root / snf-astakos-app / README @ c2837d72
History | View | Annotate | Download (14.7 kB)
1 |
README |
---|---|
2 |
====== |
3 |
|
4 |
Astakos is an identity management service, built by GRNET using Django (https://www.djangoproject.com/). |
5 |
Learn more about Astakos at: http://code.grnet.gr/projects/astakos |
6 |
|
7 |
Consult COPYRIGHT for licensing information. |
8 |
|
9 |
About Astakos application |
10 |
------------------------- |
11 |
|
12 |
This package contains the Django application that implements all identity management functions. |
13 |
|
14 |
How to run |
15 |
---------- |
16 |
|
17 |
Use snf-webproject to run Astakos automatically. |
18 |
|
19 |
To use Astakos in a custom Django project, add ``astakos.im`` to ``INSTALLED_APPS``. Astakos requires South (http://south.aeracode.org/). |
20 |
|
21 |
Also, add the following to your ``settings.py``:: |
22 |
|
23 |
TEMPLATE_CONTEXT_PROCESSORS = ( |
24 |
... |
25 |
'astakos.im.context_processors.cloudbar', |
26 |
'astakos.im.context_processors.im_modules', |
27 |
'astakos.im.context_processors.next', |
28 |
'astakos.im.context_processors.code', |
29 |
'astakos.im.context_processors.invitations') |
30 |
|
31 |
AUTHENTICATION_BACKENDS = ('astakos.im.auth_backends.EmailBackend', |
32 |
'astakos.im.auth_backends.TokenBackend') |
33 |
|
34 |
CUSTOM_USER_MODEL = 'astakos.im.AstakosUser' |
35 |
|
36 |
LOGIN_URL = '/im' |
37 |
|
38 |
Settings |
39 |
-------- |
40 |
|
41 |
Configure in ``settings.py`` or a ``.conf`` file in ``/etc/synnefo`` if using snf-webproject. |
42 |
|
43 |
=========================================== ============================================================================= =========================================================================================== |
44 |
Name Default value Description |
45 |
=========================================== ============================================================================= =========================================================================================== |
46 |
ASTAKOS_AUTH_TOKEN_DURATION one month Expiration time of newly created auth tokens |
47 |
ASTAKOS_DEFAULT_USER_LEVEL 4 Default (not-invited) user level |
48 |
ASTAKOS_INVITATIONS_PER_LEVEL {0:100, 1:2, 2:0, 3:0, 4:0} Number of user invitations per user level |
49 |
ASTAKOS_DEFAULT_FROM_EMAIL GRNET Cloud <no-reply\@grnet.gr> ``from`` parameter passed in ``django.core.mail.send_mail`` |
50 |
ASTAKOS_DEFAULT_CONTACT_EMAIL support\@cloud.grnet.gr Contact email |
51 |
ASTAKOS_DEFAULT_ADMIN_EMAIL support\@cloud.grnet.gr Administrator email to receive user creation notifications (if None disables notifications) |
52 |
ASTAKOS_IM_MODULES ['local', 'shibboleth'] Signup modules |
53 |
ASTAKOS_FORCE_PROFILE_UPDATE True Force user profile verification |
54 |
ASTAKOS_INVITATIONS_ENABLED True Enable invitations |
55 |
ASTAKOS_COOKIE_NAME _pithos2_a ``Key`` parameter passed in ``django.http.HttpResponse.set_cookie`` |
56 |
ASTAKOS_COOKIE_DOMAIN None ``Domain`` parameter passed in ``django.http.HttpResponse.set_cookie`` |
57 |
ASTAKOS_COOKIE_SECURE True ``Secure`` parameter passed in ``django.http.HttpResponse.set_cookie`` |
58 |
ASTAKOS_IM_STATIC_URL /static/im/ URL to use when referring to static files |
59 |
ASTAKOS_MODERATION_ENABLED True If False and invitations are not enabled newly created user will be automatically accepted |
