def test_activate(self):
"""A principal can be used with a client connection."""
client = yield self.get_zookeeper_client().connect()
self.addCleanup(lambda: client.close())
admin_credentials = "admin:admin"
test_credentials = "test:test"
yield self.client.add_auth("digest", admin_credentials)
acl = [make_ace(make_identity(admin_credentials), all=True),
make_ace(make_identity(
test_credentials), read=True, create=True)]
yield client.create("/acl-test", "content", acls=acl)
# Verify the acl is active
yield self.assertFailure(
client.get("/acl-test"), zookeeper.NoAuthException)
# Attach the principal to the connection
group = GroupPrincipal(self.client, "/group-b")
yield group.create("test", "test")
yield group.attach(client)
content, stat = yield client.get("/acl-test")
self.assertEqual(content, "content")
def test_activate(self):
"""A principal can be used with a client connection."""
client = yield self.get_zookeeper_client().connect()
self.addCleanup(lambda: client.close())
admin_credentials = "admin:admin"
test_credentials = "test:test"
yield self.client.add_auth("digest", admin_credentials)
acl = [
make_ace(make_identity(admin_credentials), all=True),
make_ace(make_identity(test_credentials), read=True, create=True)
]
yield client.create("/acl-test", "content", acls=acl)
# Verify the acl is active
yield self.assertFailure(client.get("/acl-test"),
zookeeper.NoAuthException)
# Attach the principal to the connection
group = GroupPrincipal(self.client, "/group-b")
yield group.create("test", "test")
yield group.attach(client)
content, stat = yield client.get("/acl-test")
self.assertEqual(content, "content")
def get_token(self):
"""A principal identity token can be retrieved.
An identity token is used to construct ACLs.
"""
self._check()
return make_identity("%s:%s" % (self._name, self._password))
def create(self, name, password=None, otp_name=None, otp=None):
"""Create an OTP for a principal.
"""
if self._name:
raise ValueError("OTPPrincipal has already been created.")
self._name = name
self._password = password or self._generate_string()
self._otp_name = otp_name or self._generate_string()
self._otp = otp or self._generate_string()
acl = [make_ace(
make_identity("%s:%s" % (self._otp_name, self._otp)), read=True)]
# Optional additional ACL entry for unit test teardown.
if self._extra_otp_ace:
acl.append(self._extra_otp_ace)
self._path = yield self._client.create(
self._path,
yaml.safe_dump(dict(name=name, password=password)),
acls=acl,
flags=SEQUENCE)
returnValue(self)
def create(self, name, password=None, otp_name=None, otp=None):
"""Create an OTP for a principal.
"""
if self._name:
raise ValueError("OTPPrincipal has already been created.")
self._name = name
self._password = password or self._generate_string()
self._otp_name = otp_name or self._generate_string()
self._otp = otp or self._generate_string()
acl = [
make_ace(make_identity("%s:%s" % (self._otp_name, self._otp)),
read=True)
]
# Optional additional ACL entry for unit test teardown.
if self._extra_otp_ace:
acl.append(self._extra_otp_ace)
self._path = yield self._client.create(self._path,
yaml.safe_dump(
dict(name=name,
password=password)),
acls=acl,
flags=SEQUENCE)
returnValue(self)
def get_token(self):
"""A principal identity token can be retrieved.
An identity token is used to construct ACLs.
"""
self._check()
return make_identity("%s:%s" % (self._name, self._password))
def setUp(self):
self.log = self.capture_logging("juju.state.init")
zookeeper.set_debug_level(0)
self.client = ZookeeperClient(get_test_zookeeper_address())
self.identity = make_identity("admin:genie")
self.layout = StateHierarchy(
self.client, self.identity, "i-abcdef", "dummy")
return self.client.connect()
def setUp(self):
self.log = self.capture_logging("juju.state.init")
zookeeper.set_debug_level(0)
self.client = ZookeeperClient(get_test_zookeeper_address())
self.identity = make_identity("admin:genie")
self.layout = StateHierarchy(self.client, self.identity, "i-abcdef",
"dummy")
return self.client.connect()
def _zookeeper_scripts(instance_id, secret, provider_type):
return [
"juju-admin initialize"
" --instance-id=%s"
" --admin-identity=%s"
" --provider-type=%s"
% (instance_id, make_identity("admin:%s" % secret),
provider_type)]
def _zookeeper_scripts(instance_id, secret, constraints, provider_type):
return [
"juju-admin initialize"
" --instance-id=%s"
" --admin-identity=%s"
" --constraints-data=%s"
" --provider-type=%s"
% (instance_id, make_identity("admin:%s" % secret),
b64encode(safe_dump(constraints.data)), provider_type)]
def test_make_identity_with_colon_in_password(self):
username = "******"
password = "******"
credentials = "%s:%s" % (username, password)
identity = "%s:%s" %(
username,
base64.b64encode(hashlib.new("sha1", credentials).digest()))
self.assertEqual(identity, make_identity(credentials))
def test_get_token(self):
"""An identity token can be gotten from a OTPPrincipal.
