root / snf-astakos-app / README @ ee4aa6eb
History | View | Annotate | Download (14.7 kB)
| 1 |
README |
|---|---|
| 2 |
====== |
| 3 |
|
| 4 |
Astakos is an identity management service, built by GRNET using Django (https://www.djangoproject.com/). |
| 5 |
Learn more about Astakos at: http://code.grnet.gr/projects/astakos |
| 6 |
|
| 7 |
Consult COPYRIGHT for licensing information. |
| 8 |
|
| 9 |
About Astakos application |
| 10 |
------------------------- |
| 11 |
|
| 12 |
This package contains the Django application that implements all identity management functions. |
| 13 |
|
| 14 |
How to run |
| 15 |
---------- |
| 16 |
|
| 17 |
Use snf-webproject to run Astakos automatically. |
| 18 |
|
| 19 |
To use Astakos in a custom Django project, add ``astakos.im`` to ``INSTALLED_APPS``. Astakos requires South (http://south.aeracode.org/). |
| 20 |
|
| 21 |
Also, add the following to your ``settings.py``:: |
| 22 |
|
| 23 |
TEMPLATE_CONTEXT_PROCESSORS = ( |
| 24 |
... |
| 25 |
'astakos.im.context_processors.cloudbar', |
| 26 |
'astakos.im.context_processors.im_modules', |
| 27 |
'astakos.im.context_processors.next', |
| 28 |
'astakos.im.context_processors.code', |
| 29 |
'astakos.im.context_processors.invitations') |
| 30 |
|
| 31 |
AUTHENTICATION_BACKENDS = ('astakos.im.auth_backends.EmailBackend',
|
| 32 |
'astakos.im.auth_backends.TokenBackend') |
| 33 |
|
| 34 |
CUSTOM_USER_MODEL = 'astakos.im.AstakosUser' |
| 35 |
|
| 36 |
LOGIN_URL = '/im' |
| 37 |
|
| 38 |
Settings |
| 39 |
-------- |
| 40 |
|
| 41 |
Configure in ``settings.py`` or a ``.conf`` file in ``/etc/synnefo`` if using snf-webproject. |
| 42 |
|
| 43 |
=========================================== ============================================================================= =========================================================================================== |
| 44 |
Name Default value Description |
| 45 |
=========================================== ============================================================================= =========================================================================================== |
| 46 |
ASTAKOS_AUTH_TOKEN_DURATION one month Expiration time of newly created auth tokens |
| 47 |
ASTAKOS_DEFAULT_USER_LEVEL 4 Default (not-invited) user level |
| 48 |
ASTAKOS_INVITATIONS_PER_LEVEL {0:100, 1:2, 2:0, 3:0, 4:0} Number of user invitations per user level
|
| 49 |
ASTAKOS_DEFAULT_FROM_EMAIL GRNET Cloud <no-reply\@grnet.gr> ``from`` parameter passed in ``django.core.mail.send_mail`` |
| 50 |
ASTAKOS_DEFAULT_CONTACT_EMAIL support\@cloud.grnet.gr Contact email |
| 51 |
ASTAKOS_DEFAULT_ADMIN_EMAIL support\@cloud.grnet.gr Administrator email to receive user creation notifications (if None disables notifications) |
| 52 |
ASTAKOS_IM_MODULES ['local', 'shibboleth'] Signup modules |
| 53 |
ASTAKOS_FORCE_PROFILE_UPDATE True Force user profile verification |
| 54 |
ASTAKOS_INVITATIONS_ENABLED True Enable invitations |
| 55 |
ASTAKOS_COOKIE_NAME _pithos2_a ``Key`` parameter passed in ``django.http.HttpResponse.set_cookie`` |
| 56 |
ASTAKOS_COOKIE_DOMAIN None ``Domain`` parameter passed in ``django.http.HttpResponse.set_cookie`` |
| 57 |
ASTAKOS_COOKIE_SECURE True ``Secure`` parameter passed in ``django.http.HttpResponse.set_cookie`` |
| 58 |
ASTAKOS_IM_STATIC_URL /static/im/ URL to use when referring to static files |
| 59 |
ASTAKOS_MODERATION_ENABLED True If False and invitations are not enabled newly created user will be automatically accepted |
