Statistics
| Branch: | Tag: | Revision:

root / snf-astakos-app / README @ a1a4cbfb

History | View | Annotate | Download (18.2 kB)

1
README
2
======
3

    
4
Astakos is an identity management service, built by GRNET using Django (https://www.djangoproject.com/).
5
Learn more about Astakos at: http://code.grnet.gr/projects/astakos
6

    
7
Consult COPYRIGHT for licensing information.
8

    
9
About Astakos application
10
-------------------------
11

    
12
This package contains the Django application that implements all identity management functions.
13

    
14
How to run
15
----------
16

    
17
Use snf-webproject to run Astakos automatically.
18

    
19
To use Astakos in a custom Django project, add ``astakos.im`` to ``INSTALLED_APPS``. Astakos requires South (http://south.aeracode.org/).
20

    
21
Also, add the following to your ``settings.py``::
22

    
23
    TEMPLATE_CONTEXT_PROCESSORS = (
24
        ...
25
        'astakos.im.context_processors.cloudbar',
26
        'astakos.im.context_processors.im_modules',
27
        'astakos.im.context_processors.next',
28
        'astakos.im.context_processors.code',
29
        'astakos.im.context_processors.invitations')
30
    
31
    AUTHENTICATION_BACKENDS = ('astakos.im.auth_backends.EmailBackend',
32
                               'astakos.im.auth_backends.TokenBackend')
33
    
34
    CUSTOM_USER_MODEL = 'astakos.im.AstakosUser'
35
    
36
    LOGIN_URL = '/im'
37

    
38
Settings
39
--------
40

    
41
Configure in ``settings.py`` or a ``.conf`` file in ``/etc/synnefo`` if using snf-webproject.
42

    
43
=========================================== =============================================================================   ===========================================================================================
44
Name                                        Default value                                                                   Description
45
=========================================== =============================================================================   ===========================================================================================
46
ASTAKOS_AUTH_TOKEN_DURATION                 one month                                                                       Expiration time of newly created auth tokens
47
ASTAKOS_DEFAULT_USER_LEVEL                  4                                                                               Default (not-invited) user level
48
ASTAKOS_INVITATIONS_PER_LEVEL               {0:100, 1:2, 2:0, 3:0, 4:0}                                                     Number of user invitations per user level
49
ASTAKOS_DEFAULT_FROM_EMAIL                  GRNET Cloud <no-reply\@grnet.gr>                                                ``from`` parameter passed in ``django.core.mail.send_mail``
50
ASTAKOS_DEFAULT_CONTACT_EMAIL               support\@cloud.grnet.gr                                                         Contact email
51
SERVER_EMAIL                                None
52
ADMINS                                      None
53
ASTAKOS_IM_MODULES                          ['local']                                                                       Signup modules
54
ASTAKOS_FORCE_PROFILE_UPDATE                True                                                                            Force user profile verification
55
ASTAKOS_INVITATIONS_ENABLED                 True                                                                            Enable invitations
56
ASTAKOS_COOKIE_NAME                         _pithos2_a                                                                      ``Key`` parameter passed in ``django.http.HttpResponse.set_cookie``
57
ASTAKOS_COOKIE_DOMAIN                       None                                                                            ``Domain`` parameter passed in ``django.http.HttpResponse.set_cookie``
58
ASTAKOS_COOKIE_SECURE                       True                                                                            ``Secure`` parameter passed in ``django.http.HttpResponse.set_cookie``
59
ASTAKOS_IM_STATIC_URL                       /static/im/                                                                     URL to use when referring to static files
60
ASTAKOS_MODERATION_ENABLED                  True                                                                            If False and invitations are not enabled newly created user will be automatically accepted
61
ASTAKOS_BASEURL                             \http://pithos.dev.grnet.gr                                                     Astakos baseurl
62
ASTAKOS_SITENAME                            GRNET Cloud                                                                     Service name that appears in emails
63
ASTAKOS_RECAPTCHA_PUBLIC_KEY                                                                                                Recaptcha public key obtained after registration here: http://recaptcha.net
64
ASTAKOS_RECAPTCHA_PRIVATE_KEY                                                                                               Recaptcha private key obtained after registration here: http://recaptcha.net
65
ASTAKOS_RECAPTCHA_OPTIONS                   {'theme': 'custom', 'custom_theme_widget': 'okeanos_recaptcha'}                 Options for customizing reCAPTCHA look and feel
66
ASTAKOS_RECAPTCHA_USE_SSL                   True
67
ASTAKOS_RECAPTCHA_ENABLED                   False                                                                           Enable recaptcha
68
                                                                                                                            (see: http://code.google.com/intl/el-GR/apis/recaptcha/docs/customization.html)
69
ASTAKOS_BILLING_FIELDS                      ['is_active']                                                                   AstakosUser fields to propagate in the billing system
70
ASTAKOS_QUEUE_CONNECTION                                                                                                    The queue connection ex. 'rabbitmq://guest:guest@localhost:5672/astakos'
71
ASTAKOS_LOGOUT_NEXT                                                                                                         Where the user should be redirected after logout
72
                                                                                                                            (if not set and no next parameter is defined it renders login page with message)
73
                                                                                                                            (if it is not set, it does not send messages)
74
ASTAKOS_RE_USER_EMAIL_PATTERNS              []                                                                              Email patterns that are automatically activated ex. ['^[a-zA-Z0-9\._-]+@grnet\.gr$']
75

