Endian banner

endian.authentication.providers package

Submodules

endian.authentication.providers.allow module

class AllowAuthProvider(**argv)

Bases: endian.authentication.providers.commons.AuthProvider

authenticate(username, password, scope, password_already_verified=False, **argv)
can_authenticate = False
can_get_user = False
can_list_users = False
id = 'allow'
name = 'Always allow (Allow any user/password combination)'

endian.authentication.providers.apache module

class ApacheAuthProvider(**argv)

Bases: endian.authentication.providers.commons.AuthProvider

authenticate(username, password, scope, password_already_verified=False, **argv)
can_authenticate = True
can_get_user = True
can_list_users = True
get_user(username, scope, retrieve_attributes='*', **argv)
id = 'apache'
list_users(scope, retrieve_attributes=['name'], **argv)
name = 'Apache mod_auth'

endian.authentication.providers.commons module

exception GroupNotFoundError(message='Group not found')

Bases: endian.emi.acl.AuthException

exception GroupNotEnableddError(message='Group not enabled')

Bases: endian.emi.acl.AuthException

class AuthProvider(**argv)

Bases: object

authenticate(username, password, scope, password_already_verified=False, **argv)

Overwrite this function to authenticate a user. E.g. raise UserNotFoundError, InvalidPasswordError or UserNotEnableddError exceptions if authentication fails.

Parameters:
  • username (str) – name of the user
  • password (str) – password of the user
  • scope (str) – name of the scope which is used for authentication
  • password_already_verified (bool) – do we need to verify the password again
Return type:

dict

can_authenticate = False
can_create_group = False
can_create_user = False
can_delete_group = False
can_delete_user = False
can_get_group = False
can_get_user = False
can_list_groups = False
can_list_users = False
can_sync_groups = False
can_sync_users = False
can_update_group = False
can_update_user = False
create_group(groupname, scope, args=None)

Overwrite this function to create a new group.

Parameters:
  • groupname (str) – name of the group
  • scope (str) – name of the scope
Return type:

dict

create_user(username, scope, password=None, args=None)

Overwrite this function to create a new user.

Parameters:
  • username (str) – name of the user
  • scope (str) – name of the scope
  • password (str) – password of the user
Return type:

dict

delete_group(groupname, scope)

Overwrite this function to delete an existing group.

Parameters:
  • groupname (str) – name of the group
  • scope (str) – name of the scope
Return type:

dict

delete_user(username, scope)

Overwrite this function to delete an existing user.

Parameters:
  • username (str) – name of the user
  • scope (str) – name of the scope
Return type:

dict

enabled_for_vpn = False
get_group(groupname, scope, retrieve_attributes='*', **argv)

Overwrite this function to get info of a group by name and scope.

Parameters:
  • groupname (str) – name of the group
  • scope (str) – name of the scope to search within
  • retrieve_attributes (string or list of strings) – return this attributes in the dict
Return type:

dict

get_user(username, scope, retrieve_attributes='*', **argv)

Overwrite this function to get info of a user by name and scope.

Parameters:
  • username (str) – name of the user
  • scope (str) – name of the scope to search within
  • retrieve_attributes (string or list of strings) – return this attributes in the dict
Return type:

dict

id = None
list_groups(scope, retrieve_attributes=['name'], **argv)

Overwrite this function to return infos about all groups of this provider by scope.

Parameters:
  • groupname (str) – name of the group
  • scope (str) – group of the scope to search within
  • retrieve_attributes (string or list of strings) – return this attributes in the dict
Return type:

list of dicts

list_users(scope, retrieve_attributes=['name'], **argv)

Overwrite this function to return infos about all users of this provider.

Parameters:
  • username (str) – name of the user
  • scope (str) – name of the scope to search within
  • retrieve_attributes (string or list of strings) – return this attributes in the dict
Return type:

list of dicts

name = None
sync_groups(scope)

Sync groups from remote source e.g. LDAP Overwrite this function to sync groups from a remote source.

Parameters:scope (string) – a scope name or a string starting with the prefix ‘provider:’ followed by the name of a provider
sync_users(scope)

Sync users from remote source e.g. LDAP Overwrite this function to sync users from a remote source.

Parameters:scope (string) – a scope name or a string starting with the prefix ‘provider:’ followed by the name of a provider
update_group(groupname, scope, new_values)

Overwrite this function to update values of an existing group.

