coryHawkvelt/gatehouse-api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
2aad17f5e0a27c3ef7bed73c6f4b00c5a0d3a7c9
gatehouse-api/gatehouse_app/utils/constants.py
T

343 lines
10 KiB
Python
Raw Blame History

"""Application constants and enums."""
from enum import Enum
class UserStatus(str, Enum):
"""User account status."""
ACTIVE = "active"
INACTIVE = "inactive"
SUSPENDED = "suspended"
PENDING = "pending"
COMPLIANCE_SUSPENDED = "compliance_suspended"
class Role(str, Enum):
"""Generic role definitions (hierarchy: Admin > Manager > Member > Viewer > Guest)."""
ADMIN = "admin"
MANAGER = "manager"
MEMBER = "member"
VIEWER = "viewer"
GUEST = "guest"
class OrganizationRole(str, Enum):
"""Organization member roles."""
OWNER = "owner"
ADMIN = "admin"
MEMBER = "member"
GUEST = "guest"
class AuthMethodType(str, Enum):
"""Authentication method types."""
PASSWORD = "password"
TOTP = "totp"
GOOGLE = "google"
GITHUB = "github"
MICROSOFT = "microsoft"
SAML = "saml"
OIDC = "oidc"
WEBAUTHN = "webauthn"
class SessionStatus(str, Enum):
"""Session status."""
ACTIVE = "active"
EXPIRED = "expired"
REVOKED = "revoked"
class SessionType(str, Enum):
"""Session owner type discriminator."""
USER = "user"
SUPERADMIN = "superadmin"
class AuditAction(str, Enum):
"""Audit log action types."""
# User actions
USER_LOGIN = "user.login"
USER_LOGOUT = "user.logout"
USER_REGISTER = "user.register"
USER_UPDATE = "user.update"
USER_DELETE = "user.delete"
USER_HARD_DELETE = "user.hard_delete"
USER_SUSPEND = "user.suspend"
USER_UNSUSPEND = "user.unsuspend"
USER_RESTORE = "user.restore"
PASSWORD_CHANGE = "user.password_change"
PASSWORD_RESET = "user.password_reset"
# Login/security events
LOGIN_BLOCKED_COMPLIANCE = "login.blocked.compliance"
MFA_COMPLIANCE_BYPASS_ATTEMPT = "mfa.compliance.bypass_attempt"
MFA_NOTIFICATION_SENT = "mfa.notification.sent"
MFA_SUSPENSION_NOTIFICATION_SENT = "mfa.suspension_notification.sent"
MFA_SUSPENSION_ADMIN_NOTIFICATION_SENT = "mfa.suspension_admin_notification.sent"
# Organization actions
ORG_CREATE = "org.create"
ORG_UPDATE = "org.update"
ORG_DELETE = "org.delete"
ORG_MEMBER_ADD = "org.member.add"
ORG_MEMBER_REMOVE = "org.member.remove"
ORG_MEMBER_ROLE_CHANGE = "org.member.role_change"
ORG_OWNERSHIP_TRANSFERRED = "org.ownership.transferred"
ORG_INVITE_SENT = "org.invite.sent"
# Session actions
SESSION_CREATE = "session.create"
SESSION_REVOKE = "session.revoke"
# Auth method actions
AUTH_METHOD_ADD = "auth.method.add"
AUTH_METHOD_REMOVE = "auth.method.remove"
TOTP_ENROLL_INITIATED = "totp.enroll.initiated"
TOTP_ENROLL_COMPLETED = "totp.enroll.completed"
TOTP_VERIFY_SUCCESS = "totp.verify.success"
TOTP_VERIFY_FAILED = "totp.verify.failed"
TOTP_DISABLED = "totp.disabled"
TOTP_BACKUP_CODE_USED = "totp.backup_code.used"
TOTP_BACKUP_CODES_REGENERATED = "totp.backup_codes.regenerated"
ADMIN_MFA_REMOVE = "admin.mfa.remove"
ADMIN_OAUTH_UNLINK = "admin.oauth.unlink"
ADMIN_PASSWORD_SET = "admin.password.set"
ADMIN_EMAIL_VERIFY = "admin.email.verify"
# WebAuthn actions
WEBAUTHN_REGISTER_INITIATED = "webauthn.register.initiated"
WEBAUTHN_REGISTER_COMPLETED = "webauthn.register.completed"
WEBAUTHN_REGISTER_FAILED = "webauthn.register.failed"
WEBAUTHN_LOGIN_INITIATED = "webauthn.login.initiated"
WEBAUTHN_LOGIN_SUCCESS = "webauthn.login.success"
WEBAUTHN_LOGIN_FAILED = "webauthn.login.failed"
WEBAUTHN_CREDENTIAL_DELETED = "webauthn.credential.deleted"
WEBAUTHN_CREDENTIAL_RENAMED = "webauthn.credential.renamed"
# Security policy actions
ORG_SECURITY_POLICY_UPDATE = "org.security_policy.update"
USER_SECURITY_POLICY_OVERRIDE_UPDATE = "user.security_policy.override_update"
