def test_ACL(self):
acl = gear.ACL()
acl.add(gear.ACLEntry('worker', register='foo.*'))
acl.add(gear.ACLEntry('client', invoke='foo.*'))
acl.add(gear.ACLEntry('manager', grant=True))
self.assertEqual(len(acl.getEntries()), 3)
self.assertTrue(acl.canRegister('worker', 'foo-bar'))
self.assertTrue(acl.canRegister('worker', 'foo'))
self.assertFalse(acl.canRegister('worker', 'bar-foo'))
self.assertFalse(acl.canRegister('worker', 'bar'))
self.assertFalse(acl.canInvoke('worker', 'foo'))
self.assertFalse(acl.canGrant('worker'))
self.assertTrue(acl.canInvoke('client', 'foo-bar'))
self.assertTrue(acl.canInvoke('client', 'foo'))
self.assertFalse(acl.canInvoke('client', 'bar-foo'))
self.assertFalse(acl.canInvoke('client', 'bar'))
self.assertFalse(acl.canRegister('client', 'foo'))
self.assertFalse(acl.canGrant('client'))
self.assertFalse(acl.canInvoke('manager', 'bar'))
self.assertFalse(acl.canRegister('manager', 'foo'))
self.assertTrue(acl.canGrant('manager'))
acl.remove('worker')
acl.remove('client')
acl.remove('manager')
self.assertFalse(acl.canRegister('worker', 'foo'))
self.assertFalse(acl.canInvoke('client', 'foo'))
self.assertFalse(acl.canGrant('manager'))
self.assertEqual(len(acl.getEntries()), 0)
def main(self):
self.setup_logging()
statsd_host = os.environ.get('STATSD_HOST')
statsd_port = int(os.environ.get('STATSD_PORT', 8125))
statsd_prefix = os.environ.get('STATSD_PREFIX')
acl = None
if self.args.acl:
aclf = ConfigParser.RawConfigParser()
aclf.read(self.args.acl)
acl = gear.ACL()
for section in aclf.sections():
if aclf.has_option(section, 'register'):
register = aclf.get(section, 'register')
else:
register = None
if aclf.has_option(section, 'invoke'):
invoke = aclf.get(section, 'invoke')
else:
invoke = None
if aclf.has_option(section, 'grant'):
grant = aclf.getboolean(section, 'grant')
else:
grant = None
entry = gear.ACLEntry(section, register, invoke, grant)
acl.add(entry)
self.server = gear.Server(self.args.port,
self.args.ssl_key,
self.args.ssl_cert,
self.args.ssl_ca,
statsd_host,
statsd_port,
statsd_prefix,
acl=acl)
signal.pause()
def test_ACL_register(self):
acl = gear.ACL()
acl.grantRegister('worker', 'bar.*')
self.assertTrue(acl.canRegister('worker', 'bar'))
acl.revokeRegister('worker')
self.assertFalse(acl.canRegister('worker', 'bar'))
def test_ACL_grant(self):
acl = gear.ACL()
acl.grantGrant('manager')
self.assertTrue(acl.canGrant('manager'))
acl.revokeGrant('manager')
self.assertFalse(acl.canGrant('manager'))
def test_ACL_invoke(self):
acl = gear.ACL()
acl.grantInvoke('client', 'bar.*')
self.assertTrue(acl.canInvoke('client', 'bar'))
acl.revokeInvoke('client')
self.assertFalse(acl.canInvoke('client', 'bar'))