The token returned is that of the stored credentials, not
the serialized one time password principal.
"""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
self.assertEqual(principal.get_token(), make_identity("foobar:secret"))
self.assertEqual(principal.name, "foobar")
def test_get_token(self):
"""An identity token can be gotten from a OTPPrincipal.
The token returned is that of the stored credentials, not
the serialized one time password principal.
"""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
self.assertEqual(principal.get_token(),
make_identity("foobar:secret"))
self.assertEqual(principal.name, "foobar")
def test_serialize(self):
"""The principal can be serialized to just the OTP data."""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
otp_data = principal.serialize()
path, user, password = base64.b64decode(otp_data).split(":")
acl, stat = yield self.client.get_acl(path)
self.assertEqual(principal.get_token(), make_identity("foobar:secret"))
self.assertEqual(principal.name, "foobar")
def test_serialize(self):
"""The principal can be serialized to just the OTP data."""
self.set_otp_test_ace()
principal = OTPPrincipal(self.client)
yield principal.create("foobar", "secret")
otp_data = principal.serialize()
path, user, password = base64.b64decode(otp_data).split(":")
acl, stat = yield self.client.get_acl(path)
self.assertEqual(principal.get_token(),
make_identity("foobar:secret"))
self.assertEqual(principal.name, "foobar")
def setUp(self):
yield super(LayoutTest, self).setUp()
self.log = self.capture_logging("juju.state.init")
zookeeper.set_debug_level(0)
self.client = self.get_zookeeper_client()
self.identity = make_identity("admin:genie")
constraints_data = {
"arch": "arm",
"cpu": None,
"ubuntu-series": "cranky",
"provider-type": "dummy"}
self.layout = StateHierarchy(
self.client, self.identity, "i-abcdef", constraints_data, "dummy")
yield self.client.connect()
def test_get_token(self):
"""An identity token can be gotten from a Principal."""
principal = GroupPrincipal(self.client, "/group-a")
yield principal.create("foobar", "secret")
self.assertEqual(principal.get_token(), make_identity("foobar:secret"))
def test_get_token(self):
"""An identity token can be gotten from a Principal."""
principal = Principal("foobar", "secret")
self.assertEqual(principal.get_token(),
make_identity("foobar:secret"))
def test_get_token(self):
"""An identity token can be gotten from a Principal."""
principal = GroupPrincipal(self.client, "/group-a")
yield principal.create("foobar", "secret")
self.assertEqual(principal.get_token(),
make_identity("foobar:secret"))
def test_get_token(self):
"""An identity token can be gotten from a Principal."""
principal = Principal("foobar", "secret")
self.assertEqual(principal.get_token(), make_identity("foobar:secret"))
def bootstrap(self):
"""Bootstrap a local development environment.
"""
# Check for existing environment
state = yield self.load_state()
if state is not False:
raise ProviderError("Environment already bootstrapped")
# Check for required packages
log.info("Checking for required packages...")
missing = check_packages(*REQUIRED_PACKAGES)
if missing:
raise ProviderError("Missing packages %s" % (
", ".join(sorted(list(missing)))))
# Get/create directory for zookeeper and files
zookeeper_dir = os.path.join(self._directory, "zookeeper")
if not os.path.exists(zookeeper_dir):
os.makedirs(zookeeper_dir)
# Start networking, and get an open port.
log.info("Starting networking...")
net = Network("default", subnet=122)
# Start is a noop if its already started, which it is by default,
# per libvirt-bin package installation
yield net.start()
net_attributes = yield net.get_attributes()
port = get_open_port(net_attributes["ip"]["address"])
# Start zookeeper
log.info("Starting zookeeper...")
# Run zookeeper as the current user, unless we're being run as root
# in which case run zookeeper as the 'zookeeper' user.
zookeeper_user = None
if os.geteuid() == 0:
zookeeper_user = "******"
zookeeper = Zookeeper(zookeeper_dir,
port=port,
host=net_attributes["ip"]["address"],
user=zookeeper_user, group=zookeeper_user)
yield zookeeper.start()
# Starting provider storage server
log.info("Starting storage server...")
storage_server = StorageServer(
pid_file=os.path.join(self._directory, "storage-server.pid"),
storage_dir=os.path.join(self._directory, "files"),
host=net_attributes["ip"]["address"],
port=get_open_port(net_attributes["ip"]["address"]),
log_file=os.path.join(self._directory, "storage-server.log"))
yield storage_server.start()
# Save the zookeeper start to provider storage.
yield self.save_state({"zookeeper-instances": ["local"],
"zookeeper-address": zookeeper.address})
# Initialize the zookeeper state
log.debug("Initializing state...")
admin_identity = make_identity(
"admin:%s" % self.config["admin-secret"])
client = ZookeeperClient(zookeeper.address)
yield client.connect()
hierarchy = StateHierarchy(client, admin_identity, "local", "local")
yield hierarchy.initialize()
# Store user credentials from the running user
try:
public_key = get_user_authorized_keys(self.config)
public_key = public_key.strip()
except LookupError, e:
raise ProviderError(str(e))
