Statistics
| Branch: | Tag: | Revision:

root / snf-astakos-app / README @ e336910f

History | View | Annotate | Download (18.8 kB)

1
README
2
======
3

    
4
Astakos is an identity management service, built by GRNET using Django (https://www.djangoproject.com/).
5
Learn more about Astakos at: http://code.grnet.gr/projects/astakos
6

    
7
Consult COPYRIGHT for licensing information.
8

    
9
About Astakos application
10
-------------------------
11

    
12
This package contains the Django application that implements all identity management functions.
13

    
14
How to run
15
----------
16

    
17
Use snf-webproject to run Astakos automatically.
18

    
19
To use Astakos in a custom Django project, add ``astakos.im`` to ``INSTALLED_APPS``. Astakos requires South (http://south.aeracode.org/).
20

    
21
Also, add the following to your ``settings.py``::
22

    
23
    TEMPLATE_CONTEXT_PROCESSORS = (
24
        ...
25
        'astakos.im.context_processors.cloudbar',
26
        'astakos.im.context_processors.im_modules',
27
        'astakos.im.context_processors.next',
28
        'astakos.im.context_processors.code',
29
        'astakos.im.context_processors.invitations')
30
    
31
    AUTHENTICATION_BACKENDS = ('astakos.im.auth_backends.EmailBackend',
32
                               'astakos.im.auth_backends.TokenBackend')
33
    
34
    CUSTOM_USER_MODEL = 'astakos.im.AstakosUser'
35
    
36
    LOGIN_URL = '/im'
37

    
38
Settings
39
--------
40

    
41
Configure in ``settings.py`` or a ``.conf`` file in ``/etc/synnefo`` if using snf-webproject.
42

    
43
=========================================== =============================================================================   ===========================================================================================
44
Name                                        Default value                                                                   Description
45
=========================================== =============================================================================   ===========================================================================================
46
ASTAKOS_AUTH_TOKEN_DURATION                 one month                                                                       Expiration time of newly created auth tokens
47
ASTAKOS_DEFAULT_USER_LEVEL                  4                                                                               Default (not-invited) user level
48
ASTAKOS_INVITATIONS_PER_LEVEL               {0:100, 1:2, 2:0, 3:0, 4:0}                                                     Number of user invitations per user level
49
ASTAKOS_DEFAULT_FROM_EMAIL                  GRNET Cloud <no-reply\@grnet.gr>                                                ``from`` parameter passed in ``django.core.mail.send_mail``
50
ASTAKOS_DEFAULT_CONTACT_EMAIL               support\@cloud.grnet.gr                                                         Contact email
51
SERVER_EMAIL                                None
52
ADMINS                                      None
53
ASTAKOS_IM_MODULES                          ['local']                                                                       Signup modules
54
ASTAKOS_FORCE_PROFILE_UPDATE                True                                                                            Force user profile verification
55
ASTAKOS_INVITATIONS_ENABLED                 True                                                                            Enable invitations
56
ASTAKOS_COOKIE_NAME                         _pithos2_a                                                                      ``Key`` parameter passed in ``django.http.HttpResponse.set_cookie``
57
ASTAKOS_COOKIE_DOMAIN                       None                                                                            ``Domain`` parameter passed in ``django.http.HttpResponse.set_cookie``
58
ASTAKOS_COOKIE_SECURE                       True                                                                            ``Secure`` parameter passed in ``django.http.HttpResponse.set_cookie``
59
ASTAKOS_IM_STATIC_URL                       /static/im/                                                                     URL to use when referring to static files
60
ASTAKOS_MODERATION_ENABLED                  True                                                                            If False and invitations are not enabled newly created user will be automatically accepted
61
ASTAKOS_BASEURL                             \http://pithos.dev.grnet.gr                                                     Astakos baseurl
62
ASTAKOS_SITENAME                            GRNET Cloud                                                                     Service name that appears in emails
63
ASTAKOS_RECAPTCHA_PUBLIC_KEY                                                                                                Recaptcha public key obtained after registration here: http://recaptcha.net
64
ASTAKOS_RECAPTCHA_PRIVATE_KEY                                                                                               Recaptcha private key obtained after registration here: http://recaptcha.net
65
ASTAKOS_RECAPTCHA_OPTIONS                   {'theme': 'custom', 'custom_theme_widget': 'okeanos_recaptcha'}                 Options for customizing reCAPTCHA look and feel
66
ASTAKOS_RECAPTCHA_USE_SSL                   True
67
ASTAKOS_RECAPTCHA_ENABLED                   False                                                                           Enable recaptcha
68
                                                                                                                            (see: http://code.google.com/intl/el-GR/apis/recaptcha/docs/customization.html)
69
ASTAKOS_BILLING_FIELDS                      ['is_active']                                                                   AstakosUser fields to propagate in the billing system
70
ASTAKOS_QUEUE_CONNECTION                                                                                                    The queue connection ex. 'rabbitmq://guest:guest@localhost:5672/astakos'
71
ASTAKOS_LOGOUT_NEXT                                                                                                         Where the user should be redirected after logout
72
                                                                                                                            (if not set and no next parameter is defined it renders login page with message)
73
                                                                                                                            (if it is not set, it does not send messages)
74
ASTAKOS_RE_USER_EMAIL_PATTERNS              []                                                                              Email patterns that are automatically activated ex. ['^[a-zA-Z0-9\._-]+@grnet\.gr$']
75

