1 # -*- coding: utf-8 -*-
3 # Copyright 2018 Whitestack, LLC
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
6 # not use this file except in compliance with the License. You may obtain
7 # a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 # License for the specific language governing permissions and limitations
17 # For those usages not covered by the Apache License, Version 2.0 please
18 # contact: esousa@whitestack.com or glavado@whitestack.com
22 Authconn implements an Abstract class for the Auth backend connector
23 plugins with the definition of the methods to be implemented.
26 __author__
= "Eduardo Sousa <esousa@whitestack.com>"
27 __date__
= "$27-jul-2018 23:59:59$"
29 from http
import HTTPStatus
32 class AuthException(Exception):
34 Authentication error, because token, user password not recognized
36 def __init__(self
, message
, http_code
=HTTPStatus
.UNAUTHORIZED
):
37 super(AuthException
, self
).__init
__(message
)
38 self
.http_code
= http_code
41 class AuthExceptionUnauthorized(AuthException
):
43 Authentication error, because not having rights to make this operation
48 class AuthconnException(Exception):
50 Common and base class Exception for all authconn exceptions.
52 def __init__(self
, message
, http_code
=HTTPStatus
.UNAUTHORIZED
):
53 super(AuthconnException
, self
).__init
__(message
)
54 self
.http_code
= http_code
57 class AuthconnConnectionException(AuthconnException
):
59 Connectivity error with Auth backend.
61 def __init__(self
, message
, http_code
=HTTPStatus
.BAD_GATEWAY
):
62 super(AuthconnConnectionException
, self
).__init
__(message
, http_code
)
65 class AuthconnNotSupportedException(AuthconnException
):
67 The request is not supported by the Auth backend.
69 def __init__(self
, message
, http_code
=HTTPStatus
.NOT_IMPLEMENTED
):
70 super(AuthconnNotSupportedException
, self
).__init
__(message
, http_code
)
73 class AuthconnNotImplementedException(AuthconnException
):
75 The method is not implemented by the Auth backend.
77 def __init__(self
, message
, http_code
=HTTPStatus
.NOT_IMPLEMENTED
):
78 super(AuthconnNotImplementedException
, self
).__init
__(message
, http_code
)
81 class AuthconnOperationException(AuthconnException
):
83 The operation executed failed.
85 def __init__(self
, message
, http_code
=HTTPStatus
.INTERNAL_SERVER_ERROR
):
86 super(AuthconnOperationException
, self
).__init
__(message
, http_code
)
89 class AuthconnNotFoundException(AuthconnException
):
91 The operation executed failed because element not found.
93 def __init__(self
, message
, http_code
=HTTPStatus
.NOT_FOUND
):
94 super().__init
__(message
, http_code
)
97 class AuthconnConflictException(AuthconnException
):
99 The operation has conflicts.
101 def __init__(self
, message
, http_code
=HTTPStatus
.CONFLICT
):
102 super().__init
__(message
, http_code
)
107 Abstract base class for all the Auth backend connector plugins.
108 Each Auth backend connector plugin must be a subclass of
111 def __init__(self
, config
):
113 Constructor of the Authconn class.
117 :param config: configuration dictionary containing all the
118 necessary configuration parameters.
122 def authenticate(self
, user
, password
, project
=None, token_info
=None):
124 Authenticate a user using username/password or token_info, plus project
125 :param user: user: name, id or None
126 :param password: password or None
127 :param project: name, id, or None. If None first found project will be used to get an scope token
128 :param token_info: previous token_info to obtain authorization
129 :return: the scoped token info or raises an exception. The token is a dictionary with:
130 _id: token string id,
132 project_id: scoped_token project_id,
133 project_name: scoped_token project_name,
134 expires: epoch time when it expires,
137 raise AuthconnNotImplementedException("Should have implemented this")
139 # def authenticate_with_token(self, token, project=None):
141 # Authenticate a user using a token. Can be used to revalidate the token
142 # or to get a scoped token.
144 # :param token: a valid token.
145 # :param project: (optional) project for a scoped token.
146 # :return: return a revalidated token, scoped if a project was passed or
147 # the previous token was already scoped.