Parameters:
  • groupname (str) – name of the group
  • scope (str) – name of the scope
  • new_values (dict) – update this values
Return type:

dict

update_user(username, scope, new_values)

Overwrite this function to update values of an existing user.

Parameters:
  • username (str) – name of the user
  • scope (str) – name of the scope
  • new_values (dict) – update this values
Return type:

dict

exception AuthNotImplemented(message='Not implemented')

Bases: endian.emi.acl.AuthException

endian.authentication.providers.deny module

class DenyAuthProvider(**argv)

Bases: endian.authentication.providers.commons.AuthProvider

authenticate(username, password, scope, password_already_verified=False, **argv)
can_authenticate = False
can_get_user = False
can_list_users = False
id = 'deny'
name = 'Always deny (Deny any user/password combination)'

endian.authentication.providers.local module

class LocalAuthProvider(**argv)

Bases: endian.authentication.providers.commons.StorageAuthProvider

authenticate(username, password, scope, password_already_verified=False, **argv)
can_authenticate = True
can_create_group = True
can_create_user = True
can_delete_group = True
can_delete_user = True
can_get_group = True
can_get_user = True
can_list_groups = True
can_list_users = True
can_update_group = True
can_update_user = True
compare_password(user, password)
enabled_for_vpn = True
get_user(username, scope, retrieve_attributes='*', **argv)
id = 'local'
list_users(scope, retrieve_attributes=['name'], **argv)
name = 'Local'

endian.authentication.providers.pldap module

class LDAPAuthProvider(ldap_uri='', ldap_bind_dn='', ldap_bind_password='', ldap_preset='', ldap_user_basedn='', ldap_user_searchfilter='', ldap_user_uidattribute='', ldap_select_groups=False, ldap_user_groups=[], ldap_group_basedn='', ldap_group_searchfilter='', ldap_group_uidattribute='', ldap_group_memberattribute='', **argv)

Bases: endian.authentication.providers.commons.StorageAuthProvider, endian.authentication.utils.pldap.LDAPConnection

authenticate(username, password, scope, password_already_verified=False, **argv)
can_authenticate = True
can_create_group = False
can_create_user = False
can_delete_group = False
can_delete_user = False
can_get_group = True
can_get_user = True
can_list_groups = True
can_list_users = True
can_sync_groups = True
can_sync_users = True
can_update_group = False
can_update_user = False
enabled_for_vpn = True
get_user(username, scope, retrieve_attributes='*', **argv)
id = 'ldap'
list_groups(scope, retrieve_attributes=['name'], **argv)
list_users(scope, retrieve_attributes=['name'], **argv)
name = 'LDAP / Active Directory'
sync_groups(scope)
sync_users(scope)

endian.authentication.providers.proxy module

class ProxyAuthProvider(eal, **argv)

Bases: endian.authentication.providers.commons.AuthProvider

authenticate(username, password, scope, password_already_verified=False, called=None, **argv)
can_authenticate = True
can_get_user = True
can_list_users = True
get_user(username, scope, retrieve_attributes='*', **argv)
id = 'proxy'
list_users(scope, retrieve_attributes=['name'], **argv)
name = 'Proxy (Combined Provider)'
proxy_password_provider
proxy_user_provider

endian.authentication.providers.radius module

class RadiusAuthProvider(**argv)

Bases: endian.authentication.providers.commons.AuthProvider

authenticate(username, password, scope, password_already_verified=False, **argv)
can_authenticate = True
can_create_group = False
can_create_user = False
can_delete_group = False
can_delete_user = False
can_get_group = False
can_get_user = False
can_list_groups = False
can_list_users = False
can_update_group = False
can_update_user = False
enabled_for_vpn = True
id = 'radius'
name = 'RADIUS'

endian.authentication.providers.system module

class SystemAuthProvider(**argv)

Bases: endian.authentication.providers.commons.AuthProvider

authenticate(username, password, scope, password_already_verified=False, **argv)
can_authenticate = True
can_get_user = True
can_list_users = True
get_user(username, scope, retrieve_attributes='*', **argv)
id = 'system'
list_users(scope, retrieve_attributes=['name'], **argv)
name = 'System accounts'

Module contents

get_providers_classes()