osm_nbi/authconn.py

   1 # -*- coding: utf-8 -*-
   2
   3 # Copyright 2018 Whitestack, LLC
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
   6 # not use this file except in compliance with the License. You may obtain
   7 # a copy of the License at
   8 #
   9 #         http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  14 # License for the specific language governing permissions and limitations
  15 # under the License.
  16 #
  17 # For those usages not covered by the Apache License, Version 2.0 please
  18 # contact: esousa@whitestack.com or glavado@whitestack.com
  19 ##
  20
  21 """
  22 Authconn implements an Abstract class for the Auth backend connector
  23 plugins with the definition of the methods to be implemented.
  24 """
  25
  26 __author__ = "Eduardo Sousa <esousa@whitestack.com>"
  27 __date__ = "$27-jul-2018 23:59:59$"
  28
  29 from http import HTTPStatus
  30
  31
  32 class AuthException(Exception):
  33     """
  34     Authentication error.
  35     """
  36     def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
  37         super(AuthException, self).__init__(message)
  38         self.http_code = http_code
  39
  40
  41 class AuthconnException(Exception):
  42     """
  43     Common and base class Exception for all authconn exceptions.
  44     """
  45     def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
  46         super(AuthconnException, self).__init__(message)
  47         self.http_code = http_code
  48
  49
  50 class AuthconnConnectionException(AuthconnException):
  51     """
  52     Connectivity error with Auth backend.
  53     """
  54     def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
  55         super(AuthconnConnectionException, self).__init__(message, http_code)
  56
  57
  58 class AuthconnNotSupportedException(AuthconnException):
  59     """
  60     The request is not supported by the Auth backend.
  61     """
  62     def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
  63         super(AuthconnNotSupportedException, self).__init__(message, http_code)
  64
  65
  66 class AuthconnNotImplementedException(AuthconnException):
  67     """
  68     The method is not implemented by the Auth backend.
  69     """
  70     def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
  71         super(AuthconnNotImplementedException, self).__init__(message, http_code)
  72
  73
  74 class AuthconnOperationException(AuthconnException):
  75     """
  76     The operation executed failed.
  77     """
  78     def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
  79         super(AuthconnOperationException, self).__init__(message, http_code)
  80
  81
  82 class Authconn:
  83     """
  84     Abstract base class for all the Auth backend connector plugins.
  85     Each Auth backend connector plugin must be a subclass of
  86     Authconn class.
  87     """
  88     def __init__(self, config):
  89         """
  90         Constructor of the Authconn class.
  91
  92         Note: each subclass
  93
  94         :param config: configuration dictionary containing all the
  95         necessary configuration parameters.
  96         """
  97         self.config = config
  98
  99     def authenticate_with_user_password(self, user, password):
 100         """
 101         Authenticate a user using username and password.
 102
 103         :param user: username
 104         :param password: password
 105         :return: an unscoped token that grants access to project list
 106         """
 107         raise AuthconnNotImplementedException("Should have implemented this")
 108
 109     def authenticate_with_token(self, token, project=None):
 110         """
 111         Authenticate a user using a token. Can be used to revalidate the token
 112         or to get a scoped token.
 113
 114         :param token: a valid token.
 115         :param project: (optional) project for a scoped token.
 116         :return: return a revalidated token, scoped if a project was passed or
 117         the previous token was already scoped.
 118         """
 119         raise AuthconnNotImplementedException("Should have implemented this")
 120
 121     def validate_token(self, token):
 122         """
 123         Check if the token is valid.
 124
 125         :param token: token to validate
 126         :return: dictionary with information associated with the token. If the
 127         token is not valid, returns None.
 128         """
 129         raise AuthconnNotImplementedException("Should have implemented this")
 130
 131     def revoke_token(self, token):
 132         """
 133         Invalidate a token.
 134
 135         :param token: token to be revoked
 136         """
 137         raise AuthconnNotImplementedException("Should have implemented this")
 138
 139     def get_user_project_list(self, token):
 140         """
 141         Get all the projects associated with a user.
 142
 143         :param token: valid token
 144         :return: list of projects
 145         """
 146         raise AuthconnNotImplementedException("Should have implemented this")
 147
 148     def get_user_role_list(self, token):
 149         """
 150         Get role list for a scoped project.
 151
 152         :param token: scoped token.
 153         :return: returns the list of roles for the user in that project. If
 154         the token is unscoped it returns None.
 155         """
 156         raise AuthconnNotImplementedException("Should have implemented this")
 157
 158     def create_user(self, user, password):
 159         """
 160         Create a user.
 161
 162         :param user: username.
 163         :param password: password.
 164         :raises AuthconnOperationException: if user creation failed.
 165         """
 166         raise AuthconnNotImplementedException("Should have implemented this")
 167
 168     def change_password(self, user, new_password):
 169         """
 170         Change the user password.
 171
 172         :param user: username.
 173         :param new_password: new password.
 174         :raises AuthconnOperationException: if user password change failed.
 175         """
 176         raise AuthconnNotImplementedException("Should have implemented this")
 177
 178     def delete_user(self, user_id):
 179         """
 180         Delete user.
 181
 182         :param user_id: user identifier.
 183         :raises AuthconnOperationException: if user deletion failed.
 184         """
 185         raise AuthconnNotImplementedException("Should have implemented this")
 186
 187     def get_user_list(self):
 188         """
 189         Get user list.
 190
 191         :return: returns a list of users.
 192         """
 193
 194     def create_role(self, role):
 195         """
 196         Create a role.
 197
 198         :param role: role name.
 199         :raises AuthconnOperationException: if role creation failed.
 200         """
 201         raise AuthconnNotImplementedException("Should have implemented this")
 202
 203     def delete_role(self, role_id):
 204         """
 205         Delete a role.
 206
 207         :param role_id: role identifier.
 208         :raises AuthconnOperationException: if user deletion failed.
 209         """
 210         raise AuthconnNotImplementedException("Should have implemented this")
 211
 212     def get_role_list(self):
 213         """
 214         Get all the roles.
 215
 216         :return: list of roles
 217         """
 218         raise AuthconnNotImplementedException("Should have implemented this")
 219
 220     def create_project(self, project):
 221         """
 222         Create a project.
 223
 224         :param project: project name.
 225         :raises AuthconnOperationException: if project creation failed.
 226         """
 227         raise AuthconnNotImplementedException("Should have implemented this")
 228
 229     def delete_project(self, project_id):
 230         """
 231         Delete a project.
 232
 233         :param project_id: project identifier.
 234         :raises AuthconnOperationException: if project deletion failed.
 235         """
 236         raise AuthconnNotImplementedException("Should have implemented this")
 237
 238     def get_project_list(self):
 239         """
 240         Get all the projects.
 241
 242         :return: list of projects
 243         """
 244         raise AuthconnNotImplementedException("Should have implemented this")
 245
 246     def assign_role_to_user(self, user, project, role):
 247         """
 248         Assigning a role to a user in a project.
 249
 250         :param user: username.
 251         :param project: project name.
 252         :param role: role name.
 253         :raises AuthconnOperationException: if role assignment failed.
 254         """
 255         raise AuthconnNotImplementedException("Should have implemented this")
 256
 257     def remove_role_from_user(self, user, project, role):
 258         """
 259         Remove a role from a user in a project.
 260
 261         :param user: username.
 262         :param project: project name.
 263         :param role: role name.
 264         :raises AuthconnOperationException: if role assignment revocation failed.
 265         """
 266         raise AuthconnNotImplementedException("Should have implemented this")