projects / osm / NBI.git / blob
? search:


b408052d3b762fffea015f8107c4d2f3c633af8b
[osm/NBI.git] / osm_nbi / authconn.py
1 # -*- coding: utf-8 -*-
2
3 # Copyright 2018 Whitestack, LLC
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
6 # not use this file except in compliance with the License. You may obtain
7 # a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 # License for the specific language governing permissions and limitations
15 # under the License.
16 #
17 # For those usages not covered by the Apache License, Version 2.0 please
18 # contact: esousa@whitestack.com or glavado@whitestack.com
19 ##
20
21 """
22 Authconn implements an Abstract class for the Auth backend connector
23 plugins with the definition of the methods to be implemented.
24 """
25
26 __author__ = "Eduardo Sousa <esousa@whitestack.com>"
27 __date__ = "$27-jul-2018 23:59:59$"
28
29 from http import HTTPStatus
30
31
32 class AuthException(Exception):
33 """
34 Authentication error.
35 """
36 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
37 super(AuthException, self).__init__(message)
38 self.http_code = http_code
39
40
41 class AuthconnException(Exception):
42 """
43 Common and base class Exception for all authconn exceptions.
44 """
45 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
46 super(AuthconnException, self).__init__(message)
47 self.http_code = http_code
48
49
50 class AuthconnConnectionException(AuthconnException):
51 """
52 Connectivity error with Auth backend.
53 """
54 def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
55 super(AuthconnConnectionException, self).__init__(message, http_code)
56
57
58 class AuthconnNotSupportedException(AuthconnException):
59 """
60 The request is not supported by the Auth backend.
61 """
62 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
63 super(AuthconnNotSupportedException, self).__init__(message, http_code)
64
65
66 class AuthconnNotImplementedException(AuthconnException):
67 """
68 The method is not implemented by the Auth backend.
69 """
70 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
71 super(AuthconnNotImplementedException, self).__init__(message, http_code)
72
73
74 class AuthconnOperationException(AuthconnException):
75 """
76 The operation executed failed.
77 """
78 def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
79 super(AuthconnOperationException, self).__init__(message, http_code)
80
81
82 class AuthconnNotFoundException(AuthconnException):
83 """
84 The operation executed failed because element not found.
85 """
86 def __init__(self, message, http_code=HTTPStatus.NOT_FOUND):
87 super().__init__(message, http_code)
88
89
90 class AuthconnConflictException(AuthconnException):
91 """
92 The operation has conflicts.
93 """
94 def __init__(self, message, http_code=HTTPStatus.CONFLICT):
95 super().__init__(message, http_code)
96
97
98 class Authconn:
99 """
100 Abstract base class for all the Auth backend connector plugins.
101 Each Auth backend connector plugin must be a subclass of
102 Authconn class.
103 """
104 def __init__(self, config):
105 """
106 Constructor of the Authconn class.
107
108 Note: each subclass
109
110 :param config: configuration dictionary containing all the
111 necessary configuration parameters.
112 """
113 self.config = config
114
115 def authenticate(self, user, password, project=None, token=None):
116 """
117 Authenticate a user using username/password or token, plus project
118 :param user: user: name, id or None
119 :param password: password or None
120 :param project: name, id, or None. If None first found project will be used to get an scope token
121 :param token: previous token to obtain authorization
122 :return: the scoped token info or raises an exception. The token is a dictionary with:
123 _id: token string id,
124 username: username,
125 project_id: scoped_token project_id,
126 project_name: scoped_token project_name,
127 expires: epoch time when it expires,
128
129 """
130 raise AuthconnNotImplementedException("Should have implemented this")
131
132 # def authenticate_with_token(self, token, project=None):
133 # """
134 # Authenticate a user using a token. Can be used to revalidate the token
135 # or to get a scoped token.
136 #
137 # :param token: a valid token.
138 # :param project: (optional) project for a scoped token.
139 # :return: return a revalidated token, scoped if a project was passed or
140 # the previous token was already scoped.
141 # """
142 # raise AuthconnNotImplementedException("Should have implemented this")
143
144 def validate_token(self, token):
145 """
146 Check if the token is valid.
147
148 :param token: token to validate
149 :return: dictionary with information associated with the token. If the
150 token is not valid, returns None.
