osm_nbi/authconn.py

   1 # -*- coding: utf-8 -*-
   2
   3 # Copyright 2018 Whitestack, LLC
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License"); you may
   6 # not use this file except in compliance with the License. You may obtain
   7 # a copy of the License at
   8 #
   9 #         http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  14 # License for the specific language governing permissions and limitations
  15 # under the License.
  16 #
  17 # For those usages not covered by the Apache License, Version 2.0 please
  18 # contact: esousa@whitestack.com or glavado@whitestack.com
  19 ##
  20
  21 """
  22 Authconn implements an Abstract class for the Auth backend connector
  23 plugins with the definition of the methods to be implemented.
  24 """
  25
  26 __author__ = "Eduardo Sousa <esousa@whitestack.com>"
  27 __date__ = "$27-jul-2018 23:59:59$"
  28
  29 from http import HTTPStatus
  30
  31
  32 class AuthException(Exception):
  33     """
  34     Authentication error.
  35     """
  36     def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
  37         super(AuthException, self).__init__(message)
  38         self.http_code = http_code
  39
  40
  41 class AuthconnException(Exception):
  42     """
  43     Common and base class Exception for all authconn exceptions.
  44     """
  45     def __init__(self, message, http_code=HTTPStatus.UNAUTHORIZED):
  46         super(AuthconnException, self).__init__(message)
  47         self.http_code = http_code
  48
  49
  50 class AuthconnConnectionException(AuthconnException):
  51     """
  52     Connectivity error with Auth backend.
  53     """
  54     def __init__(self, message, http_code=HTTPStatus.BAD_GATEWAY):
  55         super(AuthconnConnectionException, self).__init__(message, http_code)
  56
  57
  58 class AuthconnNotSupportedException(AuthconnException):
  59     """
  60     The request is not supported by the Auth backend.
  61     """
  62     def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
  63         super(AuthconnNotSupportedException, self).__init__(message, http_code)
  64
  65
  66 class AuthconnNotImplementedException(AuthconnException):
  67     """
  68     The method is not implemented by the Auth backend.
  69     """
  70     def __init__(self, message, http_code=HTTPStatus.NOT_IMPLEMENTED):
  71         super(AuthconnNotImplementedException, self).__init__(message, http_code)
  72
  73
  74 class AuthconnOperationException(AuthconnException):
  75     """
  76     The operation executed failed.
  77     """
  78     def __init__(self, message, http_code=HTTPStatus.INTERNAL_SERVER_ERROR):
  79         super(AuthconnOperationException, self).__init__(message, http_code)
  80
  81
  82 class Authconn:
  83     """
  84     Abstract base class for all the Auth backend connector plugins.
  85     Each Auth backend connector plugin must be a subclass of
  86     Authconn class.
  87     """
  88     def __init__(self, config):
  89         """
  90         Constructor of the Authconn class.
  91
  92         Note: each subclass
  93
  94         :param config: configuration dictionary containing all the
  95         necessary configuration parameters.
  96         """
  97         self.config = config
  98
  99     def authenticate_with_user_password(self, user, password):
 100         """
 101         Authenticate a user using username and password.
 102
 103         :param user: username
 104         :param password: password
 105         :return: an unscoped token that grants access to project list
 106         """
 107         raise AuthconnNotImplementedException("Should have implemented this")
 108
 109     def authenticate_with_token(self, token, project=None):
 110         """
 111         Authenticate a user using a token. Can be used to revalidate the token
 112         or to get a scoped token.
 113
 114         :param token: a valid token.
 115         :param project: (optional) project for a scoped token.
 116         :return: return a revalidated token, scoped if a project was passed or
 117         the previous token was already scoped.
 118         """
 119         raise AuthconnNotImplementedException("Should have implemented this")
 120
 121     def validate_token(self, token):
 122         """
 123         Check if the token is valid.
 124
 125         :param token: token to validate
 126         :return: dictionary with information associated with the token. If the
 127         token is not valid, returns None.