MFA_POLICY_USER_SUSPENDED = "mfa.policy.user_suspended"
MFA_POLICY_USER_COMPLIANT = "mfa.policy.user_compliant"
# External authentication provider actions
EXTERNAL_AUTH_LINK_INITIATED = "external_auth.link.initiated"
EXTERNAL_AUTH_LINK_COMPLETED = "external_auth.link.completed"
EXTERNAL_AUTH_LINK_FAILED = "external_auth.link.failed"
EXTERNAL_AUTH_UNLINK = "external_auth.unlink"
EXTERNAL_AUTH_LOGIN = "external_auth.login"
EXTERNAL_AUTH_LOGIN_FAILED = "external_auth.login.failed"
EXTERNAL_AUTH_TOKEN_REFRESH = "external_auth.token_refresh"
EXTERNAL_AUTH_CONFIG_CREATE = "external_auth.config.create"
EXTERNAL_AUTH_CONFIG_UPDATE = "external_auth.config.update"
EXTERNAL_AUTH_CONFIG_DELETE = "external_auth.config.delete"
# SSH Key and Certificate actions
SSH_KEY_ADDED = "ssh.key.added"
SSH_KEY_VERIFIED = "ssh.key.verified"
SSH_KEY_DELETED = "ssh.key.deleted"
SSH_KEY_VALIDATION_FAILED = "ssh.key.validation.failed"
SSH_CERT_REQUESTED = "ssh.cert.requested"
SSH_CERT_ISSUED = "ssh.cert.issued"
SSH_CERT_FAILED = "ssh.cert.failed"
SSH_CERT_REVOKED = "ssh.cert.revoked"
SSH_CERT_EXPIRED = "ssh.cert.expired"
# CA actions
CA_CREATED = "ca.created"
CA_UPDATED = "ca.updated"
CA_DELETED = "ca.deleted"
CA_KEY_ROTATED = "ca.key.rotated"
# Principal actions
PRINCIPAL_CREATED = "principal.created"
PRINCIPAL_UPDATED = "principal.updated"
PRINCIPAL_DELETED = "principal.deleted"
PRINCIPAL_MEMBER_ADDED = "principal.member.added"
PRINCIPAL_MEMBER_REMOVED = "principal.member.removed"
# Department actions
DEPARTMENT_CREATED = "department.created"
DEPARTMENT_UPDATED = "department.updated"
DEPARTMENT_DELETED = "department.deleted"
DEPARTMENT_MEMBER_ADDED = "department.member.added"
DEPARTMENT_MEMBER_REMOVED = "department.member.removed"
DEPARTMENT_CERT_POLICY_UPDATED = "department.cert_policy.updated"
# Organization invite actions
ORG_INVITE_CANCELLED = "org.invite.cancelled"
# MFA reminder
ORG_MFA_REMINDER_SENT = "org.mfa_reminder.sent"
# API key actions
ORG_API_KEY_CREATED = "org.api_key.created"
ORG_API_KEY_UPDATED = "org.api_key.updated"
ORG_API_KEY_DELETED = "org.api_key.deleted"
# OIDC client actions
ORG_CLIENT_CREATED = "org.client.created"
ORG_CLIENT_UPDATED = "org.client.updated"
ORG_CLIENT_DEACTIVATED = "org.client.deactivated"
# Principal department link actions
PRINCIPAL_DEPARTMENT_LINKED = "principal.department.linked"
PRINCIPAL_DEPARTMENT_UNLINKED = "principal.department.unlinked"
# ZeroTier network actions
ZT_APPROVAL_REOPENED = "zt.approval.reopened"
ZT_APPROVAL_REQUESTED = "zt.approval.requested"
ZT_APPROVAL_GRANTED = "zt.approval.granted"
ZT_APPROVAL_REJECTED = "zt.approval.rejected"
ZT_APPROVAL_REVOKED = "zt.approval.revoked"
ZT_MEMBERSHIP_ACTIVATED = "zt.membership.activated"
ZT_MEMBERSHIP_DEACTIVATED = "zt.membership.deactivated"
ZT_MEMBERSHIP_CREATED = "zt.membership.created"
ZT_MEMBER_AUTHORIZED = "zt.member.authorized"
ZT_MEMBER_DEAUTHORIZED = "zt.member.deauthorized"
ZT_REQUEST_REVOKED = "zt.request.revoked"
ZT_KILL_SWITCH_ACTIVATED = "zt.kill_switch.activated"
ZT_NETWORK_KILL_SWITCH = "zt.network_kill_switch.activated"
ZT_ACTIVATION_EXPIRED = "zt.activation.expired"
ZT_SESSION_ENDED = "zt.session.ended"
ZT_NETWORK_CREATED = "zt.network.created"
ZT_NETWORK_UPDATED = "zt.network.updated"
ZT_NETWORK_DELETED = "zt.network.deleted"
ZT_NETWORK_RESTORED = "zt.network.restored"
ZT_CONFIG_UPDATED = "org.zerotier_config.updated"
ZT_CONFIG_DELETED = "org.zerotier_config.deleted"
# Device actions
DEVICE_REGISTERED = "device.registered"
DEVICE_UPDATED = "device.updated"
DEVICE_REMOVED = "device.removed"
class OIDCGrantType(str, Enum):
"""OIDC grant types."""
