Source code for zhmcclient._password_rule

# Copyright 2017,2021 IBM Corp. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""
A :term:`Password Rule` resource represents a rule which an HMC user must
follow when creating a HMC logon password. Each HMC user using local
authentication (i.e. not LDAP) is assigned a password rule. There are certain
system-defined password rules available for use.
"""

from __future__ import absolute_import

import copy

from ._manager import BaseManager
from ._resource import BaseResource
from ._logging import logged_api_call
from ._utils import RC_PASSWORD_RULE

__all__ = ['PasswordRuleManager', 'PasswordRule']


[docs] class PasswordRuleManager(BaseManager): """ Manager providing access to the :term:`Password Rule` resources of a HMC. Derived from :class:`~zhmcclient.BaseManager`; see there for common methods and attributes. Objects of this class are not directly created by the user; they are accessible via the following instance variable of a :class:`~zhmcclient.Console` object: * :attr:`zhmcclient.Console.password_rules` """ def __init__(self, console): # This function should not go into the docs. # Parameters: # console (:class:`~zhmcclient.Console`): # Console object representing the HMC. # Resource properties that are supported as filter query parameters. # If the support for a resource property changes within the set of HMC # versions that support this type of resource, this list must be set up # for the version of the HMC this session is connected to. # Because this resource has case-insensitive names, this list must # contain the name property. query_props = [ 'name', 'type', ] super(PasswordRuleManager, self).__init__( resource_class=PasswordRule, class_name=RC_PASSWORD_RULE, session=console.manager.session, parent=console, base_uri='/api/console/password-rules', oid_prop='element-id', uri_prop='element-uri', name_prop='name', query_props=query_props, case_insensitive_names=True) @property def console(self): """ :class:`~zhmcclient.Console`: :term:`Console` defining the scope for this manager. """ return self._parent
[docs] @logged_api_call def list(self, full_properties=False, filter_args=None): """ List the :term:`Password Rule` resources representing the password rules defined in this HMC. Any resource property may be specified in a filter argument. For details about filter arguments, see :ref:`Filtering`. The listing of resources is handled in an optimized way: * If this manager is enabled for :ref:`auto-updating`, a locally maintained resource list is used (which is automatically updated via inventory notifications from the HMC) and the provided filter arguments are applied. * Otherwise, if the filter arguments specify the resource name as a single filter argument with a straight match string (i.e. without regular expressions), an optimized lookup is performed based on a locally maintained name-URI cache. * Otherwise, the HMC List operation is performed with the subset of the provided filter arguments that can be handled on the HMC side and the remaining filter arguments are applied on the client side on the list result. Authorization requirements: * User-related-access permission to the Password Rule objects included in the result, or task permission to the "Manage Password Rules" task. Parameters: full_properties (bool): Controls whether the full set of resource properties should be retrieved, vs. only the short set as returned by the list operation. filter_args (dict): Filter arguments that narrow the list of returned resources to those that match the specified filter arguments. For details, see :ref:`Filtering`. `None` causes no filtering to happen, i.e. all resources are returned. Returns: : A list of :class:`~zhmcclient.PasswordRule` objects. Raises: :exc:`~zhmcclient.HTTPError` :exc:`~zhmcclient.ParseError` :exc:`~zhmcclient.AuthError` :exc:`~zhmcclient.ConnectionError` """ result_prop = 'password-rules' list_uri = '{}/password-rules'.format(self.console.uri) return self._list_with_operation( list_uri, result_prop, full_properties, filter_args, None)
[docs] @logged_api_call def create(self, properties): """ Create a new Password Rule in this HMC. Authorization requirements: * Task permission to the "Manage Password Rules" task. Parameters: properties (dict): Initial property values. Allowable properties are defined in section 'Request body contents' in section 'Create Password Rule' in the :term:`HMC API` book. Returns: PasswordRule: The resource object for the new Password Rule. The object will have its 'element-uri' property set as returned by the HMC, and will also have the input properties set. Raises: :exc:`~zhmcclient.HTTPError` :exc:`~zhmcclient.ParseError` :exc:`~zhmcclient.AuthError` :exc:`~zhmcclient.ConnectionError` """ result = self.session.post(self.console.uri + '/password-rules', body=properties) # There should not be overlaps, but just in case there are, the # returned props should overwrite the input props: props = copy.deepcopy(properties) props.update(result) name = props.get(self._name_prop, None) uri = props[self._uri_prop] password_rule = PasswordRule(self, uri, name, props) self._name_uri_cache.update(name, uri) return password_rule
[docs] class PasswordRule(BaseResource): """ Representation of a :term:`Password Rule`. Derived from :class:`~zhmcclient.BaseResource`; see there for common methods and attributes. Objects of this class are not directly created by the user; they are returned from creation or list functions on their manager object (in this case, :class:`~zhmcclient.PasswordRuleManager`). """ def __init__(self, manager, uri, name=None, properties=None): # This function should not go into the docs. # manager (:class:`~zhmcclient.PasswordRuleManager`): # Manager object for this resource object. # uri (string): # Canonical URI path of the resource. # name (string): # Name of the resource. # properties (dict): # Properties to be set for this resource object. May be `None` or # empty. assert isinstance(manager, PasswordRuleManager), \ "Console init: Expected manager type {}, got {}" \ .format(PasswordRuleManager, type(manager)) super(PasswordRule, self).__init__(manager, uri, name, properties)
[docs] @logged_api_call def delete(self): """ Delete this Password Rule. The Password Rule must be user-defined. System-defined Password Rules cannot be deleted. Authorization requirements: * Task permission to the "Manage Password Rules" task. Raises: :exc:`~zhmcclient.HTTPError` :exc:`~zhmcclient.ParseError` :exc:`~zhmcclient.AuthError` :exc:`~zhmcclient.ConnectionError` """ # pylint: disable=protected-access self.manager.session.delete(self.uri, resource=self) self.manager._name_uri_cache.delete( self.get_properties_local(self.manager._name_prop, None)) self.cease_existence_local()
[docs] @logged_api_call def update_properties(self, properties): """ Update writeable properties of this PasswordRule. The Password Rule must be user-defined. System-defined Password Rules cannot be updated. This method serializes with other methods that access or change properties on the same Python object. Authorization requirements: * Task permission to the "Manage Password Rules" task. Parameters: properties (dict): New values for the properties to be updated. Properties not to be updated are omitted. Allowable properties are the properties with qualifier (w) in section 'Data model' in section 'Password Rule object' in the :term:`HMC API` book. Raises: :exc:`~zhmcclient.HTTPError` :exc:`~zhmcclient.ParseError` :exc:`~zhmcclient.AuthError` :exc:`~zhmcclient.ConnectionError` """ # pylint: disable=protected-access self.manager.session.post(self.uri, resource=self, body=properties) # The name of Password Rules cannot be updated. An attempt to do so # should cause HTTPError to be raised in the POST above, so we assert # that here, because we omit the extra code for handling name updates: assert self.manager._name_prop not in properties self.update_properties_local(copy.deepcopy(properties))