151 """
152 raise AuthconnNotImplementedException("Should have implemented this")
153
154 def revoke_token(self, token):
155 """
156 Invalidate a token.
157
158 :param token: token to be revoked
159 """
160 raise AuthconnNotImplementedException("Should have implemented this")
161
162 def get_user_project_list(self, token):
163 """
164 Get all the projects associated with a user.
165
166 :param token: valid token
167 :return: list of projects
168 """
169 raise AuthconnNotImplementedException("Should have implemented this")
170
171 def get_user_role_list(self, token):
172 """
173 Get role list for a scoped project.
174
175 :param token: scoped token.
176 :return: returns the list of roles for the user in that project. If
177 the token is unscoped it returns None.
178 """
179 raise AuthconnNotImplementedException("Should have implemented this")
180
181 def create_user(self, user, password):
182 """
183 Create a user.
184
185 :param user: username.
186 :param password: password.
187 :raises AuthconnOperationException: if user creation failed.
188 """
189 raise AuthconnNotImplementedException("Should have implemented this")
190
191 def update_user(self, user, new_name=None, new_password=None):
192 """
193 Change the user name and/or password.
194
195 :param user: username or user_id
196 :param new_name: new name
197 :param new_password: new password.
198 :raises AuthconnOperationException: if change failed.
199 """
200 raise AuthconnNotImplementedException("Should have implemented this")
201
202 def delete_user(self, user_id):
203 """
204 Delete user.
205
206 :param user_id: user identifier.
207 :raises AuthconnOperationException: if user deletion failed.
208 """
209 raise AuthconnNotImplementedException("Should have implemented this")
210
211 def get_user_list(self, filter_q=None):
212 """
213 Get user list.
214
215 :param filter_q: dictionary to filter user list by name (username is also admited) and/or _id
216 :return: returns a list of users.
217 """
218
219 def create_role(self, role):
220 """
221 Create a role.
222
223 :param role: role name.
224 :raises AuthconnOperationException: if role creation failed.
225 """
226 raise AuthconnNotImplementedException("Should have implemented this")
227
228 def delete_role(self, role_id):
229 """
230 Delete a role.
231
232 :param role_id: role identifier.
233 :raises AuthconnOperationException: if user deletion failed.
234 """
235 raise AuthconnNotImplementedException("Should have implemented this")
236
237 def get_role_list(self, filter_q=None):
238 """
239 Get all the roles.
240
241 :param filter_q: dictionary to filter role list by _id and/or name.
242 :return: list of roles
243 """
244 raise AuthconnNotImplementedException("Should have implemented this")
245
246 def update_role(self, role, new_name):
247 """
248 Change the name of a role
249 :param role: role name or id to be changed
250 :param new_name: new name
251 :return: None
252 """
253 raise AuthconnNotImplementedException("Should have implemented this")
254
255 def create_project(self, project):
256 """
257 Create a project.
258
259 :param project: project name.
260 :return: the internal id of the created project
261 :raises AuthconnOperationException: if project creation failed.
262 """
263 raise AuthconnNotImplementedException("Should have implemented this")
264
265 def delete_project(self, project_id):
266 """
267 Delete a project.
268
269 :param project_id: project identifier.
270 :raises AuthconnOperationException: if project deletion failed.
271 """
272 raise AuthconnNotImplementedException("Should have implemented this")
273
274 def get_project_list(self, filter_q=None):
275 """
276 Get all the projects.
277
278 :param filter_q: dictionary to filter project list, by "name" and/or "_id"
279 :return: list of projects
280 """
281 raise AuthconnNotImplementedException("Should have implemented this")
282
283 def update_project(self, project_id, new_name):
284 """
285 Change the name of a project
286 :param project_id: project to be changed
287 :param new_name: new name
288 :return: None
289 """
290 raise AuthconnNotImplementedException("Should have implemented this")
291
292 def assign_role_to_user(self, user, project, role):
293 """
294 Assigning a role to a user in a project.
295
296 :param user: username.
297 :param project: project name.
298 :param role: role name.
299 :raises AuthconnOperationException: if role assignment failed.
300 """
301 raise AuthconnNotImplementedException("Should have implemented this")
302
303 def remove_role_from_user(self, user, project, role):
304 """
305 Remove a role from a user in a project.
306
307 :param user: username.
308 :param project: project name.
309 :param role: role name.
310 :raises AuthconnOperationException: if role assignment revocation failed.
311 """
312 raise AuthconnNotImplementedException("Should have implemented this")