README 13.6 KB
Newer Older
Antony Chazapis's avatar
Antony Chazapis committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
README
======

Astakos is an identity management service, built by GRNET using Django (https://www.djangoproject.com/).
Learn more about Astakos at: http://code.grnet.gr/projects/astakos

Consult COPYRIGHT for licensing information.

About Astakos application
-------------------------

This package contains the Django application that implements all identity management functions.

How to run
----------

Use snf-webproject to run Astakos automatically.

To use Astakos in a custom Django project, add ``astakos.im`` to ``INSTALLED_APPS``. Astakos requires South (http://south.aeracode.org/).

Also, add the following to your ``settings.py``::

    TEMPLATE_CONTEXT_PROCESSORS = (
        ...
        'astakos.im.context_processors.cloudbar',
        'astakos.im.context_processors.im_modules',
        'astakos.im.context_processors.next',
        'astakos.im.context_processors.code',
        'astakos.im.context_processors.invitations')
    
    AUTHENTICATION_BACKENDS = ('astakos.im.auth_backends.EmailBackend',
                               'astakos.im.auth_backends.TokenBackend')
    
    CUSTOM_USER_MODEL = 'astakos.im.AstakosUser'
    
    LOGIN_URL = '/im'

Settings
--------

Configure in ``settings.py`` or a ``.conf`` file in ``/etc/synnefo`` if using snf-webproject.

43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
=========================================== =============================================================================   ===========================================================================================
Name                                        Default value                                                                   Description
=========================================== =============================================================================   ===========================================================================================
ASTAKOS_AUTH_TOKEN_DURATION                 one month                                                                       Expiration time of newly created auth tokens
ASTAKOS_DEFAULT_USER_LEVEL                  4                                                                               Default (not-invited) user level
ASTAKOS_INVITATIONS_PER_LEVEL               {0:100, 1:2, 2:0, 3:0, 4:0}                                                     Number of user invitations per user level
ASTAKOS_DEFAULT_FROM_EMAIL                  GRNET Cloud <no-reply\@grnet.gr>                                                ``from`` parameter passed in ``django.core.mail.send_mail``
ASTAKOS_DEFAULT_CONTACT_EMAIL               support\@cloud.grnet.gr                                                         Contact email
ASTAKOS_DEFAULT_ADMIN_EMAIL                 support\@cloud.grnet.gr                                                         Administrator email to receive user creation notifications (if None disables notifications)
ASTAKOS_IM_MODULES                          ['local', 'shibboleth']                                                         Signup modules
ASTAKOS_FORCE_PROFILE_UPDATE                True                                                                            Force user profile verification
ASTAKOS_INVITATIONS_ENABLED                 True                                                                            Enable invitations
ASTAKOS_COOKIE_NAME                         _pithos2_a                                                                      ``Key`` parameter passed in ``django.http.HttpResponse.set_cookie``
ASTAKOS_COOKIE_DOMAIN                       None                                                                            ``Domain`` parameter passed in ``django.http.HttpResponse.set_cookie``
ASTAKOS_COOKIE_SECURE                       True                                                                            ``Secure`` parameter passed in ``django.http.HttpResponse.set_cookie``
ASTAKOS_IM_STATIC_URL                       /static/im/                                                                     URL to use when referring to static files
ASTAKOS_MODERATION_ENABLED                  True                                                                            If False and invitations are not enabled newly created user will be automatically accepted
ASTAKOS_BASEURL                             \http://pithos.dev.grnet.gr                                                     Astakos baseurl
ASTAKOS_SITENAME                            GRNET Cloud                                                                     Service name that appears in emails
ASTAKOS_RECAPTCHA_ENABLED                   True                                                                            Enable recaptcha
ASTAKOS_RECAPTCHA_PUBLIC_KEY                                                                                                Recaptcha public key obtained after registration here: http://recaptcha.net
ASTAKOS_RECAPTCHA_PRIVATE_KEY                                                                                               Recaptcha private key obtained after registration here: http://recaptcha.net
ASTAKOS_RECAPTCHA_OPTIONS                   {'theme': 'white'}                                                              Options for customizing reCAPTCHA look and feel
                                                                                                                            (see: http://code.google.com/intl/el-GR/apis/recaptcha/docs/customization.html)
ASTAKOS_LOGOUT_NEXT                                                                                                         Where the user should be redirected after logout
                                                                                                                            (if not set and no next parameter is defined it renders login page with message)
ASTAKOS_BILLING_FIELDS                      ['id', 'is_active', 'provider', 'third_party_identifier']                       AstakosUser fields to propagate in the billing system
ASTAKOS_QUEUE_CONNECTION                                                                                                    The queue connection ex. 'rabbitmq://guest:guest@localhost:5672/astakos'
                                                                                                                            (if it is not set, it does not send messages)
ASTAKOS_RE_USER_EMAIL_PATTERNS              []                                                                              Email patterns that are automatically activated ex. ['^[a-zA-Z0-9\._-]+@grnet\.gr$']
73

