTIONAL = [
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT,
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX,
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION,
|
||||
]
|
||||
|
||||
PLATFORM_KERNEL_PARAMETER_VALIDATOR = {
|
||||
constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD: _validate_kernel_audit,
|
||||
}
|
||||
|
||||
PLATFORM_KEYSTONE_PARAMETER_VALIDATOR = {
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT:
|
||||
_validate_integer,
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX:
|
||||
_validate_regex,
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION:
|
||||
_validate_not_empty
|
||||
}
|
||||
|
||||
PLATFORM_KERNEL_PARAMETER_RESOURCE = {
|
||||
constants.SERVICE_PARAM_NAME_PLATFORM_AUDITD:
|
||||
'platform::compute::grub::params::g_audit',
|
||||
}
|
||||
|
||||
PLATFORM_KEYSTONE_PARAMETER_RESOURCE = {
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_UNIQUE_LAST_PASSWORD_COUNT:
|
||||
'keystone::security_compliance::unique_last_password_count',
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX:
|
||||
'keystone::security_compliance::password_regex',
|
||||
constants.SERVICE_PARAM_NAME_SECURITY_COMPLIANCE_PASSWORD_REGEX_DESCRIPTION:
|
||||
'keystone::security_compliance::password_regex_description',
|
||||
}
|
||||
|
||||
RADOSGW_CONFIG_PARAMETER_MANDATORY = [
|
||||
constants.SERVICE_PARAM_NAME_RADOSGW_SERVICE_ENABLED,
|
||||
]
|
||||
@ -797,6 +830,11 @@ SERVICE_PARAMETER_SCHEMA = {
|
||||
SERVICE_PARAM_VALIDATOR: IDENTITY_CONFIG_PARAMETER_VALIDATOR,
|
||||
SERVICE_PARAM_RESOURCE: IDENTITY_CONFIG_PARAMETER_RESOURCE,
|
||||
},
|
||||
constants.SERVICE_PARAM_SECTION_SECURITY_COMPLIANCE: {
|
||||
SERVICE_PARAM_OPTIONAL: PLATFORM_KEYSTONE_PARAMETER_OPTIONAL,
|
||||
SERVICE_PARAM_VALIDATOR: PLATFORM_KEYSTONE_PARAMETER_VALIDATOR,
|
||||
SERVICE_PARAM_RESOURCE: PLATFORM_KEYSTONE_PARAMETER_RESOURCE,
|
||||
}
|
||||
},
|
||||
constants.SERVICE_TYPE_PLATFORM: {
|
||||
constants.SERVICE_PARAM_SECTION_PLATFORM_CONFIG: {
|
||||
@ -829,7 +867,7 @@ SERVICE_PARAMETER_SCHEMA = {
|
||||
SERVICE_PARAM_OPTIONAL: PLATFORM_KERNEL_PARAMETER_OPTIONAL,
|
||||
SERVICE_PARAM_VALIDATOR: PLATFORM_KERNEL_PARAMETER_VALIDATOR,
|
||||
SERVICE_PARAM_RESOURCE: PLATFORM_KERNEL_PARAMETER_RESOURCE,
|
||||
},
|
||||
}
|
||||
},
|
||||
constants.SERVICE_TYPE_HORIZON: {
|
||||
constants.SERVICE_PARAM_SECTION_HORIZON_AUTH: {
|
||||
|
Loading…
Reference in New Issue
Block a user