e744336385
C-6: ConnectorRuntime enforces capability_mask per operation.
READ-only ACs cannot invoke MUTATE operations (wipe, lock, retire).
C-7: AC validated against database (exists, active, not expired)
before connector invocation.
C-9: Delegated AC capability bounded by delegator's capability.
C-10: Command counter uses atomic SQL increment with limit check.
M-23: expire_stale() uses same atomic SQL pattern.
H-1: Sensitive credential fields hidden from repr/logs via repr=False.
H-2: Stub backend requires ALLOW_STUB_CREDENTIALS=true to activate.
H-3: Kerberos backend raises CredentialResolutionError instead of
returning stub ticket.
H-4: Chronicle INTENT emitted before execution, RESULT after.
H-5: device_id validated as UUID before Graph API URL interpolation.
H-8: ConnectorRuntime enforces governance for all connector invocations.
Signed-off-by: Tyler King <tking@guildhouse.dev>
18 lines
568 B
Python
18 lines
568 B
Python
from __future__ import annotations
|
|
|
|
import warnings
|
|
|
|
|
|
with warnings.catch_warnings():
|
|
# Suppress redundant DeprecationWarning raised by websockets.legacy.
|
|
warnings.filterwarnings("ignore", category=DeprecationWarning)
|
|
from .legacy.auth import *
|
|
from .legacy.auth import __all__ # noqa: F401
|
|
|
|
|
|
warnings.warn( # deprecated in 14.0 - 2024-11-09
|
|
"websockets.auth, an alias for websockets.legacy.auth, is deprecated; "
|
|
"see https://websockets.readthedocs.io/en/stable/howto/upgrade.html "
|
|
"for upgrade instructions",
|
|
DeprecationWarning,
|
|
)
|