Gitiles
Code Review Sign In
osm.etsi.org / osm / NBI / 38dcfeb4a5d8c8da65b9ee2d2c2f58bc6164f6bf / . / osm_nbi / authconn.py
blob: 2780d59ad811488c5e6c28f762618ea51a9d9bd7 [file] [log] [blame]
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]1# -*- coding: utf-8 -*-
2
Eduardo Sousad795f872019-02-05 16:05:53 +0000[diff] [blame]3# Copyright 2018 Whitestack, LLC
4#
5# Licensed under the Apache License, Version 2.0 (the "License"); you may
6# not use this file except in compliance with the License. You may obtain
7# a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14# License for the specific language governing permissions and limitations
15# under the License.
16#
17# For those usages not covered by the Apache License, Version 2.0 please
18# contact: esousa@whitestack.com or glavado@whitestack.com
19##
20
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]21"""
22Authconn implements an Abstract class for the Auth backend connector
23plugins with the definition of the methods to be implemented.
24"""
25
26__author__ = "Eduardo Sousa <esousa@whitestack.com>"
27__date__ = "$27-jul-2018 23:59:59$"
28
29from http import HTTPStatus
30
31
32class AuthException(Exception):
33 """
34 Authentication error.
35 """
36 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]37 super(AuthException, self).__init__(message)
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]38 self.http_code = http_code
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]39
40
41class AuthconnException(Exception):
42 """
43 Common and base class Exception for all authconn exceptions.
44 """
45 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]46 super(AuthconnException, self).__init__(message)
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]47 self.http_code = http_code
48
49
50class AuthconnConnectionException(AuthconnException):
51 """
52 Connectivity error with Auth backend.
53 """
54 def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]55 super(AuthconnConnectionException, self).__init__(message, http_code)
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]56
57
58class AuthconnNotSupportedException(AuthconnException):
59 """
60 The request is not supported by the Auth backend.
61 """
62 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]63 super(AuthconnNotSupportedException, self).__init__(message, http_code)
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]64
65
66class AuthconnNotImplementedException(AuthconnException):
67 """
68 The method is not implemented by the Auth backend.
69 """
70 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]71 super(AuthconnNotImplementedException, self).__init__(message, http_code)
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]72
73
74class AuthconnOperationException(AuthconnException):
75 """
76 The operation executed failed.
77 """
78 def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]79 super(AuthconnOperationException, self).__init__(message, http_code)
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]80
81
82class Authconn:
83 """
84 Abstract base class for all the Auth backend connector plugins.
85 Each Auth backend connector plugin must be a subclass of
86 Authconn class.
87 """
88 def __init__(self, config):
89 """
90 Constructor of the Authconn class.
91
92 Note: each subclass
93
94 :param config: configuration dictionary containing all the
95 necessary configuration parameters.
96 """
97 self.config = config
98
tierno38dcfeb2019-06-10 16:44:00 +0000[diff] [blame^]99 def authenticate(self, user, password, project=None, token=None):
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]100 """
tierno38dcfeb2019-06-10 16:44:00 +0000[diff] [blame^]101 Authenticate a user using username/password or token, plus project
102 :param user: user: name, id or None
103 :param password: password or None
104 :param project: name, id, or None. If None first found project will be used to get an scope token
105 :param token: previous token to obtain authorization
106 :return: the scoped token info or raises an exception. The token is a dictionary with:
107 _id: token string id,
108 username: username,
109 project_id: scoped_token project_id,
110 project_name: scoped_token project_name,
111 expires: epoch time when it expires,
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]112
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]113 """
114 raise AuthconnNotImplementedException("Should have implemented this")
115
tierno38dcfeb2019-06-10 16:44:00 +0000[diff] [blame^]116 # def authenticate_with_token(self, token, project=None):
117 # """
118 # Authenticate a user using a token. Can be used to revalidate the token
119 # or to get a scoped token.
120 #
121 # :param token: a valid token.
122 # :param project: (optional) project for a scoped token.
123 # :return: return a revalidated token, scoped if a project was passed or
124 # the previous token was already scoped.
125 # """
126 # raise AuthconnNotImplementedException("Should have implemented this")
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]127
128 def validate_token(self, token):
129 """
130 Check if the token is valid.
131
132 :param token: token to validate
133 :return: dictionary with information associated with the token. If the
134 token is not valid, returns None.
