projects / osm / NBI.git / blob
? search:


2780d59ad811488c5e6c28f762618ea51a9d9bd7
[osm/NBI.git] / osm_nbi / authconn.py
1 # -*- coding: utf-8 -*-
2
3 # Copyright 2018 Whitestack, LLC
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
6 # not use this file except in compliance with the License. You may obtain
7 # a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 # License for the specific language governing permissions and limitations
15 # under the License.
16 #
17 # For those usages not covered by the Apache License, Version 2.0 please
18 # contact: esousa@whitestack.com or glavado@whitestack.com
19 ##
20
21 """
22 Authconn implements an Abstract class for the Auth backend connector
23 plugins with the definition of the methods to be implemented.
24 """
25
26 __author__ = "Eduardo Sousa <esousa@whitestack.com>"
27 __date__ = "$27-jul-2018 23:59:59$"
28
29 from http import HTTPStatus
30
31
32 class AuthException(Exception):
33 """
34 Authentication error.
35 """
36 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
37 super(AuthException, self).__init__(message)
38 self.http_code = http_code
39
40
41 class AuthconnException(Exception):
42 """
43 Common and base class Exception for all authconn exceptions.
44 """
45 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
46 super(AuthconnException, self).__init__(message)
47 self.http_code = http_code
48
49
50 class AuthconnConnectionException(AuthconnException):
51 """
52 Connectivity error with Auth backend.
53 """
54 def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
55 super(AuthconnConnectionException, self).__init__(message, http_code)
56
57
58 class AuthconnNotSupportedException(AuthconnException):
59 """
60 The request is not supported by the Auth backend.
61 """
62 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
63 super(AuthconnNotSupportedException, self).__init__(message, http_code)
64
65
66 class AuthconnNotImplementedException(AuthconnException):
67 """
68 The method is not implemented by the Auth backend.
69 """
70 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
71 super(AuthconnNotImplementedException, self).__init__(message, http_code)
72
73
74 class AuthconnOperationException(AuthconnException):
75 """
76 The operation executed failed.
77 """
78 def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
79 super(AuthconnOperationException, self).__init__(message, http_code)
80
81
82 class Authconn:
83 """
84 Abstract base class for all the Auth backend connector plugins.
85 Each Auth backend connector plugin must be a subclass of
86 Authconn class.
87 """
88 def __init__(self, config):
89 """
90 Constructor of the Authconn class.
91
92 Note: each subclass
93
94 :param config: configuration dictionary containing all the
95 necessary configuration parameters.
96 """
97 self.config = config
98
99 def authenticate(self, user, password, project=None, token=None):
100 """
101 Authenticate a user using username/password or token, plus project
102 :param user: user: name, id or None
103 :param password: password or None
104 :param project: name, id, or None. If None first found project will be used to get an scope token
105 :param token: previous token to obtain authorization
106 :return: the scoped token info or raises an exception. The token is a dictionary with:
107 _id: token string id,
108 username: username,
109 project_id: scoped_token project_id,
110 project_name: scoped_token project_name,
111 expires: epoch time when it expires,
112
113 """
114 raise AuthconnNotImplementedException("Should have implemented this")
115
116 # def authenticate_with_token(self, token, project=None):
117 # """
118 # Authenticate a user using a token. Can be used to revalidate the token
119 # or to get a scoped token.
120 #
121 # :param token: a valid token.
122 # :param project: (optional) project for a scoped token.
123 # :return: return a revalidated token, scoped if a project was passed or
124 # the previous token was already scoped.
125 # """
126 # raise AuthconnNotImplementedException("Should have implemented this")
127
128 def validate_token(self, token):
129 """
130 Check if the token is valid.
131
132 :param token: token to validate
133 :return: dictionary with information associated with the token. If the
134 token is not valid, returns None.
