fix 1238: Provide known ip-address, mac-address at created vnf
[osm/NBI.git] / osm_nbi / authconn.py
1 # -*- coding: utf-8 -*-
2
3 # Copyright 2018 Whitestack, LLC
4 #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
6 # not use this file except in compliance with the License. You may obtain
7 # a copy of the License at
8 #
9 # http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14 # License for the specific language governing permissions and limitations
15 # under the License.
16 #
17 # For those usages not covered by the Apache License, Version 2.0 please
18 # contact: esousa@whitestack.com or glavado@whitestack.com
19 ##
20
21 """
22 Authconn implements an Abstract class for the Auth backend connector
23 plugins with the definition of the methods to be implemented.
24 """
25
26 __author__ = "Eduardo Sousa <esousa@whitestack.com>, " \
27 "Pedro de la Cruz Ramos <pdelacruzramos@altran.com>"
28 __date__ = "$27-jul-2018 23:59:59$"
29
30 from http import HTTPStatus
31 from osm_nbi.base_topic import BaseTopic
32
33
34 class AuthException(Exception):
35 """
36 Authentication error, because token, user password not recognized
37 """
38 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
39 super(AuthException, self).__init__(message)
40 self.http_code = http_code
41
42
43 class AuthExceptionUnauthorized(AuthException):
44 """
45 Authentication error, because not having rights to make this operation
46 """
47 pass
48
49
50 class AuthconnException(Exception):
51 """
52 Common and base class Exception for all authconn exceptions.
53 """
54 def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
55 super(AuthconnException, self).__init__(message)
56 self.http_code = http_code
57
58
59 class AuthconnConnectionException(AuthconnException):
60 """
61 Connectivity error with Auth backend.
62 """
63 def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
64 super(AuthconnConnectionException, self).__init__(message, http_code)
65
66
67 class AuthconnNotSupportedException(AuthconnException):
68 """
69 The request is not supported by the Auth backend.
70 """
71 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
72 super(AuthconnNotSupportedException, self).__init__(message, http_code)
73
74
75 class AuthconnNotImplementedException(AuthconnException):
76 """
77 The method is not implemented by the Auth backend.
78 """
79 def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
80 super(AuthconnNotImplementedException, self).__init__(message, http_code)
81
82
83 class AuthconnOperationException(AuthconnException):
84 """
85 The operation executed failed.
86 """
87 def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
88 super(AuthconnOperationException, self).__init__(message, http_code)
89
90
91 class AuthconnNotFoundException(AuthconnException):
92 """
93 The operation executed failed because element not found.
94 """
95 def __init__(self, message, http_code=HTTPStatus.NOT_FOUND):
96 super().__init__(message, http_code)
97
98
99 class AuthconnConflictException(AuthconnException):
100 """
101 The operation has conflicts.
102 """
103 def __init__(self, message, http_code=HTTPStatus.CONFLICT):
104 super().__init__(message, http_code)
105
106
107 class Authconn:
108 """
109 Abstract base class for all the Auth backend connector plugins.
110 Each Auth backend connector plugin must be a subclass of
111 Authconn class.
112 """
113 def __init__(self, config, db, role_permissions):
114 """
115 Constructor of the Authconn class.
116 :param config: configuration dictionary containing all the
117 necessary configuration parameters.
118 :param db: internal database classs
119 :param role_permissions: read only role permission list
120 """
121 self.config = config
122 self.role_permissions = role_permissions
123
124 def authenticate(self, credentials, token_info=None):
125 """
126 Authenticate a user using username/password or token_info, plus project
127 :param credentials: dictionary that contains:
128 username: name, id or None
129 password: password or None
130 project_id: name, id, or None. If None first found project will be used to get an scope token
131 other items are allowed for specific auth backends
132 :param token_info: previous token_info to obtain authorization
133 :return: the scoped token info or raises an exception. The token is a dictionary with:
134 _id: token string id,
135 username: username,
136 project_id: scoped_token project_id,
137 project_name: scoped_token project_name,
138 expires: epoch time when it expires,
139
140 """
141 raise AuthconnNotImplementedException("Should have implemented this")
142
143 def validate_token(self, token):
144 """
145 Check if the token is valid.
146
147 :param token: token to validate
148 :return: dictionary with information associated with the token. If the
149 token is not valid, returns None.
150 """
151 raise AuthconnNotImplementedException("Should have implemented this")
152
153 def revoke_token(self, token):
154 """
155 Invalidate a token.
156
157 :param token: token to be revoked
158 """
159 raise AuthconnNotImplementedException("Should have implemented this")
160
161 def create_user(self, user_info):
162 """
163 Create a user.
164
165 :param user_info: full user info.
