# Lint as: python3 # Copyright 2015 Google Inc. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """A DM template that generates password as an output, namely "password". An example YAML showing how this template can be used: resources: - name: generated-password type: password.py properties: length: 8 includeSymbols: true - name: main-template type: main-template.jinja properties: password: $(ref.generated-password.password) Input properties to this template: - length: the length of the generated password. At least 8. Default 8. - includeSymbols: true/false whether to include symbol chars. Default false. The generated password satisfies the following requirements: - The length is as specified, - Containing letters and numbers, and optionally symbols if specified, - Starting with a letter, - Containing characters from at least 3 of the 4 categories: uppercases, lowercases, numbers, and symbols. """ import random import six import yaml PROPERTY_LENGTH = 'length' PROPERTY_INCLUDE_SYMBOLS = 'includeSymbols' # Note the omission of some hard to distinguish characters like I, l, 0, and O. UPPERS = 'ABCDEFGHJKLMNPQRSTUVWXYZ' LOWERS = 'abcdefghijkmnopqrstuvwxyz' ALPHABET = UPPERS + LOWERS DIGITS = '123456789' ALPHANUMS = ALPHABET + DIGITS # Including only symbols that can be passed around easily in shell scripts. SYMBOLS = '*-+.' CANDIDATES_WITH_SYMBOLS = ALPHANUMS + SYMBOLS CANDIDATES_WITHOUT_SYMBOLS = ALPHANUMS CATEGORIES_WITH_SYMBOLS = [UPPERS, LOWERS, DIGITS, SYMBOLS] CATEGORIES_WITHOUT_SYMBOLS = [UPPERS, LOWERS, DIGITS] MIN_LENGTH = 8 class InputError(Exception): """Raised when input properties are unexpected.""" def GenerateConfig(context): """Entry function to generate the DM config.""" if six.PY2: raise Exception('Use Python 3 when When using password generation') props = context.properties length = props.setdefault(PROPERTY_LENGTH, MIN_LENGTH) include_symbols = props.setdefault(PROPERTY_INCLUDE_SYMBOLS, False) if not isinstance(include_symbols, bool): raise InputError('%s must be a boolean' % PROPERTY_INCLUDE_SYMBOLS) content = { 'resources': [], 'outputs': [{ 'name': 'password', 'value': GeneratePassword(length, include_symbols) }] } return yaml.dump(content) def GeneratePassword(length=8, include_symbols=False): """Generates a random password.""" if length < MIN_LENGTH: raise InputError('Password length must be at least %d' % MIN_LENGTH) if include_symbols: candidates = CANDIDATES_WITH_SYMBOLS categories = CATEGORIES_WITH_SYMBOLS else: candidates = CANDIDATES_WITHOUT_SYMBOLS categories = CATEGORIES_WITHOUT_SYMBOLS # Generates up to the specified length minus the number of categories. # Then inserts one character for each category, ensuring that the character # satisfy the category if the generated string hasn't already. generated = ([random.choice(ALPHABET)] + [random.choice(candidates) for _ in range(length - 1 - len(categories))]) for category in categories: _InsertAndEnsureSatisfaction(generated, category, candidates) return ''.join(generated) def _InsertAndEnsureSatisfaction(generated, required, all_candidates): """Inserts 1 char into generated, satisfying required if not already. If the required characters are not already in the generated string, one will be inserted. If any required character is already in the generated string, a random character from all_candidates will be inserted. The insertion happens at a random location but not at the beginning. Args: generated: the string to be modified. required: list of required characters to check for. all_candidates: list of characters to choose from if the required characters are already satisfied. """ if set(generated).isdisjoint(required): # Not yet satisfied. Insert a required candidate. _InsertInto(generated, required) else: # Already satisfied. Insert any candidate. _InsertInto(generated, all_candidates) def _InsertInto(generated, candidates): """Inserts a random candidate into a random non-zero index of generated.""" # Avoids inserting at index 0, since the first character follows its own rule. generated.insert(random.randint(1, len(generated) - 1), random.choice(candidates))