AUTHORIZATION_CODE = "authorization_code"
IMPLICIT = "implicit"
REFRESH_TOKEN = "refresh_token"
CLIENT_CREDENTIALS = "client_credentials"
class OIDCResponseType(str, Enum):
"""OIDC response types."""
CODE = "code"
TOKEN = "token"
ID_TOKEN = "id_token"
# Error type constants
class ErrorType:
"""Error type constants for API responses."""
VALIDATION_ERROR = "VALIDATION_ERROR"
AUTHENTICATION_ERROR = "AUTHENTICATION_ERROR"
AUTHORIZATION_ERROR = "AUTHORIZATION_ERROR"
NOT_FOUND = "NOT_FOUND"
CONFLICT = "CONFLICT"
RATE_LIMIT_EXCEEDED = "RATE_LIMIT_EXCEEDED"
INTERNAL_ERROR = "INTERNAL_ERROR"
BAD_REQUEST = "BAD_REQUEST"
class MfaPolicyMode(str, Enum):
"""MFA policy mode for organizations."""
DISABLED = "disabled"
OPTIONAL = "optional"
REQUIRE_TOTP = "require_totp"
REQUIRE_WEBAUTHN = "require_webauthn"
REQUIRE_TOTP_OR_WEBAUTHN = "require_totp_or_webauthn"
class MfaComplianceStatus(str, Enum):
"""MFA compliance status for users per organization."""
NOT_APPLICABLE = "not_applicable"
PENDING = "pending"
IN_GRACE = "in_grace"
COMPLIANT = "compliant"
PAST_DUE = "past_due"
SUSPENDED = "suspended"
class MfaRequirementOverride(str, Enum):
"""User override for organization MFA requirements."""
INHERIT = "inherit"
REQUIRED = "required"
EXEMPT = "exempt"
# ── ZeroTier / Portal Network ────────────────────────────────────────────────
class NetworkEnvironment(str, Enum):
"""Environment tag for a portal network."""
PRODUCTION = "production"
STAGING = "staging"
DEVELOPMENT = "development"
LAB = "lab"
class NetworkRequestMode(str, Enum):
"""How users request access to a portal network."""
OPEN = "open" # anyone in the org can request
APPROVAL_REQUIRED = "approval_required" # manager must approve
INVITE_ONLY = "invite_only" # only managers can assign
class ApprovalGrantType(str, Enum):
"""How a user was granted network access."""
REQUESTED = "requested" # user initiated
ASSIGNED = "assigned" # manager initiated
class ApprovalState(str, Enum):
"""State of a user network approval record."""
PENDING = "pending"
APPROVED = "approved"
REJECTED = "rejected"
REVOKED = "revoked"
SUSPENDED = "suspended"
class ActivationEndReason(str, Enum):
"""Why an activation session ended."""
EXPIRED = "expired"
LOGOUT = "logout"
KILL_SWITCH = "kill_switch"
MANUAL_REVOKE = "manual_revoke"
APPROVAL_REVOKED = "approval_revoked"
ADMIN_ACTION = "admin_action"
class KillSwitchScope(str, Enum):
"""Scope of a kill switch event."""
ORGANIZATION = "organization"
SELECTED_NETWORKS = "selected_networks"
class DeviceStatus(str, Enum):
"""Status of a registered device."""
ACTIVE = "active"
INACTIVE = "inactive"
Reference in New Issue View Git Blame Copy Permalink