60 |
ASTAKOS_BASEURL \http://pithos.dev.grnet.gr Astakos baseurl |
61 |
ASTAKOS_SITENAME GRNET Cloud Service name that appears in emails |
62 |
ASTAKOS_RECAPTCHA_ENABLED True Enable recaptcha |
63 |
ASTAKOS_RECAPTCHA_PUBLIC_KEY Recaptcha public key obtained after registration here: http://recaptcha.net |
64 |
ASTAKOS_RECAPTCHA_PRIVATE_KEY Recaptcha private key obtained after registration here: http://recaptcha.net |
65 |
ASTAKOS_RECAPTCHA_OPTIONS {'theme': 'white'} Options for customizing reCAPTCHA look and feel |
66 |
(see: http://code.google.com/intl/el-GR/apis/recaptcha/docs/customization.html) |
67 |
ASTAKOS_LOGOUT_NEXT Where the user should be redirected after logout |
68 |
(if not set and no next parameter is defined it renders login page with message) |
69 |
ASTAKOS_BILLING_FIELDS ['id', 'is_active', 'provider', 'third_party_identifier'] AstakosUser fields to propagate in the billing system |
70 |
ASTAKOS_QUEUE_CONNECTION The queue connection ex. 'rabbitmq://guest:guest@localhost:5672/astakos' |
71 |
(if it is not set, it does not send messages) |
72 |
ASTAKOS_RE_USER_EMAIL_PATTERNS [] Email patterns that are automatically activated ex. ['^[a-zA-Z0-9\._-]+@grnet\.gr$'] |
73 |
|
74 |
ASTAKOS_LOGIN_MESSAGES {} Notification messages to display on login page header |
75 |
e.g. {'warning': 'Warning message (can contain html)'} |
76 |
ASTAKOS_PROFILE_EXTRA_LINKS {} Messages to display as extra actions in account forms |
77 |
e.g. {'https://cms.okeanos.grnet.gr/': 'Back to ~okeanos'} |
78 |
ASTAKOS_RATELIMIT_RETRIES_ALLOWED 3 Number of unsuccessful login requests per minute allowed for a specific account. |
79 |
When this number exceeds and ASTAKOS_RECAPTCHA_ENABLED is set the user has to solve a |
80 |
captcha challenge. |
81 |
ASTAKOS_EMAILCHANGE_ENABLED False Enable email change mechanism |
82 |
ASTAKOS_EMAILCHANGE_ACTIVATION_DAYS 10 Number of days that email change requests remain active |
83 |
ASTAKOS_LOGGING_LEVEL INFO Message logging severity |
84 |
ASTAKOS_INVITATION_EMAIL_SUBJECT 'Invitation to %s alpha2 testing' % SITENAME Invitation email subject |
85 |
ASTAKOS_GREETING_EMAIL_SUBJECT 'Welcome to %s alpha2 testing' % SITENAME Welcome email subject |
86 |
ASTAKOS_FEEDBACK_EMAIL_SUBJECT 'Feedback from %s alpha2 testing' % SITENAME Feedback email subject |
87 |
ASTAKOS_VERIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activation is needed' % SITENAME Account activation email subject |
88 |
ASTAKOS_ACCOUNT_CREATION_SUBJECT '%s alpha2 testing account created (%%(user)s)' % SITENAME Account creation email subject |
89 |
ASTAKOS_GROUP_CREATION_SUBJECT '%s alpha2 testing group created (%%(group)s)' % SITENAME Group creation email subject |
90 |
ASTAKOS_HELPDESK_NOTIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activated (%%(user)s)' % SITENAME Account activation helpdesk notification email subject |
91 |
ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJECT 'Email change on %s alpha2 testing' % SITENAME Email change subject |
92 |
ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT 'Password reset on %s alpha2 testing' % SITENAME Password change email subject |
93 |
ASTAKOS_PROJECT_CREATION_SUBJECT '%s alpha2 testing project application created (%%(name)s)' % SITENAME Project application creation subject |
94 |
