README ====== Astakos is an identity management service, built by GRNET using Django (https://www.djangoproject.com/). Learn more about Astakos at: http://code.grnet.gr/projects/astakos Consult COPYRIGHT for licensing information. About Astakos application ------------------------- This package contains the Django application that implements all identity management functions. How to run ---------- Use snf-webproject to run Astakos automatically. To use Astakos in a custom Django project, add ``astakos.im`` to ``INSTALLED_APPS``. Astakos requires South (http://south.aeracode.org/). Also, add the following to your ``settings.py``:: TEMPLATE_CONTEXT_PROCESSORS = ( ... 'astakos.im.context_processors.cloudbar', 'astakos.im.context_processors.im_modules', 'astakos.im.context_processors.next', 'astakos.im.context_processors.code', 'astakos.im.context_processors.invitations') AUTHENTICATION_BACKENDS = ('astakos.im.auth_backends.EmailBackend', 'astakos.im.auth_backends.TokenBackend') CUSTOM_USER_MODEL = 'astakos.im.AstakosUser' LOGIN_URL = '/im' Settings -------- Configure in ``settings.py`` or a ``.conf`` file in ``/etc/synnefo`` if using snf-webproject. =========================================== ============================================================================= =========================================================================================== Name Default value Description =========================================== ============================================================================= =========================================================================================== ASTAKOS_AUTH_TOKEN_DURATION one month Expiration time of newly created auth tokens ASTAKOS_DEFAULT_USER_LEVEL 4 Default (not-invited) user level ASTAKOS_INVITATIONS_PER_LEVEL {0:100, 1:2, 2:0, 3:0, 4:0} Number of user invitations per user level ASTAKOS_DEFAULT_FROM_EMAIL GRNET Cloud ``from`` parameter passed in ``django.core.mail.send_mail`` ASTAKOS_DEFAULT_CONTACT_EMAIL support\@cloud.grnet.gr Contact email SERVER_EMAIL None ADMINS None ASTAKOS_IM_MODULES ['local'] Signup modules ASTAKOS_FORCE_PROFILE_UPDATE True Force user profile verification ASTAKOS_INVITATIONS_ENABLED True Enable invitations ASTAKOS_COOKIE_NAME _pithos2_a ``Key`` parameter passed in ``django.http.HttpResponse.set_cookie`` ASTAKOS_COOKIE_DOMAIN None ``Domain`` parameter passed in ``django.http.HttpResponse.set_cookie`` ASTAKOS_COOKIE_SECURE True ``Secure`` parameter passed in ``django.http.HttpResponse.set_cookie`` ASTAKOS_IM_STATIC_URL /static/im/ URL to use when referring to static files ASTAKOS_MODERATION_ENABLED True If False and invitations are not enabled newly created user will be automatically accepted ASTAKOS_BASEURL \http://pithos.dev.grnet.gr Astakos baseurl ASTAKOS_SITENAME GRNET Cloud Service name that appears in emails ASTAKOS_RECAPTCHA_PUBLIC_KEY Recaptcha public key obtained after registration here: http://recaptcha.net ASTAKOS_RECAPTCHA_PRIVATE_KEY Recaptcha private key obtained after registration here: http://recaptcha.net ASTAKOS_RECAPTCHA_OPTIONS {'theme': 'custom', 'custom_theme_widget': 'okeanos_recaptcha'} Options for customizing reCAPTCHA look and feel ASTAKOS_RECAPTCHA_USE_SSL True ASTAKOS_RECAPTCHA_ENABLED False Enable recaptcha (see: http://code.google.com/intl/el-GR/apis/recaptcha/docs/customization.html) ASTAKOS_BILLING_FIELDS ['is_active'] AstakosUser fields to propagate in the billing system ASTAKOS_QUEUE_CONNECTION The queue connection ex. 