1 # -*- coding: utf-8 -*-
3 # Copyright 2018 Whitestack, LLC
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
6 # not use this file except in compliance with the License. You may obtain
7 # a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 # License for the specific language governing permissions and limitations
17 # For those usages not covered by the Apache License, Version 2.0 please
18 # contact: esousa@whitestack.com or glavado@whitestack.com
22 Authconn implements an Abstract class for the Auth backend connector
23 plugins with the definition of the methods to be implemented.
26 __author__
= "Eduardo Sousa <esousa@whitestack.com>"
27 __date__
= "$27-jul-2018 23:59:59$"
29 from http
import HTTPStatus
32 class AuthException(Exception):
36 def __init__(self
, message
, http_code
=HTTPStatus
.UNAUTHORIZED
):
37 self
.http_code
= http_code
38 Exception.__init
__(self
, message
)
41 class AuthconnException(Exception):
43 Common and base class Exception for all authconn exceptions.
45 def __init__(self
, message
, http_code
=HTTPStatus
.UNAUTHORIZED
):
46 Exception.__init
__(message
)
47 self
.http_code
= http_code
50 class AuthconnConnectionException(AuthconnException
):
52 Connectivity error with Auth backend.
54 def __init__(self
, message
, http_code
=HTTPStatus
.BAD_GATEWAY
):
55 AuthconnException
.__init
__(self
, message
, http_code
)
58 class AuthconnNotSupportedException(AuthconnException
):
60 The request is not supported by the Auth backend.
62 def __init__(self
, message
, http_code
=HTTPStatus
.NOT_IMPLEMENTED
):
63 AuthconnException
.__init
__(self
, message
, http_code
)
66 class AuthconnNotImplementedException(AuthconnException
):
68 The method is not implemented by the Auth backend.
70 def __init__(self
, message
, http_code
=HTTPStatus
.NOT_IMPLEMENTED
):
71 AuthconnException
.__init
__(self
, message
, http_code
)
74 class AuthconnOperationException(AuthconnException
):
76 The operation executed failed.
78 def __init__(self
, message
, http_code
=HTTPStatus
.INTERNAL_SERVER_ERROR
):
79 AuthconnException
.__init
__(self
, message
, http_code
)
84 Abstract base class for all the Auth backend connector plugins.
85 Each Auth backend connector plugin must be a subclass of
88 def __init__(self
, config
):
90 Constructor of the Authconn class.
94 :param config: configuration dictionary containing all the
95 necessary configuration parameters.
99 def authenticate_with_user_password(self
, user
, password
):
101 Authenticate a user using username and password.
103 :param user: username
104 :param password: password
105 :return: an unscoped token that grants access to project list
107 raise AuthconnNotImplementedException("Should have implemented this")
109 def authenticate_with_token(self
, token
, project
=None):
111 Authenticate a user using a token. Can be used to revalidate the token
112 or to get a scoped token.
114 :param token: a valid token.
115 :param project: (optional) project for a scoped token.
116 :return: return a revalidated token, scoped if a project was passed or
117 the previous token was already scoped.
119 raise AuthconnNotImplementedException("Should have implemented this")
121 def validate_token(self
, token
):
123 Check if the token is valid.
125 :param token: token to validate
126 :return: dictionary with information associated with the token. If the
127 token is not valid, returns None.
129 raise AuthconnNotImplementedException("Should have implemented this")
131 def revoke_token(self
, token
):
135 :param token: token to be revoked
137 raise AuthconnNotImplementedException("Should have implemented this")
139 def get_project_list(self
, token
):
141 Get all the projects associated with a user.
143 :param token: valid token
144 :return: list of projects
146 raise AuthconnNotImplementedException("Should have implemented this")
148 def get_role_list(self
, token
):
150 Get role list for a scoped project.
152 :param token: scoped token.
153 :return: returns the list of roles for the user in that project. If
154 the token is unscoped it returns None.
156 raise AuthconnNotImplementedException("Should have implemented this")
158 def create_user(self
, user
, password
):
162 :param user: username.
163 :param password: password.
164 :raises AuthconnOperationException: if user creation failed.
166 raise AuthconnNotImplementedException("Should have implemented this")
168 def change_password(self
, user
, new_password
):
170 Change the user password.
172 :param user: username.
173 :param new_password: new password.
174 :raises AuthconnOperationException: if user password change failed.
176 raise AuthconnNotImplementedException("Should have implemented this")
178 def delete_user(self
, user
):
182 :param user: username.
183 :raises AuthconnOperationException: if user deletion failed.
185 raise AuthconnNotImplementedException("Should have implemented this")
187 def create_role(self
, role
):
191 :param role: role name.
192 :raises AuthconnOperationException: if role creation failed.
194 raise AuthconnNotImplementedException("Should have implemented this")
196 def delete_role(self
, role
):
200 :param role: role name.
201 :raises AuthconnOperationException: if user deletion failed.
203 raise AuthconnNotImplementedException("Should have implemented this")
205 def create_project(self
, project
):
209 :param project: project name.
210 :raises AuthconnOperationException: if project creation failed.
212 raise AuthconnNotImplementedException("Should have implemented this")
214 def delete_project(self
, project
):
218 :param project: project name.
219 :raises AuthconnOperationException: if project deletion failed.
221 raise AuthconnNotImplementedException("Should have implemented this")
223 def assign_role_to_user(self
, user
, project
, role
):
225 Assigning a role to a user in a project.
227 :param user: username.
228 :param project: project name.
229 :param role: role name.
230 :raises AuthconnOperationException: if role assignment failed.
232 raise AuthconnNotImplementedException("Should have implemented this")
234 def remove_role_from_user(self
, user
, project
, role
):
236 Remove a role from a user in a project.
238 :param user: username.
239 :param project: project name.
240 :param role: role name.
241 :raises AuthconnOperationException: if role assignment revocation failed.
243 raise AuthconnNotImplementedException("Should have implemented this")