74
75
76
77
78
79
80
81
82
83
84
85
86
87
ASTAKOS_LOGIN_MESSAGES                      {}                                                                              Notification messages to display on login page header
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
ASTAKOS_PROFILE_EXTRA_LINKS                 {}                                                                              Messages to display as extra actions in account forms
                                                                                                                            e.g. {'https://cms.okeanos.grnet.gr/': 'Back to ~okeanos'}
ASTAKOS_RATELIMIT_RETRIES_ALLOWED           3                                                                               Number of unsuccessful login requests per minute allowed for a specific account.
                                                                                                                            When this number exceeds and ASTAKOS_RECAPTCHA_ENABLED is set the user has to solve a
                                                                                                                            captcha challenge.
ASTAKOS_EMAILCHANGE_ENABLED                 False                                                                           Enable email change mechanism
ASTAKOS_EMAILCHANGE_ACTIVATION_DAYS         10                                                                              Number of days that email change requests remain active
ASTAKOS_LOGGING_LEVEL                       INFO                                                                            Message logging severity
ASTAKOS_INVITATION_EMAIL_SUBJECT            'Invitation to %s alpha2 testing' % SITENAME                                    Invitation email subject
ASTAKOS_GREETING_EMAIL_SUBJECT              'Welcome to %s alpha2 testing' % SITENAME                                       Welcome email subject
ASTAKOS_FEEDBACK_EMAIL_SUBJECT              'Feedback from %s alpha2 testing' % SITENAME                                    Feedback email subject
ASTAKOS_VERIFICATION_EMAIL_SUBJECT          '%s alpha2 testing account activation is needed' % SITENAME                     Account activation email subject
Olga Brani's avatar
Olga Brani committed
88
89
ASTAKOS_ACCOUNT_CREATION_SUBJECT            '%s alpha2 testing account created (%%(user)s)' % SITENAME                      Account creation email subject
ASTAKOS_GROUP_CREATION_SUBJECT              '%s alpha2 testing group created (%%(group)s)' % SITENAME                       Group creation email subject
90
91
92
ASTAKOS_HELPDESK_NOTIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activated (%%(user)s)' % SITENAME                    Account activation helpdesk notification email subject
ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJECT          'Email change on %s alpha2 testing' % SITENAME                                  Email change subject               
ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT        'Password reset on %s alpha2 testing' % SITENAME                                Password change email subject
Olga Brani's avatar
Olga Brani committed
93

94
ASTAKOS_QUOTA_HOLDER_URL                    ''                                                                              The quota holder URI
Olga Brani's avatar
Olga Brani committed
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
                                                                                                                            e.g. ``http://localhost:8080/api/quotaholder/v``
ASTAKOS_SERVICES                            {'cyclades': {'resources': [{'desc': 'Number of virtual machines',              Default cloud service information
                                            'group': 'storage',
                                            'name': 'vm',
                                            'uplimit': 2},
                                            {'desc': 'Virtual machine disk size',
                                            'group': 'storage',
                                            'name': 'disksize',
                                            'unit': 'GB',
                                            'uplimit': 5},
                                            {'desc': 'Number of virtual machine processors',
                                            'group': 'storage',
                                            'name': 'cpu',
                                            'uplimit': 1},
                                            {'desc': 'Virtual machines',
                                            'group': 'storage',
                                            'name': 'ram',
                                            'unit': 'MB',
                                            'uplimit': 1024}],
                                            'url': 'https://node1.example.com/ui/'},
                                            'pithos+': {'resources': [{'desc': 'Pithos account diskspace',
                                            'group': 'compute',
                                            'name': 'diskspace',
                                            'unit': 'bytes',
                                            'uplimit': 5368709120}],
                                            'url': 'https://node2.example.com/ui/'}}                                                                               
121
ASTAKOS_AQUARIUM_URL                        ''                                                                              The billing (aquarium) URI
Olga Brani's avatar
Olga Brani committed
122
                                                                                                                            e.g. ``http://localhost:8888/user``
123
ASTAKOS_PAGINATE_BY                         10                                                                              Number of object to be displayed per page
Olga Brani's avatar
Olga Brani committed
124
125
126

ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN          True                                                                            Enforce token renewal on password change/reset. If set to False, user can optionally decide
                                                                                                                            whether to renew the token or not.
127
=========================================== =============================================================================   ===========================================================================================
Antony Chazapis's avatar
Antony Chazapis committed
128
129
130
131
132
133

Administrator functions
-----------------------

Available as extensions to Django's command-line management utility:

134
135
136
===============  ===========================
Name             Description
===============  ===========================
Sofia Papagiannaki's avatar
Sofia Papagiannaki committed
137
138
addgroup         Add new group
addterms         Add new approval terms
139
140
createuser       Create a user
inviteuser       Invite a user
Sofia Papagiannaki's avatar
Sofia Papagiannaki committed
141
listgroups       List groups
142
143
144
listinvitations  List invitations
listusers        List users
modifyuser       Modify a user's attributes
Sofia Papagiannaki's avatar
Sofia Papagiannaki committed
145
sendactivation   Send activation email
146
147
148
showinvitation   Show invitation info
showuser         Show user info
===============  ===========================
Sofia Papagiannaki's avatar
Sofia Papagiannaki committed
149
150
151

To update user credibility from the billing system (Aquarium), enable the queue, install snf-pithos-tools and use ``pithos-dispatcher``::

Sofia Papagiannaki's avatar
Sofia Papagiannaki committed
152
    pithos-dispatcher --exchange=aquarium --callback=astakos.im.endpoints.aquarium.consumer.on_creditevent