ASTAKOS_PROJECT_APPROVED_SUBJECT '%s alpha2 testing project application approved (%%(name)s)' % SITENAME Project application approval subject |
95 |
ASTAKOS_PROJECT_TERMINATION_SUBJECT '%s alpha2 testing project terminated (%%(name)s)' % SITENAME Project termination subject |
96 |
ASTAKOS_PROJECT_SUSPENSION_SUBJECT '%s alpha2 testing project suspended (%%(name)s)' % SITENAME Project suspension subject |
97 |
ASTAKOS_PROJECT_MEMBERSHIP_CHANGE_SUBJECT '%s alpha2 testing project membership changed (%%(name)s)' % SITENAME Project membership change subject |
98 |
|
99 |
ASTAKOS_QUOTAHOLDER_URL '' The quotaholder URI |
100 |
e.g. ``http://localhost:8080/api/quotaholder/v`` |
101 |
ASTAKOS_QUOTAHOLDER_TOKEN '' The secret token for accessing the quotaholder URI |
102 |
|
103 |
ASTAKOS_SERVICES {'cyclades': {'resources': [{'desc': 'Number of virtual machines', Default cloud service information |
104 |
'group': 'compute', |
105 |
'name': 'vm', |
106 |
'uplimit': 2}, |
107 |
{'desc': 'Virtual machine disk size', |
108 |
'group': 'compute', |
109 |
'name': 'diskspace', |
110 |
'unit': 'GB', |
111 |
'uplimit': 5}, |
112 |
{'desc': 'Number of virtual machine processors', |
113 |
'group': 'compute', |
114 |
'name': 'cpu', |
115 |
'uplimit': 1}, |
116 |
{'desc': 'Virtual machines', |
117 |
'group': 'compute', |
118 |
'name': 'ram', |
119 |
'unit': 'MB', |
120 |
'uplimit': 1024}], |
121 |
'url': 'https://node1.example.com/ui/'}, |
122 |
'pithos+': {'resources': [{'desc': 'Pithos account diskspace', |
123 |
'group': 'storage', |
124 |
'name': 'diskspace', |
125 |
'unit': 'bytes', |
126 |
'uplimit': 5368709120}], |
127 |
'url': 'https://node2.example.com/ui/'}} |
128 |
ASTAKOS_AQUARIUM_URL '' The billing (aquarium) URI |
129 |
e.g. ``http://localhost:8888/user`` |
130 |
ASTAKOS_PAGINATE_BY 10 Number of object to be displayed per page |
131 |
|
132 |
ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN True Enforce token renewal on password change/reset. If set to False, user can optionally decide |
133 |
whether to renew the token or not. |
134 |
ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION True Permit local account migration to third party account |
135 |
=========================================== ============================================================================= =========================================================================================== |
136 |
|
137 |
Administrator functions |
138 |
----------------------- |
139 |
|
140 |
Available as extensions to Django's command-line management utility: |
141 |
|
142 |
=============== =========================== |
143 |
Name Description |
144 |
=============== =========================== |
145 |
addgroup Add new group |
146 |
addterms Add new approval terms |
147 |
createuser Create a user |
148 |
inviteuser Invite a user |
149 |
listgroups List groups |
150 |
listinvitations List invitations |
151 |
listusers List users |
152 |
modifyuser Modify a user's attributes |
153 |
sendactivation Send activation email |
154 |
showinvitation Show invitation info |
155 |
showuser Show user info |
156 |
=============== =========================== |
157 |
|
158 |
To update user credibility from the billing system (Aquarium), enable the queue, install snf-pithos-tools and use ``pithos-dispatcher``:: |
159 |
|
160 |
pithos-dispatcher --exchange=aquarium --callback=astakos.im.endpoints.aquarium.consumer.on_creditevent |