135 """
136 raise AuthconnNotImplementedException("Should have implemented this")
137
138 def revoke_token(self, token):
139 """
140 Invalidate a token.
141
142 :param token: token to be revoked
143 """
144 raise AuthconnNotImplementedException("Should have implemented this")
145
146 def get_user_project_list(self, token):
147 """
148 Get all the projects associated with a user.
149
150 :param token: valid token
151 :return: list of projects
152 """
153 raise AuthconnNotImplementedException("Should have implemented this")
154
155 def get_user_role_list(self, token):
156 """
157 Get role list for a scoped project.
158
159 :param token: scoped token.
160 :return: returns the list of roles for the user in that project. If
161 the token is unscoped it returns None.
162 """
163 raise AuthconnNotImplementedException("Should have implemented this")
164
165 def create_user(self, user, password):
166 """
167 Create a user.
168
169 :param user: username.
170 :param password: password.
171 :raises AuthconnOperationException: if user creation failed.
172 """
173 raise AuthconnNotImplementedException("Should have implemented this")
174
175 def change_password(self, user, new_password):
176 """
177 Change the user password.
178
179 :param user: username.
180 :param new_password: new password.
181 :raises AuthconnOperationException: if user password change failed.
182 """
183 raise AuthconnNotImplementedException("Should have implemented this")
184
185 def delete_user(self, user_id):
186 """
187 Delete user.
188
189 :param user_id: user identifier.
190 :raises AuthconnOperationException: if user deletion failed.
191 """
192 raise AuthconnNotImplementedException("Should have implemented this")
193
194 def get_user_list(self, filter_q={}):
195 """
196 Get user list.
197
198 :param filter_q: dictionary to filter user list.
199 :return: returns a list of users.
200 """
201
202 def create_role(self, role):
203 """
204 Create a role.
205
206 :param role: role name.
207 :raises AuthconnOperationException: if role creation failed.
208 """
209 raise AuthconnNotImplementedException("Should have implemented this")
210
211 def delete_role(self, role_id):
212 """
213 Delete a role.
214
215 :param role_id: role identifier.
216 :raises AuthconnOperationException: if user deletion failed.
217 """
218 raise AuthconnNotImplementedException("Should have implemented this")
219
220 def get_role_list(self):
221 """
222 Get all the roles.
223
224 :return: list of roles
225 """
226 raise AuthconnNotImplementedException("Should have implemented this")
227
228 def create_project(self, project):
229 """
230 Create a project.
231
232 :param project: project name.
233 :return: the internal id of the created project
234 :raises AuthconnOperationException: if project creation failed.
235 """
236 raise AuthconnNotImplementedException("Should have implemented this")
237
238 def delete_project(self, project_id):
239 """
240 Delete a project.
241
242 :param project_id: project identifier.
243 :raises AuthconnOperationException: if project deletion failed.
244 """
245 raise AuthconnNotImplementedException("Should have implemented this")
246
247 def get_project_list(self, filter_q=None):
248 """
249 Get all the projects.
250
251 :param filter_q: dictionary to filter project list, by "name" and/or "_id"
252 :return: list of projects
253 """
254 raise AuthconnNotImplementedException("Should have implemented this")
255
256 def update_project(self, project_id, new_name):
257 """
258 Change the name of a project
259 :param project_id: project to be changed
260 :param new_name: new name
261 :return: None
262 """
263 raise AuthconnNotImplementedException("Should have implemented this")
264
265 def assign_role_to_user(self, user, project, role):
266 """
267 Assigning a role to a user in a project.
268
269 :param user: username.
270 :param project: project name.
271 :param role: role name.
272 :raises AuthconnOperationException: if role assignment failed.
273 """
274 raise AuthconnNotImplementedException("Should have implemented this")
275
276 def remove_role_from_user(self, user, project, role):
277 """
278 Remove a role from a user in a project.
279
280 :param user: username.
281 :param project: project name.
282 :param role: role name.
283 :raises AuthconnOperationException: if role assignment revocation failed.
284 """
285 raise AuthconnNotImplementedException("Should have implemented this")