 128         """
 129         raise AuthconnNotImplementedException("Should have implemented this")
 130
 131     def revoke_token(self, token):
 132         """
 133         Invalidate a token.
 134
 135         :param token: token to be revoked
 136         """
 137         raise AuthconnNotImplementedException("Should have implemented this")
 138
 139     def get_user_project_list(self, token):
 140         """
 141         Get all the projects associated with a user.
 142
 143         :param token: valid token
 144         :return: list of projects
 145         """
 146         raise AuthconnNotImplementedException("Should have implemented this")
 147
 148     def get_user_role_list(self, token):
 149         """
 150         Get role list for a scoped project.
 151
 152         :param token: scoped token.
 153         :return: returns the list of roles for the user in that project. If
 154         the token is unscoped it returns None.
 155         """
 156         raise AuthconnNotImplementedException("Should have implemented this")
 157
 158     def create_user(self, user, password):
 159         """
 160         Create a user.
 161
 162         :param user: username.
 163         :param password: password.
 164         :raises AuthconnOperationException: if user creation failed.
 165         """
 166         raise AuthconnNotImplementedException("Should have implemented this")
 167
 168     def change_password(self, user, new_password):
 169         """
 170         Change the user password.
 171
 172         :param user: username.
 173         :param new_password: new password.
 174         :raises AuthconnOperationException: if user password change failed.
 175         """
 176         raise AuthconnNotImplementedException("Should have implemented this")
 177
 178     def delete_user(self, user_id):
 179         """
 180         Delete user.
 181
 182         :param user_id: user identifier.
 183         :raises AuthconnOperationException: if user deletion failed.
 184         """
 185         raise AuthconnNotImplementedException("Should have implemented this")
 186
 187     def get_user_list(self, filter_q={}):
 188         """
 189         Get user list.
 190
 191         :param filter_q: dictionary to filter user list.
 192         :return: returns a list of users.
 193         """
 194
 195     def create_role(self, role):
 196         """
 197         Create a role.
 198
 199         :param role: role name.
 200         :raises AuthconnOperationException: if role creation failed.
 201         """
 202         raise AuthconnNotImplementedException("Should have implemented this")
 203
 204     def delete_role(self, role_id):
 205         """
 206         Delete a role.
 207
 208         :param role_id: role identifier.
 209         :raises AuthconnOperationException: if user deletion failed.
 210         """
 211         raise AuthconnNotImplementedException("Should have implemented this")
 212
 213     def get_role_list(self):
 214         """
 215         Get all the roles.
 216
 217         :return: list of roles
 218         """
 219         raise AuthconnNotImplementedException("Should have implemented this")
 220
 221     def create_project(self, project):
 222         """
 223         Create a project.
 224
 225         :param project: project name.
 226         :raises AuthconnOperationException: if project creation failed.
 227         """
 228         raise AuthconnNotImplementedException("Should have implemented this")
 229
 230     def delete_project(self, project_id):
 231         """
 232         Delete a project.
 233
 234         :param project_id: project identifier.
 235         :raises AuthconnOperationException: if project deletion failed.
 236         """
 237         raise AuthconnNotImplementedException("Should have implemented this")
 238
 239     def get_project_list(self, filter_q={}):
 240         """
 241         Get all the projects.
 242
 243         :param filter_q: dictionary to filter project list.
 244         :return: list of projects
 245         """
 246         raise AuthconnNotImplementedException("Should have implemented this")
 247
 248     def assign_role_to_user(self, user, project, role):
 249         """
 250         Assigning a role to a user in a project.
 251
 252         :param user: username.
 253         :param project: project name.
 254         :param role: role name.
 255         :raises AuthconnOperationException: if role assignment failed.
 256         """
 257         raise AuthconnNotImplementedException("Should have implemented this")
 258
 259     def remove_role_from_user(self, user, project, role):
 260         """
 261         Remove a role from a user in a project.
 262
 263         :param user: username.
 264         :param project: project name.
 265         :param role: role name.
 266         :raises AuthconnOperationException: if role assignment revocation failed.
 267         """
 268         raise AuthconnNotImplementedException("Should have implemented this")