    
76
ASTAKOS_LOGIN_MESSAGES                      []                                                                              Notification messages to display on login page header
77
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
78
ASTAKOS_SIGNUP_MESSAGES                     []                                                                              Notification messages to display on signup page header
79
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
80
ASTAKOS_PROFILE_MESSAGES                    []                                                                              Notification messages to display on profile page header
81
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
82
ASTAKOS_GLOBAL_MESSAGES                     []                                                                              Notification messages to display on every page header
83
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
84
ASTAKOS_PROFILE_EXTRA_LINKS                 {}                                                                              Messages to display as extra actions in account forms
85
                                                                                                                            e.g. {'https://cms.okeanos.grnet.gr/': 'Back to ~okeanos'}
86
ASTAKOS_RATELIMIT_RETRIES_ALLOWED           3                                                                               Number of unsuccessful login requests per minute allowed for a specific account.
87
                                                                                                                            When this number exceeds and ASTAKOS_RECAPTCHA_ENABLED is set the user has to solve a
88
                                                                                                                            captcha challenge.
89
ASTAKOS_EMAILCHANGE_ENABLED                 False                                                                           Enable email change mechanism
90
ASTAKOS_EMAILCHANGE_ACTIVATION_DAYS         10                                                                              Number of days that email change requests remain active
91
ASTAKOS_LOGGING_LEVEL                       INFO                                                                            Message logging severity
92
ASTAKOS_INVITATION_EMAIL_SUBJECT            'Invitation to %s alpha2 testing' % SITENAME                                    Invitation email subject
93
ASTAKOS_GREETING_EMAIL_SUBJECT              'Welcome to %s alpha2 testing' % SITENAME                                       Welcome email subject
94
ASTAKOS_FEEDBACK_EMAIL_SUBJECT              'Feedback from %s alpha2 testing' % SITENAME                                    Feedback email subject
95
ASTAKOS_VERIFICATION_EMAIL_SUBJECT          '%s alpha2 testing account activation is needed' % SITENAME                     Account activation email subject
96
ASTAKOS_ACCOUNT_CREATION_SUBJECT            '%s alpha2 testing account created (%%(user)s)' % SITENAME                      Account creation email subject
97
ASTAKOS_GROUP_CREATION_SUBJECT              '%s alpha2 testing group created (%%(group)s)' % SITENAME                       Group creation email subject
98
ASTAKOS_HELPDESK_NOTIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activated (%%(user)s)' % SITENAME                    Account activation helpdesk notification email subject
99
ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJECT          'Email change on %s alpha2 testing' % SITENAME                                  Email change subject               
100
ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT        'Password reset on %s alpha2 testing' % SITENAME                                Password change email subject
101
ASTAKOS_PROJECT_CREATION_SUBJECT            '%s alpha2 testing project application created (%%(name)s)' % SITENAME          Project application creation subject
102
ASTAKOS_PROJECT_APPROVED_SUBJECT            '%s alpha2 testing project application approved (%%(name)s)' % SITENAME         Project application approval subject
103
ASTAKOS_PROJECT_TERMINATION_SUBJECT         '%s alpha2 testing project terminated (%%(name)s)' % SITENAME                   Project termination subject
104
ASTAKOS_PROJECT_SUSPENSION_SUBJECT          '%s alpha2 testing project suspended (%%(name)s)' % SITENAME                    Project suspension subject
105
ASTAKOS_PROJECT_MEMBERSHIP_CHANGE_SUBJECT   '%s alpha2 testing project membership changed (%%(name)s)' % SITENAME           Project membership change subject
106

    
107
ASTAKOS_QUOTAHOLDER_URL                     ''                                                                              The quotaholder URI
108
                                                                                                                            e.g. ``http://localhost:8080/api/quotaholder/v``
109
ASTAKOS_QUOTAHOLDER_TOKEN                   ''                                                                              The secret token for accessing the quotaholder URI
110

