projects / osm / NBI.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix bugs 747 757: fix user-update interface for RBAC+keystone
[osm/NBI.git] / osm_nbi / authconn.py
1 # -*- coding: utf-8 -*-
2
3 # Copyright 2018 Whitestack, LLC
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
6 # not use this file except in compliance with the License. You may obtain
7 # a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 # License for the specific language governing permissions and limitations
15 # under the License.
16 #
17 # For those usages not covered by the Apache License, Version 2.0 please
18 # contact: esousa@whitestack.com or glavado@whitestack.com
19 ##
20
21 """
22 Authconn implements an Abstract class for the Auth backend connector
23 plugins with the definition of the methods to be implemented.
24 """
25
26 __author__ = "Eduardo Sousa <esousa@whitestack.com>"
27 __date__ = "$27-jul-2018 23:59:59$"
28
29 from http import HTTPStatus
30
31
32 class AuthException(Exception):
33 """
34 Authentication error.
35 """
36 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
37 super(AuthException, self).__init__(message)
38 self.http_code = http_code
39
40
41 class AuthconnException(Exception):
42 """
43 Common and base class Exception for all authconn exceptions.
44 """
45 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
46 super(AuthconnException, self).__init__(message)
47 self.http_code = http_code
48
49
50 class AuthconnConnectionException(AuthconnException):
51 """
52 Connectivity error with Auth backend.
53 """
54 def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
55 super(AuthconnConnectionException, self).__init__(message, http_code)
56
57
58 class AuthconnNotSupportedException(AuthconnException):
59 """
60 The request is not supported by the Auth backend.
61 """
62 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
63 super(AuthconnNotSupportedException, self).__init__(message, http_code)
64
65
66 class AuthconnNotImplementedException(AuthconnException):
67 """
68 The method is not implemented by the Auth backend.
69 """
70 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
71 super(AuthconnNotImplementedException, self).__init__(message, http_code)
72
73
74 class AuthconnOperationException(AuthconnException):
75 """
76 The operation executed failed.
77 """
78 def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
79 super(AuthconnOperationException, self).__init__(message, http_code)
80
81
82 class AuthconnNotFoundException(AuthconnException):
83 """
84 The operation executed failed because element not found.
85 """
86 def __init__(self, message, http_code=HTTPStatus.NOT_FOUND):
87 super().__init__(message, http_code)
88
89
90 class Authconn:
91 """
92 Abstract base class for all the Auth backend connector plugins.
93 Each Auth backend connector plugin must be a subclass of
94 Authconn class.
95 """
96 def __init__(self, config):
97 """
98 Constructor of the Authconn class.
99
100 Note: each subclass
101
102 :param config: configuration dictionary containing all the
103 necessary configuration parameters.
104 """
105 self.config = config
106
107 def authenticate(self, user, password, project=None, token=None):
108 """
109 Authenticate a user using username/password or token, plus project
110 :param user: user: name, id or None
111 :param password: password or None
112 :param project: name, id, or None. If None first found project will be used to get an scope token
113 :param token: previous token to obtain authorization
114 :return: the scoped token info or raises an exception. The token is a dictionary with:
115 _id: token string id,
116 username: username,
117 project_id: scoped_token project_id,
118 project_name: scoped_token project_name,
119 expires: epoch time when it expires,
120
121 """
122 raise AuthconnNotImplementedException("Should have implemented this")
123
124 # def authenticate_with_token(self, token, project=None):
125 # """
126 # Authenticate a user using a token. Can be used to revalidate the token
127 # or to get a scoped token.
128 #
129 # :param token: a valid token.
130 # :param project: (optional) project for a scoped token.
131 # :return: return a revalidated token, scoped if a project was passed or
132 # the previous token was already scoped.
133 # """
134 # raise AuthconnNotImplementedException("Should have implemented this")
135
136 def validate_token(self, token):
137 """
138 Check if the token is valid.
139
140 :param token: token to validate
141 :return: dictionary with information associated with the token. If the
142 token is not valid, returns None.