149 # raise AuthconnNotImplementedException("Should have implemented this")
151 def validate_token(self
, token
):
153 Check if the token is valid.
155 :param token: token to validate
156 :return: dictionary with information associated with the token. If the
157 token is not valid, returns None.
159 raise AuthconnNotImplementedException("Should have implemented this")
161 def revoke_token(self
, token
):
165 :param token: token to be revoked
167 raise AuthconnNotImplementedException("Should have implemented this")
169 def get_user_project_list(self
, token
):
171 Get all the projects associated with a user.
173 :param token: valid token
174 :return: list of projects
176 raise AuthconnNotImplementedException("Should have implemented this")
178 def get_user_role_list(self
, token
):
180 Get role list for a scoped project.
182 :param token: scoped token.
183 :return: returns the list of roles for the user in that project. If
184 the token is unscoped it returns None.
186 raise AuthconnNotImplementedException("Should have implemented this")
188 def create_user(self
, user
, password
):
192 :param user: username.
193 :param password: password.
194 :raises AuthconnOperationException: if user creation failed.
196 raise AuthconnNotImplementedException("Should have implemented this")
198 def update_user(self
, user
, new_name
=None, new_password
=None):
200 Change the user name and/or password.
202 :param user: username or user_id
203 :param new_name: new name
204 :param new_password: new password.
205 :raises AuthconnOperationException: if change failed.
207 raise AuthconnNotImplementedException("Should have implemented this")
209 def delete_user(self
, user_id
):
213 :param user_id: user identifier.
214 :raises AuthconnOperationException: if user deletion failed.
216 raise AuthconnNotImplementedException("Should have implemented this")
218 def get_user_list(self
, filter_q
=None):
222 :param filter_q: dictionary to filter user list by name (username is also admited) and/or _id
223 :return: returns a list of users.
226 def create_role(self
, role
):
230 :param role: role name.
231 :raises AuthconnOperationException: if role creation failed.
233 raise AuthconnNotImplementedException("Should have implemented this")
235 def delete_role(self
, role_id
):
239 :param role_id: role identifier.
240 :raises AuthconnOperationException: if user deletion failed.
242 raise AuthconnNotImplementedException("Should have implemented this")
244 def get_role_list(self
, filter_q
=None):
248 :param filter_q: dictionary to filter role list by _id and/or name.
249 :return: list of roles
251 raise AuthconnNotImplementedException("Should have implemented this")
253 def update_role(self
, role
, new_name
):
255 Change the name of a role
256 :param role: role name or id to be changed
257 :param new_name: new name
260 raise AuthconnNotImplementedException("Should have implemented this")
262 def create_project(self
, project
):
266 :param project: project name.
267 :return: the internal id of the created project
268 :raises AuthconnOperationException: if project creation failed.
270 raise AuthconnNotImplementedException("Should have implemented this")
272 def delete_project(self
, project_id
):
276 :param project_id: project identifier.
277 :raises AuthconnOperationException: if project deletion failed.
279 raise AuthconnNotImplementedException("Should have implemented this")
281 def get_project_list(self
, filter_q
=None):
283 Get all the projects.
285 :param filter_q: dictionary to filter project list, by "name" and/or "_id"
286 :return: list of projects
288 raise AuthconnNotImplementedException("Should have implemented this")
290 def update_project(self
, project_id
, new_name
):
292 Change the name of a project
293 :param project_id: project to be changed
294 :param new_name: new name
297 raise AuthconnNotImplementedException("Should have implemented this")
299 def assign_role_to_user(self
, user
, project
, role
):
301 Assigning a role to a user in a project.
303 :param user: username.
304 :param project: project name.
305 :param role: role name.
306 :raises AuthconnOperationException: if role assignment failed.
308 raise AuthconnNotImplementedException("Should have implemented this")
310 def remove_role_from_user(self
, user
, project
, role
):
312 Remove a role from a user in a project.
314 :param user: username.
315 :param project: project name.
316 :param role: role name.
317 :raises AuthconnOperationException: if role assignment revocation failed.
319 raise AuthconnNotImplementedException("Should have implemented this")