    
111
ASTAKOS_SERVICES                            {'cyclades': {'resources': [{'desc': 'Number of virtual machines',              Default cloud service information
112
                                            'group': 'compute',
113
                                            'name': 'vm',
114
                                            'uplimit': 2},
115
                                            {'desc': 'Virtual machine disk size',
116
                                            'group': 'compute',
117
                                            'name': 'diskspace',
118
                                            'unit': 'GB',
119
                                            'uplimit': 5},
120
                                            {'desc': 'Number of virtual machine processors',
121
                                            'group': 'compute',
122
                                            'name': 'cpu',
123
                                            'uplimit': 1},
124
                                            {'desc': 'Virtual machines',
125
                                            'group': 'compute',
126
                                            'name': 'ram',
127
                                            'unit': 'MB',
128
                                            'uplimit': 1024}],
129
                                            'url': 'https://node1.example.com/ui/'},
130
                                            'pithos+': {'resources': [{'desc': 'Pithos account diskspace',
131
                                            'group': 'storage',
132
                                            'name': 'diskspace',
133
                                            'unit': 'bytes',
134
                                            'uplimit': 5368709120}],
135
                                            'url': 'https://node2.example.com/ui/'}}
136
ASTAKOS_AQUARIUM_URL                        ''                                                                              The billing (aquarium) URI
137
                                                                                                                            e.g. ``http://localhost:8888/user``
138
ASTAKOS_PAGINATE_BY                         8                                                                               Number of object to be displayed per page
139
ASTAKOS_PAGINATE_BY_ALL                     15                                                                              Number of object to be displayed per pagein show all projects page
140

    
141
ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN          True                                                                            Enforce token renewal on password change/reset. If set to False, user can optionally decide
142
                                                                                                                            whether to renew the token or not.
143
ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION      True                                                                            Permit local account migration to third party account
144
ASTAKOS_RESOURCES_PRESENTATION_DATA         {}                                                                              Customizes resource presentation
145
ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION      True                                                                            Permits local account migration
146
ASTAKOS_SHIBBOLETH_REQUIRE_NAME_INFO        False                                                                           Strict shibboleth usage
147
ASTAKOS_PROJECT_MEMBER_JOIN_POLICIES        {'1':'automatically accepted', '2':'owner accepts', '3':'closed'}               Text to be displayed in project member join policy dropdown
148
ASTAKOS_PROJECT_MEMBER_LEAVE_POLICIES       {'1':'automatically accepted', '2':'owner accepts', '3':'closed'}               Text to be displayed in project member leave policy dropdown
149
ASTAKOS_ACTIVATION_REDIRECT_URL             "/im/landing"
150
ASTAKOS_TRANSLATE_UUIDS                     False                                                                           If true, this enables a ui compatibility layer for the introduction of UUIDs in identity management.
151
                                                                                                                            WARNING: Setting to True will break your installation.
152
ASTAKOS_PROJECT_ADMINS                      set()                                                                           Users to approve/deny project applications
153
ASTAKOS_TWITTER_TOKEN                       ''                                                                              Oauth2 twitter token
154
ASTAKOS_TWITTER_SECRET                      ''                                                                              Oauth2 twitter secret
155
ASTAKOS_TWITTER_AUTH_FORCE_LOGIN            Fals
156
ASTAKOS_GOOGLE_CLIENT_ID                    ''                                                                              Oauth2 google client id
157
ASTAKOS_GOOGLE_SECRET                       ''                                                                              Oauth2 google secret
158
ASTAKOS_LINKEDIN_TOKEN                      ''                                                                              Oauth2 LinkedIn token
159
ASTAKOS_LINKEDIN_SECRET                     ''                                                                              Oauth2 LinkedIn secret
160
=========================================== =============================================================================   ===========================================================================================
161

    
162
Administrator functions
163
-----------------------
164

    
165
Available as extensions to Django's command-line management utility:
166

    
167
===============  ===========================
168
Name             Description
169
===============  ===========================
170
addgroup         Add new group
171
addterms         Add new approval terms
172
createuser       Create a user
173
inviteuser       Invite a user
174
listgroups       List groups
175
listinvitations  List invitations
176
listusers        List users
177
modifyuser       Modify a user's attributes
178
sendactivation   Send activation email
179
showinvitation   Show invitation info
180
showuser         Show user info
181
===============  ===========================
182

    
183
To update user credibility from the billing system (Aquarium), enable the queue, install snf-pithos-tools and use ``pithos-dispatcher``::
184

    
185
    pithos-dispatcher --exchange=aquarium --callback=astakos.im.endpoints.aquarium.consumer.on_creditevent