projects / osm / NBI.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
html output header: return project name instead of id
[osm/NBI.git] / osm_nbi / authconn.py
1 # -*- coding: utf-8 -*-
2
3 # Copyright 2018 Whitestack, LLC
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
6 # not use this file except in compliance with the License. You may obtain
7 # a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 # License for the specific language governing permissions and limitations
15 # under the License.
16 #
17 # For those usages not covered by the Apache License, Version 2.0 please
18 # contact: esousa@whitestack.com or glavado@whitestack.com
19 ##
20
21 """
22 Authconn implements an Abstract class for the Auth backend connector
23 plugins with the definition of the methods to be implemented.
24 """
25
26 __author__ = "Eduardo Sousa <esousa@whitestack.com>"
27 __date__ = "$27-jul-2018 23:59:59$"
28
29 from http import HTTPStatus
30 from base_topic import BaseTopic
31
32
33 class AuthException(Exception):
34 """
35 Authentication error, because token, user password not recognized
36 """
37 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
38 super(AuthException, self).__init__(message)
39 self.http_code = http_code
40
41
42 class AuthExceptionUnauthorized(AuthException):
43 """
44 Authentication error, because not having rights to make this operation
45 """
46 pass
47
48
49 class AuthconnException(Exception):
50 """
51 Common and base class Exception for all authconn exceptions.
52 """
53 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
54 super(AuthconnException, self).__init__(message)
55 self.http_code = http_code
56
57
58 class AuthconnConnectionException(AuthconnException):
59 """
60 Connectivity error with Auth backend.
61 """
62 def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
63 super(AuthconnConnectionException, self).__init__(message, http_code)
64
65
66 class AuthconnNotSupportedException(AuthconnException):
67 """
68 The request is not supported by the Auth backend.
69 """
70 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
71 super(AuthconnNotSupportedException, self).__init__(message, http_code)
72
73
74 class AuthconnNotImplementedException(AuthconnException):
75 """
76 The method is not implemented by the Auth backend.
77 """
78 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
79 super(AuthconnNotImplementedException, self).__init__(message, http_code)
80
81
82 class AuthconnOperationException(AuthconnException):
83 """
84 The operation executed failed.
85 """
86 def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
87 super(AuthconnOperationException, self).__init__(message, http_code)
88
89
90 class AuthconnNotFoundException(AuthconnException):
91 """
92 The operation executed failed because element not found.
93 """
94 def __init__(self, message, http_code=HTTPStatus.NOT_FOUND):
95 super().__init__(message, http_code)
96
97
98 class AuthconnConflictException(AuthconnException):
99 """
100 The operation has conflicts.
101 """
102 def __init__(self, message, http_code=HTTPStatus.CONFLICT):
103 super().__init__(message, http_code)
104
105
106 class Authconn:
107 """
108 Abstract base class for all the Auth backend connector plugins.
109 Each Auth backend connector plugin must be a subclass of
110 Authconn class.
111 """
112 def __init__(self, config, db, token_cache):
113 """
114 Constructor of the Authconn class.
115
116 Note: each subclass
117
118 :param config: configuration dictionary containing all the
119 necessary configuration parameters.
120 """
121 self.config = config
122
123 def authenticate(self, user, password, project=None, token_info=None):
124 """
125 Authenticate a user using username/password or token_info, plus project
126 :param user: user: name, id or None
127 :param password: password or None
128 :param project: name, id, or None. If None first found project will be used to get an scope token
129 :param token_info: previous token_info to obtain authorization
130 :return: the scoped token info or raises an exception. The token is a dictionary with:
131 _id: token string id,
132 username: username,
133 project_id: scoped_token project_id,
134 project_name: scoped_token project_name,
135 expires: epoch time when it expires,
136
137 """
138 raise AuthconnNotImplementedException("Should have implemented this")
139
140 def validate_token(self, token):
141 """
142 Check if the token is valid.
143
144 :param token: token to validate
145 :return: dictionary with information associated with the token. If the
146 token is not valid, returns None.