'rabbitmq://guest:guest@localhost:5672/astakos' ASTAKOS_LOGOUT_NEXT Where the user should be redirected after logout (if not set and no next parameter is defined it renders login page with message) (if it is not set, it does not send messages) ASTAKOS_RE_USER_EMAIL_PATTERNS [] Email patterns that are automatically activated ex. ['^[a-zA-Z0-9\._-]+@grnet\.gr$'] ASTAKOS_LOGIN_MESSAGES [] Notification messages to display on login page header e.g. {'warning': 'Warning message (can contain html)'} ASTAKOS_SIGNUP_MESSAGES [] Notification messages to display on signup page header e.g. {'warning': 'Warning message (can contain html)'} ASTAKOS_PROFILE_MESSAGES [] Notification messages to display on profile page header e.g. {'warning': 'Warning message (can contain html)'} ASTAKOS_GLOBAL_MESSAGES [] Notification messages to display on every page header e.g. {'warning': 'Warning message (can contain html)'} ASTAKOS_PROFILE_EXTRA_LINKS {} Messages to display as extra actions in account forms e.g. {'https://cms.okeanos.grnet.gr/': 'Back to ~okeanos'} ASTAKOS_RATELIMIT_RETRIES_ALLOWED 3 Number of unsuccessful login requests per minute allowed for a specific account. When this number exceeds and ASTAKOS_RECAPTCHA_ENABLED is set the user has to solve a captcha challenge. ASTAKOS_EMAILCHANGE_ENABLED False Enable email change mechanism ASTAKOS_EMAILCHANGE_ACTIVATION_DAYS 10 Number of days that email change requests remain active ASTAKOS_LOGGING_LEVEL INFO Message logging severity ASTAKOS_INVITATION_EMAIL_SUBJECT 'Invitation to %s alpha2 testing' % SITENAME Invitation email subject ASTAKOS_GREETING_EMAIL_SUBJECT 'Welcome to %s alpha2 testing' % SITENAME Welcome email subject ASTAKOS_FEEDBACK_EMAIL_SUBJECT 'Feedback from %s alpha2 testing' % SITENAME Feedback email subject ASTAKOS_VERIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activation is needed' % SITENAME Account activation email subject ASTAKOS_ACCOUNT_CREATION_SUBJECT '%s alpha2 testing account created (%%(user)s)' % SITENAME Account creation email subject ASTAKOS_GROUP_CREATION_SUBJECT '%s alpha2 testing group created (%%(group)s)' % SITENAME Group creation email subject ASTAKOS_HELPDESK_NOTIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activated (%%(user)s)' % SITENAME Account activation helpdesk notification email subject ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJECT 'Email change on %s alpha2 testing' % SITENAME Email change subject ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT 'Password reset on %s alpha2 testing' % SITENAME Password change email subject ASTAKOS_PROJECT_CREATION_SUBJECT '%s alpha2 testing project application created (%%(name)s)' % SITENAME Project application creation subject ASTAKOS_PROJECT_APPROVED_SUBJECT '%s alpha2 testing project application approved (%%(name)s)' % SITENAME Project application approval subject ASTAKOS_PROJECT_TERMINATION_SUBJECT '%s alpha2 testing project terminated (%%(name)s)' % SITENAME Project termination subject ASTAKOS_PROJECT_SUSPENSION_SUBJECT '%s alpha2 testing project suspended (%%(name)s)' % SITENAME Project suspension subject ASTAKOS_PROJECT_MEMBERSHIP_CHANGE_SUBJECT '%s alpha2 testing project membership changed (%%(name)s)' % SITENAME Project membership change subject ASTAKOS_QUOTAHOLDER_URL '' The quotaholder URI e.g. ``http://localhost:8080/api/quotaholder/v`` ASTAKOS_QUOTAHOLDER_TOKEN '' The secret token for accessing the quotaholder URI ASTAKOS_SERVICES {'cyclades': {'resources': [{'desc': 'Number of virtual machines', Default cloud service information 'group': 'compute', 'name': 'vm', 'uplimit': 2}, {'desc': 'Virtual machine disk size', 'group': 'compute', 'name': 'diskspace', 'unit': 'GB', 'uplimit': 5}, {'desc': 'Number of virtual machine processors', 'group': 'compute', 'name': 'cpu', 'uplimit': 1}, {'desc': 'Virtual machines', 'group': 'compute', 'name': 'ram', 'unit': 'MB', 'uplimit': 1024}], 'url': 'https://node1.example.com/ui/'}, 'pithos+': {'resources': [{'desc': 'Pithos account diskspace', 'group': 'storage', 'name': 'diskspace', 'unit': 'bytes', 'uplimit': 5368709120}], 'url': 'https://node2.example.com/ui/'}} ASTAKOS_PAGINATE_BY 8 Number of object to be displayed per page ASTAKOS_PAGINATE_BY_ALL 15 Number of object to be displayed per pagein show all projects page ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN True Enforce token renewal on password change/reset. If set to False, user can optionally decide whether to renew the token or not. ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION True Permit local account migration to third party account ASTAKOS_RESOURCES_PRESENTATION_DATA {} Customizes resource presentation ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION True Permits local account migration ASTAKOS_SHIBBOLETH_REQUIRE_NAME_INFO False Strict shibboleth usage ASTAKOS_PROJECT_MEMBER_JOIN_POLICIES {'1':'automatically accepted', '2':'owner accepts', '3':'closed'} Text to be displayed in project member join policy dropdown ASTAKOS_PROJECT_MEMBER_LEAVE_POLICIES {'1':'automatically accepted', '2':'owner accepts', '3':'closed'} Text to be displayed in project member leave policy dropdown ASTAKOS_ACTIVATION_REDIRECT_URL "/im/landing" ASTAKOS_TRANSLATE_UUIDS False If true, this enables a ui compatibility layer for the introduction of UUIDs in identity management. WARNING: Setting to True will break your installation. ASTAKOS_PROJECT_ADMINS set() Users to approve/deny project applications ASTAKOS_TWITTER_TOKEN '' Oauth2 twitter token ASTAKOS_TWITTER_SECRET '' Oauth2 twitter secret ASTAKOS_TWITTER_AUTH_FORCE_LOGIN Fals ASTAKOS_GOOGLE_CLIENT_ID '' Oauth2 google client id ASTAKOS_GOOGLE_SECRET '' Oauth2 google secret ASTAKOS_LINKEDIN_TOKEN '' Oauth2 LinkedIn token ASTAKOS_LINKEDIN_SECRET '' Oauth2 LinkedIn secret =========================================== ============================================================================= =========================================================================================== Administrator functions ----------------------- Available as extensions to Django's command-line management utility: ============================ =========================== Name Description ============================ =========================== fix-superusers Transform superusers created by syncdb into AstakosUser instances full-cleanup Cleanup sessions and session catalog invitation-list List invitation invitation-show Show invitation details project-control Manage projects and applications project-list List projects project-show Show project details quota List and check the integrity of user quota reconcile-resources-astakos Reconcile resource usage of Quotaholder with Astakos DB resource-add Add resource resource-export-astakos Export astakos resources in json format resource-import Import resources resource-list List resources resource-modify Modify resources resource-remove Remove resource service-add Add service service-list List services service-modify Modify service service-remove Remove service term-add Add approval terms user-activation-send Send user activation user-add Add user user-auth-policy-add Create a new authentication provider policy profile user-auth-policy-list List existing authentication provider policy profiles user-auth-policy-remove Remove an authentication provider policy user-auth-policy-set Assign an existing authentication provider policy profile to a user or group user-auth-policy-show Show authentication provider profile details user-group-add Create a group with the given name user-group-list List available groups user-invite Invite somebody user-list List users user-modify Modify user user-show Show user details ============================ ===========================