166 :raises AuthconnOperationException: if user creation failed.
167 """
168 raise AuthconnNotImplementedException("Should have implemented this")
169
170 def update_user(self, user_info):
171 """
172 Change the user name and/or password.
173
174 :param user_info: user info modifications
175 :raises AuthconnNotImplementedException: if function not implemented
176 """
177 raise AuthconnNotImplementedException("Should have implemented this")
178
179 def delete_user(self, user_id):
180 """
181 Delete user.
182
183 :param user_id: user identifier.
184 :raises AuthconnOperationException: if user deletion failed.
185 """
186 raise AuthconnNotImplementedException("Should have implemented this")
187
188 def get_user_list(self, filter_q=None):
189 """
190 Get user list.
191
192 :param filter_q: dictionary to filter user list by name (username is also admited) and/or _id
193 :return: returns a list of users.
194 """
195
196 def get_user(self, _id, fail=True):
197 """
198 Get one user
199 :param _id: id or name
200 :param fail: True to raise exception on not found. False to return None on not found
201 :return: dictionary with the user information
202 """
203 filt = {BaseTopic.id_field("users", _id): _id}
204 users = self.get_user_list(filt)
205 if not users:
206 if fail:
207 raise AuthconnNotFoundException("User with {} not found".format(filt), http_code=HTTPStatus.NOT_FOUND)
208 else:
209 return None
210 return users[0]
211
212 def create_role(self, role_info):
213 """
214 Create a role.
215
216 :param role_info: full role info.
217 :raises AuthconnOperationException: if role creation failed.
218 """
219 raise AuthconnNotImplementedException("Should have implemented this")
220
221 def delete_role(self, role_id):
222 """
223 Delete a role.
224
225 :param role_id: role identifier.
226 :raises AuthconnOperationException: if user deletion failed.
227 """
228 raise AuthconnNotImplementedException("Should have implemented this")
229
230 def get_role_list(self, filter_q=None):
231 """
232 Get all the roles.
233
234 :param filter_q: dictionary to filter role list by _id and/or name.
235 :return: list of roles
236 """
237 raise AuthconnNotImplementedException("Should have implemented this")
238
239 def get_role(self, _id, fail=True):
240 """
241 Get one role
242 :param _id: id or name
243 :param fail: True to raise exception on not found. False to return None on not found
244 :return: dictionary with the role information
245 """
246 filt = {BaseTopic.id_field("roles", _id): _id}
247 roles = self.get_role_list(filt)
248 if not roles:
249 if fail:
250 raise AuthconnNotFoundException("Role with {} not found".format(filt))
251 else:
252 return None
253 return roles[0]
254
255 def update_role(self, role_info):
256 """
257 Change the information of a role
258 :param role_info: full role info
259 :return: None
260 """
261 raise AuthconnNotImplementedException("Should have implemented this")
262
263 def create_project(self, project_info):
264 """
265 Create a project.
266
267 :param project_info: full project info.
268 :return: the internal id of the created project
269 :raises AuthconnOperationException: if project creation failed.
270 """
271 raise AuthconnNotImplementedException("Should have implemented this")
272
273 def delete_project(self, project_id):
274 """
275 Delete a project.
276
277 :param project_id: project identifier.
278 :raises AuthconnOperationException: if project deletion failed.
279 """
280 raise AuthconnNotImplementedException("Should have implemented this")
281
282 def get_project_list(self, filter_q=None):
283 """
284 Get all the projects.
285
286 :param filter_q: dictionary to filter project list, by "name" and/or "_id"
287 :return: list of projects
288 """
289 raise AuthconnNotImplementedException("Should have implemented this")
290
291 def get_project(self, _id, fail=True):
292 """
293 Get one project
294 :param _id: id or name
295 :param fail: True to raise exception on not found. False to return None on not found
296 :return: dictionary with the project information
297 """
298 filt = {BaseTopic.id_field("projects", _id): _id}
299 projs = self.get_project_list(filt)
300 if not projs:
301 if fail:
302 raise AuthconnNotFoundException("project with {} not found".format(filt))
303 else:
304 return None
305 return projs[0]
306
307 def update_project(self, project_id, project_info):
308 """
309 Change the information of a project
310 :param project_id: project to be changed
311 :param project_info: full project info
312 :return: None
313 """
314 raise AuthconnNotImplementedException("Should have implemented this")