147 """
148 raise AuthconnNotImplementedException("Should have implemented this")
149
150 def revoke_token(self, token):
151 """
152 Invalidate a token.
153
154 :param token: token to be revoked
155 """
156 raise AuthconnNotImplementedException("Should have implemented this")
157
158 def create_user(self, user_info):
159 """
160 Create a user.
161
162 :param user_info: full user info.
163 :raises AuthconnOperationException: if user creation failed.
164 """
165 raise AuthconnNotImplementedException("Should have implemented this")
166
167 def update_user(self, user_info):
168 """
169 Change the user name and/or password.
170
171 :param user_info: user info modifications
172 :raises AuthconnNotImplementedException: if function not implemented
173 """
174 raise AuthconnNotImplementedException("Should have implemented this")
175
176 def delete_user(self, user_id):
177 """
178 Delete user.
179
180 :param user_id: user identifier.
181 :raises AuthconnOperationException: if user deletion failed.
182 """
183 raise AuthconnNotImplementedException("Should have implemented this")
184
185 def get_user_list(self, filter_q=None):
186 """
187 Get user list.
188
189 :param filter_q: dictionary to filter user list by name (username is also admited) and/or _id
190 :return: returns a list of users.
191 """
192
193 def get_user(self, id, fail=True):
194 filt = {BaseTopic.id_field("users", id): id}
195 users = self.get_user_list(filt)
196 if not users:
197 if fail:
198 raise AuthconnNotFoundException("User with {} not found".format(filt), http_code=HTTPStatus.NOT_FOUND)
199 else:
200 return None
201 return users[0]
202
203 def create_role(self, role_info):
204 """
205 Create a role.
206
207 :param role_info: full role info.
208 :raises AuthconnOperationException: if role creation failed.
209 """
210 raise AuthconnNotImplementedException("Should have implemented this")
211
212 def delete_role(self, role_id):
213 """
214 Delete a role.
215
216 :param role_id: role identifier.
217 :raises AuthconnOperationException: if user deletion failed.
218 """
219 raise AuthconnNotImplementedException("Should have implemented this")
220
221 def get_role_list(self, filter_q=None):
222 """
223 Get all the roles.
224
225 :param filter_q: dictionary to filter role list by _id and/or name.
226 :return: list of roles
227 """
228 raise AuthconnNotImplementedException("Should have implemented this")
229
230 def get_role(self, id, fail=True):
231 filt = {BaseTopic.id_field("roles", id): id}
232 roles = self.get_role_list(filt)
233 if not roles:
234 if fail:
235 raise AuthconnNotFoundException("Role with {} not found".format(filt))
236 else:
237 return None
238 return roles[0]
239
240 def update_role(self, role_info):
241 """
242 Change the information of a role
243 :param role_info: full role info
244 :return: None
245 """
246 raise AuthconnNotImplementedException("Should have implemented this")
247
248 def create_project(self, project_info):
249 """
250 Create a project.
251
252 :param project_info: full project info.
253 :return: the internal id of the created project
254 :raises AuthconnOperationException: if project creation failed.
255 """
256 raise AuthconnNotImplementedException("Should have implemented this")
257
258 def delete_project(self, project_id):
259 """
260 Delete a project.
261
262 :param project_id: project identifier.
263 :raises AuthconnOperationException: if project deletion failed.
264 """
265 raise AuthconnNotImplementedException("Should have implemented this")
266
267 def get_project_list(self, filter_q=None):
268 """
269 Get all the projects.
270
271 :param filter_q: dictionary to filter project list, by "name" and/or "_id"
272 :return: list of projects
273 """
274 raise AuthconnNotImplementedException("Should have implemented this")
275
276 def get_project(self, id, fail=True):
277 filt = {BaseTopic.id_field("projects", id): id}
278 projs = self.get_project_list(filt)
279 if not projs:
280 if fail:
281 raise AuthconnNotFoundException("project with {} not found".format(filt))
282 else:
283 return None
284 return projs[0]
285
286 def update_project(self, project_id, project_info):
287 """
288 Change the information of a project
289 :param project_id: project to be changed
290 :param project_info: full project info
291 :return: None
292 """
293 raise AuthconnNotImplementedException("Should have implemented this")