e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
34 lines
734 B
Python
34 lines
734 B
Python
"""
|
|
requests.hooks
|
|
~~~~~~~~~~~~~~
|
|
|
|
This module provides the capabilities for the Requests hooks system.
|
|
|
|
Available hooks:
|
|
|
|
``response``:
|
|
The response generated from a Request.
|
|
"""
|
|
|
|
HOOKS = ["response"]
|
|
|
|
|
|
def default_hooks():
|
|
return {event: [] for event in HOOKS}
|
|
|
|
|
|
# TODO: response is the only one
|
|
|
|
|
|
def dispatch_hook(key, hooks, hook_data, **kwargs):
|
|
"""Dispatches a hook dictionary on a given piece of data."""
|
|
hooks = hooks or {}
|
|
hooks = hooks.get(key)
|
|
if hooks:
|
|
if hasattr(hooks, "__call__"):
|
|
hooks = [hooks]
|
|
for hook in hooks:
|
|
_hook_data = hook(hook_data, **kwargs)
|
|
if _hook_data is not None:
|
|
hook_data = _hook_data
|
|
return hook_data
|