132 lines
4.6 KiB
Python
132 lines
4.6 KiB
Python
# -*- coding: utf-8 -*- #
|
|
# Copyright 2018 Google LLC. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""Common utility functions for sql users commands."""
|
|
|
|
from __future__ import absolute_import
|
|
from __future__ import division
|
|
from __future__ import unicode_literals
|
|
|
|
from googlecloudsdk.calliope import exceptions
|
|
|
|
|
|
def ParseDualPasswordType(sql_messages, args):
|
|
"""Parses the correct retained password type for the arguments given.
|
|
|
|
Args:
|
|
sql_messages: the proto definition for the API being called
|
|
args: argparse.Namespace, The arguments that this command was invoked with.
|
|
|
|
Returns:
|
|
DualPasswordType enum or None
|
|
"""
|
|
if args.discard_dual_password:
|
|
return sql_messages.User.DualPasswordTypeValueValuesEnum.NO_DUAL_PASSWORD
|
|
|
|
if args.retain_password:
|
|
return sql_messages.User.DualPasswordTypeValueValuesEnum.DUAL_PASSWORD
|
|
|
|
return None
|
|
|
|
|
|
def ParseUserType(sql_messages, args):
|
|
if args.type:
|
|
return sql_messages.User.TypeValueValuesEnum.lookup_by_name(
|
|
args.type.upper())
|
|
return None
|
|
|
|
|
|
def ValidateSetPasswordRequest(args):
|
|
"""Validates that the arguments for setting a password are correct.
|
|
|
|
Args:
|
|
args: argparse.Namespace, The arguments that this command was invoked with.
|
|
|
|
Returns:
|
|
throws exception or None
|
|
"""
|
|
# Cannot retain an empty password
|
|
if hasattr(args,
|
|
'retain_password') and args.retain_password and not args.password:
|
|
raise exceptions.InvalidArgumentException(
|
|
'--retain-password', 'Must set --password to non-empty'
|
|
' value.')
|
|
|
|
if hasattr(
|
|
args,
|
|
'discard_dual_password') and args.discard_dual_password and args.password:
|
|
raise exceptions.InvalidArgumentException(
|
|
'--discard-dual-password', 'Cannot set --password to non-empty value ' +
|
|
'while discarding the old password.')
|
|
|
|
|
|
def CreatePasswordPolicyFromArgs(sql_messages,
|
|
password_policy,
|
|
args):
|
|
"""Generates password policy for the user.
|
|
|
|
Args:
|
|
sql_messages: module, The messages module that should be used.
|
|
password_policy: sql_messages.UserPasswordValidationPolicy,
|
|
The policy to build the new policy off.
|
|
args: argparse.Namespace, The arguments that this command was invoked with.
|
|
|
|
Returns:
|
|
sql_messages.UserPasswordValidationPolicy or None
|
|
|
|
"""
|
|
# this logic is shared between create-user and set-password-policy. There is
|
|
# no argument in create-user to set a shared password, so we must check that
|
|
# the argument exists.
|
|
clear_password_policy = None
|
|
if hasattr(args, 'clear_password_policy'):
|
|
clear_password_policy = args.clear_password_policy
|
|
|
|
allowed_failed_attempts = args.password_policy_allowed_failed_attempts
|
|
password_expiration_duration = args.password_policy_password_expiration_duration
|
|
enable_failed_attempts_check = args.password_policy_enable_failed_attempts_check
|
|
enable_password_verification = args.password_policy_enable_password_verification
|
|
|
|
should_generate_policy = any([
|
|
allowed_failed_attempts is not None,
|
|
password_expiration_duration is not None,
|
|
enable_failed_attempts_check is not None,
|
|
enable_password_verification is not None,
|
|
clear_password_policy is not None,
|
|
])
|
|
|
|
# Config does not exist, do not generate a policy
|
|
if not should_generate_policy:
|
|
return None
|
|
|
|
if password_policy is None:
|
|
password_policy = sql_messages.UserPasswordValidationPolicy()
|
|
|
|
# Directly return empty policy to clear the existing password policy.
|
|
if clear_password_policy:
|
|
return sql_messages.UserPasswordValidationPolicy()
|
|
|
|
if allowed_failed_attempts is not None:
|
|
password_policy.allowedFailedAttempts = allowed_failed_attempts
|
|
password_policy.enableFailedAttemptsCheck = True
|
|
if password_expiration_duration is not None:
|
|
password_policy.passwordExpirationDuration = str(
|
|
password_expiration_duration) + 's'
|
|
if enable_failed_attempts_check is not None:
|
|
password_policy.enableFailedAttemptsCheck = enable_failed_attempts_check
|
|
if enable_password_verification is not None:
|
|
password_policy.enablePasswordVerification = enable_password_verification
|
|
|
|
return password_policy
|