| 60 |
ASTAKOS_BASEURL \http://pithos.dev.grnet.gr Astakos baseurl |
| 61 |
ASTAKOS_SITENAME GRNET Cloud Service name that appears in emails |
| 62 |
ASTAKOS_RECAPTCHA_ENABLED True Enable recaptcha |
| 63 |
ASTAKOS_RECAPTCHA_PUBLIC_KEY Recaptcha public key obtained after registration here: http://recaptcha.net |
| 64 |
ASTAKOS_RECAPTCHA_PRIVATE_KEY Recaptcha private key obtained after registration here: http://recaptcha.net |
| 65 |
ASTAKOS_RECAPTCHA_OPTIONS {'theme': 'white'} Options for customizing reCAPTCHA look and feel
|
| 66 |
(see: http://code.google.com/intl/el-GR/apis/recaptcha/docs/customization.html) |
| 67 |
ASTAKOS_LOGOUT_NEXT Where the user should be redirected after logout |
| 68 |
(if not set and no next parameter is defined it renders login page with message) |
| 69 |
ASTAKOS_BILLING_FIELDS ['id', 'is_active', 'provider', 'third_party_identifier'] AstakosUser fields to propagate in the billing system |
| 70 |
ASTAKOS_QUEUE_CONNECTION The queue connection ex. 'rabbitmq://guest:guest@localhost:5672/astakos' |
| 71 |
(if it is not set, it does not send messages) |
| 72 |
ASTAKOS_RE_USER_EMAIL_PATTERNS [] Email patterns that are automatically activated ex. ['^[a-zA-Z0-9\._-]+@grnet\.gr$'] |
| 73 |
|
| 74 |
ASTAKOS_LOGIN_MESSAGES {} Notification messages to display on login page header
|
| 75 |
e.g. {'warning': 'Warning message (can contain html)'}
|
| 76 |
ASTAKOS_PROFILE_EXTRA_LINKS {} Messages to display as extra actions in account forms
|
| 77 |
e.g. {'https://cms.okeanos.grnet.gr/': 'Back to ~okeanos'}
|
| 78 |
ASTAKOS_RATELIMIT_RETRIES_ALLOWED 3 Number of unsuccessful login requests per minute allowed for a specific account. |
| 79 |
When this number exceeds and ASTAKOS_RECAPTCHA_ENABLED is set the user has to solve a |
| 80 |
captcha challenge. |
| 81 |
ASTAKOS_EMAILCHANGE_ENABLED False Enable email change mechanism |
| 82 |
ASTAKOS_EMAILCHANGE_ACTIVATION_DAYS 10 Number of days that email change requests remain active |
| 83 |
ASTAKOS_LOGGING_LEVEL INFO Message logging severity |
| 84 |
ASTAKOS_INVITATION_EMAIL_SUBJECT 'Invitation to %s alpha2 testing' % SITENAME Invitation email subject |
| 85 |
ASTAKOS_GREETING_EMAIL_SUBJECT 'Welcome to %s alpha2 testing' % SITENAME Welcome email subject |
| 86 |
ASTAKOS_FEEDBACK_EMAIL_SUBJECT 'Feedback from %s alpha2 testing' % SITENAME Feedback email subject |
| 87 |
ASTAKOS_VERIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activation is needed' % SITENAME Account activation email subject |
| 88 |
ASTAKOS_ACCOUNT_CREATION_SUBJECT '%s alpha2 testing account created (%%(user)s)' % SITENAME Account creation email subject |
| 89 |
ASTAKOS_GROUP_CREATION_SUBJECT '%s alpha2 testing group created (%%(group)s)' % SITENAME Group creation email subject |
| 90 |
ASTAKOS_HELPDESK_NOTIFICATION_EMAIL_SUBJECT '%s alpha2 testing account activated (%%(user)s)' % SITENAME Account activation helpdesk notification email subject |
| 91 |
ASTAKOS_EMAIL_CHANGE_EMAIL_SUBJECT 'Email change on %s alpha2 testing' % SITENAME Email change subject |
| 92 |
ASTAKOS_PASSWORD_RESET_EMAIL_SUBJECT 'Password reset on %s alpha2 testing' % SITENAME Password change email subject |
| 93 |
ASTAKOS_PROJECT_CREATION_SUBJECT '%s alpha2 testing project application created (%%(name)s)' % SITENAME Project application creation subject |
| 94 |
ASTAKOS_PROJECT_APPROVED_SUBJECT '%s alpha2 testing project application approved (%%(name)s)' % SITENAME Project application approval subject |