    
76
ASTAKOS_LOGIN_MESSAGES                      []                                                                              Notification messages to display on login page header
77
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
78
ASTAKOS_SIGNUP_MESSAGES                     []                                                                              Notification messages to display on signup page header
79
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
80
ASTAKOS_PROFILE_MESSAGES                    []                                                                              Notification messages to display on profile page header
81
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
82
ASTAKOS_GLOBAL_MESSAGES                     []                                                                              Notification messages to display on every page header
83
                                                                                                                            e.g. {'warning': 'Warning message (can contain html)'}
84
ASTAKOS_PROFILE_EXTRA_LINKS                 {}                                                                              Messages to display as extra actions in account forms
85
                                                                                                                            e.g. {'https://cms.okeanos.grnet.gr/': 'Back to ~okeanos'}
86
ASTAKOS_RATELIMIT_RETRIES_ALLOWED           3                                                                               Number of unsuccessful login requests per minute allowed for a specific account.
87
                                                                                                                            When this number exceeds and ASTAKOS_RECAPTCHA_ENABLED is set the user has to solve a
88
                                                                                                                            captcha challenge.
89
ASTAKOS_EMAILCHANGE_ENABLED                 False                                                                           Enable email change mechanism
90
ASTAKOS_EMAILCHANGE_ACTIVATION_DAYS         10                                                                              Number of days that email change requests remain active
91
ASTAKOS_LOGGING_LEVEL                       INFO                                                                            Message logging severity
92
ASTAKOS_INVITATION_EMAIL_SUBJECT            'Invitation to %s alpha2 testing' % SITENAME                                    Invitation email subject
93
ASTAKOS_GREETING_EMAIL_SUBJECT              'Welcome to %s alpha2 testing' % SITENAME                                       Welcome email subject
94
ASTAKOS_FEEDBACK_EMAIL_SUBJECT              'Feedback from %s alpha2 testing' % SITENAME                                    Feedback email subject
95
ASTAKOS_VERIFICATION_EMAIL_SUBJECT          '%s alpha2 testing account activation is needed' % SITENAME                     Account activation email subject
96
ASTAKOS_ACCOUNT_CREATION_SUBJECT            '%s alpha2 testing account created (%%(user)s)' % SITENAME                      Account creation email subject
97
ASTAKOS_GROUP_CREATION_SUBJECT              '%s alpha2 testing group created (%%(group)s)' % SITENAME                       Group creation email subject
98
ASTAKOS_HELPDESK_NOTIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activated (%%(user)s)' % SITENAME                    Account activation helpdesk notification email subject
99
ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJECT          'Email change on %s alpha2 testing' % SITENAME                                  Email change subject               
100
ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT        'Password reset on %s alpha2 testing' % SITENAME                                Password change email subject
101
ASTAKOS_PROJECT_CREATION_SUBJECT            '%s alpha2 testing project application created (%%(name)s)' % SITENAME          Project application creation subject
102
ASTAKOS_PROJECT_APPROVED_SUBJECT            '%s alpha2 testing project application approved (%%(name)s)' % SITENAME         Project application approval subject
103
ASTAKOS_PROJECT_TERMINATION_SUBJECT         '%s alpha2 testing project terminated (%%(name)s)' % SITENAME                   Project termination subject
104
ASTAKOS_PROJECT_SUSPENSION_SUBJECT          '%s alpha2 testing project suspended (%%(name)s)' % SITENAME                    Project suspension subject
105
ASTAKOS_PROJECT_MEMBERSHIP_CHANGE_SUBJECT   '%s alpha2 testing project membership changed (%%(name)s)' % SITENAME           Project membership change subject
106

    
107
ASTAKOS_QUOTAHOLDER_URL                     ''                                                                              The quotaholder URI
108
                                                                                                                            e.g. ``http://localhost:8080/api/quotaholder/v``
109
ASTAKOS_QUOTAHOLDER_TOKEN                   ''                                                                              The secret token for accessing the quotaholder URI
110