135 """
136 raise AuthconnNotImplementedException("Should have implemented this")
137
138 def revoke_token(self, token):
139 """
140 Invalidate a token.
141
142 :param token: token to be revoked
143 """
144 raise AuthconnNotImplementedException("Should have implemented this")
145
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]146 def get_user_project_list(self, token):
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]147 """
148 Get all the projects associated with a user.
149
150 :param token: valid token
151 :return: list of projects
152 """
153 raise AuthconnNotImplementedException("Should have implemented this")
154
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]155 def get_user_role_list(self, token):
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]156 """
157 Get role list for a scoped project.
158
159 :param token: scoped token.
160 :return: returns the list of roles for the user in that project. If
161 the token is unscoped it returns None.
162 """
163 raise AuthconnNotImplementedException("Should have implemented this")
164
165 def create_user(self, user, password):
166 """
167 Create a user.
168
169 :param user: username.
170 :param password: password.
171 :raises AuthconnOperationException: if user creation failed.
172 """
173 raise AuthconnNotImplementedException("Should have implemented this")
174
175 def change_password(self, user, new_password):
176 """
177 Change the user password.
178
179 :param user: username.
180 :param new_password: new password.
181 :raises AuthconnOperationException: if user password change failed.
182 """
183 raise AuthconnNotImplementedException("Should have implemented this")
184
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]185 def delete_user(self, user_id):
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]186 """
187 Delete user.
188
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]189 :param user_id: user identifier.
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]190 :raises AuthconnOperationException: if user deletion failed.
191 """
192 raise AuthconnNotImplementedException("Should have implemented this")
193
Eduardo Sousa2d5a5152019-05-20 15:41:54 +0100[diff] [blame]194 def get_user_list(self, filter_q={}):
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]195 """
196 Get user list.
197
Eduardo Sousa2d5a5152019-05-20 15:41:54 +0100[diff] [blame]198 :param filter_q: dictionary to filter user list.
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]199 :return: returns a list of users.
200 """
201
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]202 def create_role(self, role):
203 """
204 Create a role.
205
206 :param role: role name.
207 :raises AuthconnOperationException: if role creation failed.
208 """
209 raise AuthconnNotImplementedException("Should have implemented this")
210
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]211 def delete_role(self, role_id):
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]212 """
213 Delete a role.
214
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]215 :param role_id: role identifier.
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]216 :raises AuthconnOperationException: if user deletion failed.
217 """
218 raise AuthconnNotImplementedException("Should have implemented this")
219
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]220 def get_role_list(self):
221 """
222 Get all the roles.
223
224 :return: list of roles
225 """
226 raise AuthconnNotImplementedException("Should have implemented this")
227
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]228 def create_project(self, project):
229 """
230 Create a project.
231
232 :param project: project name.
tierno4015b472019-06-10 13:57:29 +0000[diff] [blame]233 :return: the internal id of the created project
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]234 :raises AuthconnOperationException: if project creation failed.
235 """
236 raise AuthconnNotImplementedException("Should have implemented this")
237
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]238 def delete_project(self, project_id):
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]239 """
240 Delete a project.
241
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]242 :param project_id: project identifier.
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]243 :raises AuthconnOperationException: if project deletion failed.
244 """
245 raise AuthconnNotImplementedException("Should have implemented this")
246
tierno38dcfeb2019-06-10 16:44:00 +0000[diff] [blame^]247 def get_project_list(self, filter_q=None):
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]248 """
249 Get all the projects.
250
tierno38dcfeb2019-06-10 16:44:00 +0000[diff] [blame^]251 :param filter_q: dictionary to filter project list, by "name" and/or "_id"
Eduardo Sousa5c01e192019-05-08 02:35:47 +0100[diff] [blame]252 :return: list of projects
253 """
254 raise AuthconnNotImplementedException("Should have implemented this")
255
tierno4015b472019-06-10 13:57:29 +0000[diff] [blame]256 def update_project(self, project_id, new_name):
257 """
258 Change the name of a project
259 :param project_id: project to be changed
260 :param new_name: new name
261 :return: None
262 """
263 raise AuthconnNotImplementedException("Should have implemented this")
264
Eduardo Sousa819d34c2018-07-31 01:20:02 +0100[diff] [blame]265 def assign_role_to_user(self, user, project, role):
266 """
267 Assigning a role to a user in a project.
268
269 :param user: username.
270 :param project: project name.
271 :param role: role name.
272 :raises AuthconnOperationException: if role assignment failed.
273 """
274 raise AuthconnNotImplementedException("Should have implemented this")
275
276 def remove_role_from_user(self, user, project, role):
277 """
278 Remove a role from a user in a project.
279
280 :param user: username.
281 :param project: project name.
282 :param role: role name.
283 :raises AuthconnOperationException: if role assignment revocation failed.
284 """
285 raise AuthconnNotImplementedException("Should have implemented this")