| 95 |
ASTAKOS_PROJECT_TERMINATION_SUBJECT '%s alpha2 testing project terminated (%%(name)s)' % SITENAME Project termination subject |
| 96 |
ASTAKOS_PROJECT_SUSPENSION_SUBJECT '%s alpha2 testing project suspended (%%(name)s)' % SITENAME Project suspension subject |
| 97 |
ASTAKOS_PROJECT_MEMBERSHIP_CHANGE_SUBJECT '%s alpha2 testing project membership changed (%%(name)s)' % SITENAME Project membership change subject |
| 98 |
|
| 99 |
ASTAKOS_QUOTAHOLDER_URL '' The quotaholder URI |
| 100 |
e.g. ``http://localhost:8080/api/quotaholder/v`` |
| 101 |
ASTAKOS_QUOTAHOLDER_TOKEN '' The secret token for accessing the quotaholder URI |
| 102 |
|
| 103 |
ASTAKOS_SERVICES {'cyclades': {'resources': [{'desc': 'Number of virtual machines', Default cloud service information
|
| 104 |
'group': 'compute', |
| 105 |
'name': 'vm', |
| 106 |
'uplimit': 2}, |
| 107 |
{'desc': 'Virtual machine disk size',
|
| 108 |
'group': 'compute', |
| 109 |
'name': 'diskspace', |
| 110 |
'unit': 'GB', |
| 111 |
'uplimit': 5}, |
| 112 |
{'desc': 'Number of virtual machine processors',
|
| 113 |
'group': 'compute', |
| 114 |
'name': 'cpu', |
| 115 |
'uplimit': 1}, |
| 116 |
{'desc': 'Virtual machines',
|
| 117 |
'group': 'compute', |
| 118 |
'name': 'ram', |
| 119 |
'unit': 'MB', |
| 120 |
'uplimit': 1024}], |
| 121 |
'url': 'https://node1.example.com/ui/'}, |
| 122 |
'pithos+': {'resources': [{'desc': 'Pithos account diskspace',
|
| 123 |
'group': 'storage', |
| 124 |
'name': 'diskspace', |
| 125 |
'unit': 'bytes', |
| 126 |
'uplimit': 5368709120}], |
| 127 |
'url': 'https://node2.example.com/ui/'}} |
| 128 |
ASTAKOS_AQUARIUM_URL '' The billing (aquarium) URI |
| 129 |
e.g. ``http://localhost:8888/user`` |
| 130 |
ASTAKOS_PAGINATE_BY 10 Number of object to be displayed per page |
| 131 |
|
| 132 |
ASTAKOS_NEWPASSWD_INVALIDATE_TOKEN True Enforce token renewal on password change/reset. If set to False, user can optionally decide |
| 133 |
whether to renew the token or not. |
| 134 |
ASTAKOS_ENABLE_LOCAL_ACCOUNT_MIGRATION True Permit local account migration to third party account |
| 135 |
=========================================== ============================================================================= =========================================================================================== |
| 136 |
|
| 137 |
Administrator functions |
| 138 |
----------------------- |
| 139 |
|
| 140 |
Available as extensions to Django's command-line management utility: |
| 141 |
|
| 142 |
=============== =========================== |
| 143 |
Name Description |
| 144 |
=============== =========================== |
| 145 |
addgroup Add new group |
| 146 |
addterms Add new approval terms |
| 147 |
createuser Create a user |
| 148 |
inviteuser Invite a user |
| 149 |
listgroups List groups |
| 150 |
listinvitations List invitations |
| 151 |
listusers List users |
| 152 |
modifyuser Modify a user's attributes |
| 153 |
sendactivation Send activation email |
| 154 |
showinvitation Show invitation info |
| 155 |
showuser Show user info |
| 156 |
=============== =========================== |
| 157 |
|
| 158 |
To update user credibility from the billing system (Aquarium), enable the queue, install snf-pithos-tools and use ``pithos-dispatcher``:: |
| 159 |
|
| 160 |
pithos-dispatcher --exchange=aquarium --callback=astakos.im.endpoints.aquarium.consumer.on_creditevent |