    
111
ASTAKOS_SERVICES                            {'cyclades': {'resources': [{'desc': 'Number of virtual machines',              Default cloud service information
112
                                            'group': 'compute',
113
                                            'name': 'vm',
114
                                            'uplimit': 2},
115
                                            {'desc': 'Virtual machine disk size',
116
                                            'group': 'compute',
117
                                            'name': 'diskspace',
118
                                            'unit': 'GB',
119
                                            'uplimit': 5},
120
                                            {'desc': 'Number of virtual machine processors',
121
                                            'group': 'compute',
122
                                            'name': 'cpu',
123
                                            'uplimit': 1},
124
                                            {'desc': 'Virtual machines',
125
                                            'group': 'compute',
126
                                            'name': 'ram',
127
                                            'unit': 'MB',
128
                                            'uplimit': 1024}],
129
                                            'url': 'https://node1.example.com/ui/'},
130
                                            'pithos+': {'resources': [{'desc': 'Pithos account diskspace',
131
                                            'group': 'storage',
132
                                            'name': 'diskspace',
133
                                            'unit': 'bytes',
134
                                            'uplimit': 5368709120}],
135
                                            'url': 'https://node2.example.com/ui/'}}
136
ASTAKOS_PAGINATE_BY                         8                                                                               Number of object to be displayed per page
137
ASTAKOS_PAGINATE_BY_ALL                     15                                                                              Number of object to be displayed per pagein show all projects page
138

    
139
ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN          True                                                                            Enforce token renewal on password change/reset. If set to False, user can optionally decide
140
                                                                                                                            whether to renew the token or not.
141
ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION      True                                                                            Permit local account migration to third party account
142
ASTAKOS_RESOURCES_PRESENTATION_DATA         {}                                                                              Customizes resource presentation
143
ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION      True                                                                            Permits local account migration
144
ASTAKOS_SHIBBOLETH_REQUIRE_NAME_INFO        False                                                                           Strict shibboleth usage
145
ASTAKOS_ACTIVATION_REDIRECT_URL             "/im/landing"
146
ASTAKOS_TRANSLATE_UUIDS                     False                                                                           If true, this enables a ui compatibility layer for the introduction of UUIDs in identity management.
147
                                                                                                                            WARNING: Setting to True will break your installation.
148
ASTAKOS_PROJECT_ADMINS                      set()                                                                           Users to approve/deny project applications
149
ASTAKOS_TWITTER_TOKEN                       ''                                                                              Oauth2 twitter token
150
ASTAKOS_TWITTER_SECRET                      ''                                                                              Oauth2 twitter secret
151
ASTAKOS_TWITTER_AUTH_FORCE_LOGIN            Fals
152
ASTAKOS_GOOGLE_CLIENT_ID                    ''                                                                              Oauth2 google client id
153
ASTAKOS_GOOGLE_SECRET                       ''                                                                              Oauth2 google secret
154
ASTAKOS_LINKEDIN_TOKEN                      ''                                                                              Oauth2 LinkedIn token
155
ASTAKOS_LINKEDIN_SECRET                     ''                                                                              Oauth2 LinkedIn secret
156
=========================================== =============================================================================   ===========================================================================================
157

    
158
Administrator functions
159
-----------------------
160

    
161
Available as extensions to Django's command-line management utility:
162

    
163
============================  ===========================
164
Name                          Description
165
============================  ===========================
166
fix-superusers                Transform superusers created by syncdb into AstakosUser instances
167
full-cleanup                  Cleanup sessions and session catalog
168
invitation-list               List invitation
169
invitation-show               Show invitation details
170
project-control               Manage projects and applications
171
project-list                  List projects
172
project-show                  Show project details
173
quota                         List and check the integrity of user quota
174
reconcile-resources-astakos   Reconcile resource usage of Quotaholder with Astakos DB
175
resource-add                  Add resource
176
resource-export-astakos       Export astakos resources in json format
177
resource-import               Import resources
178
resource-list                 List resources
179
resource-modify               Modify resources
180
resource-remove               Remove resource
181
service-add                   Add service
182
service-list                  List services
183
service-modify                Modify service
184
service-remove                Remove service
185
term-add                      Add approval terms
186
user-activation-send          Send user activation
187
user-add                      Add user
188
user-auth-policy-add          Create a new authentication provider policy profile
189
user-auth-policy-list         List existing authentication provider policy profiles
190
user-auth-policy-remove       Remove an authentication provider policy
191
user-auth-policy-set          Assign an existing authentication provider policy profile to a user or group
192
user-auth-policy-show         Show authentication provider profile details
193
user-group-add                Create a group with the given name
194
user-group-list               List available groups
195
user-invite                   Invite somebody
196
user-list                     List users
197
user-modify                   Modify user
198
user-show                     Show user details
199
============================  ===========================