143 """
144 raise AuthconnNotImplementedException("Should have implemented this")
145
146 def revoke_token(self, token):
147 """
148 Invalidate a token.
149
150 :param token: token to be revoked
151 """
152 raise AuthconnNotImplementedException("Should have implemented this")
153
154 def get_user_project_list(self, token):
155 """
156 Get all the projects associated with a user.
157
158 :param token: valid token
159 :return: list of projects
160 """
161 raise AuthconnNotImplementedException("Should have implemented this")
162
163 def get_user_role_list(self, token):
164 """
165 Get role list for a scoped project.
166
167 :param token: scoped token.
168 :return: returns the list of roles for the user in that project. If
169 the token is unscoped it returns None.
170 """
171 raise AuthconnNotImplementedException("Should have implemented this")
172
173 def create_user(self, user, password):
174 """
175 Create a user.
176
177 :param user: username.
178 :param password: password.
179 :raises AuthconnOperationException: if user creation failed.
180 """
181 raise AuthconnNotImplementedException("Should have implemented this")
182
183 def update_user(self, user, new_name=None, new_password=None):
184 """
185 Change the user name and/or password.
186
187 :param user: username or user_id
188 :param new_name: new name
189 :param new_password: new password.
190 :raises AuthconnOperationException: if change failed.
191 """
192 raise AuthconnNotImplementedException("Should have implemented this")
193
194 def delete_user(self, user_id):
195 """
196 Delete user.
197
198 :param user_id: user identifier.
199 :raises AuthconnOperationException: if user deletion failed.
200 """
201 raise AuthconnNotImplementedException("Should have implemented this")
202
203 def get_user_list(self, filter_q=None):
204 """
205 Get user list.
206
207 :param filter_q: dictionary to filter user list by name (username is also admited) and/or _id
208 :return: returns a list of users.
209 """
210
211 def create_role(self, role):
212 """
213 Create a role.
214
215 :param role: role name.
216 :raises AuthconnOperationException: if role creation failed.
217 """
218 raise AuthconnNotImplementedException("Should have implemented this")
219
220 def delete_role(self, role_id):
221 """
222 Delete a role.
223
224 :param role_id: role identifier.
225 :raises AuthconnOperationException: if user deletion failed.
226 """
227 raise AuthconnNotImplementedException("Should have implemented this")
228
229 def get_role_list(self):
230 """
231 Get all the roles.
232
233 :return: list of roles
234 """
235 raise AuthconnNotImplementedException("Should have implemented this")
236
237 def create_project(self, project):
238 """
239 Create a project.
240
241 :param project: project name.
242 :return: the internal id of the created project
243 :raises AuthconnOperationException: if project creation failed.
244 """
245 raise AuthconnNotImplementedException("Should have implemented this")
246
247 def delete_project(self, project_id):
248 """
249 Delete a project.
250
251 :param project_id: project identifier.
252 :raises AuthconnOperationException: if project deletion failed.
253 """
254 raise AuthconnNotImplementedException("Should have implemented this")
255
256 def get_project_list(self, filter_q=None):
257 """
258 Get all the projects.
259
260 :param filter_q: dictionary to filter project list, by "name" and/or "_id"
261 :return: list of projects
262 """
263 raise AuthconnNotImplementedException("Should have implemented this")
264
265 def update_project(self, project_id, new_name):
266 """
267 Change the name of a project
268 :param project_id: project to be changed
269 :param new_name: new name
270 :return: None
271 """
272 raise AuthconnNotImplementedException("Should have implemented this")
273
274 def assign_role_to_user(self, user, project, role):
275 """
276 Assigning a role to a user in a project.
277
278 :param user: username.
279 :param project: project name.
280 :param role: role name.
281 :raises AuthconnOperationException: if role assignment failed.
282 """
283 raise AuthconnNotImplementedException("Should have implemented this")
284
285 def remove_role_from_user(self, user, project, role):
286 """
287 Remove a role from a user in a project.
288
289 :param user: username.
290 :param project: project name.
291 :param role: role name.
292 :raises AuthconnOperationException: if role assignment revocation failed.
293 """
294 raise AuthconnNotImplementedException("Should have implemented this")