def test_3_access(self):
logging.debug('')
logging.debug('test_access')
# This 'spook' creation is only for testing.
# Normally the protector would run with regular credentials
# in effect at the proprietary site.
user = '******'+socket.gethostname()
key_pair = get_key_pair(user)
data = '\n'.join([user, '0', key_pair.publickey().exportKey()])
hash = hashlib.sha256(data).digest()
signature = key_pair.sign(hash, get_random_bytes)
spook = Credentials((data, signature, None))
credentials = get_credentials()
allowed_users = {credentials.user: credentials.public_key,
spook.user: spook.public_key}
factory = self.start_factory(allowed_users=allowed_users)
# Create model and run it.
saved = get_credentials()
set_credentials(spook)
box = factory.create(_MODULE+'.ProtectedBox',
allowed_users=allowed_users)
set_credentials(saved)
model = set_as_top(Model(box))
model.run()
# Check results.
for width in range(1, 2):
for height in range(1, 3):
for depth in range(1, 4):
case = model.driver.recorders[0].cases.pop(0)
self.assertEqual(case.outputs[0][2], width*height*depth)
def _get_count(self, allocator, resource_desc, credentials):
""" Get `max_servers` from an allocator. """
set_credentials(credentials)
count = 0
try:
count = allocator.max_servers(resource_desc)
except Exception:
msg = traceback.format_exc()
self._logger.error("%r max_servers() caught exception %s", allocator._name, msg)
return count
def _start_manager(self, host, i, address, credentials):
""" Start one host manager. """
set_credentials(credentials)
try:
host.start_manager(i, self._authkey, address, self._files,
self._allow_shell)
except Exception as exc:
msg = '%s\n%s' % (exc, traceback.format_exc())
_LOGGER.error('starter for %s caught exception %s', host.hostname,
msg)
return host
def _start_manager(self, host, i, address, credentials):
""" Start one host manager. """
set_credentials(credentials)
try:
host.start_manager(i, self._authkey, address, self._files,
self._allow_shell)
except Exception as exc:
msg = '%s\n%s' % (exc, traceback.format_exc())
_LOGGER.error('starter for %s caught exception %s',
host.hostname, msg)
return host
def _service_loop(self, name, resource_desc, credentials, reply_q):
""" Each server has an associated thread executing this. """
set_credentials(credentials)
server, server_info = RAM.allocate(resource_desc)
# Just being defensive, this should never happen.
if server is None: # pragma no cover
self._logger.error('Server allocation for %r failed :-(', name)
reply_q.put((name, False, None))
return
else:
# Clear egg re-use indicator.
server_info['egg_file'] = None
self._logger.debug('%r using %r', name, server_info['name'])
if self._logger.level == logging.NOTSET:
# By default avoid lots of protocol messages.
server.set_log_level(logging.DEBUG)
else:
server.set_log_level(self._logger.level)
request_q = Queue.Queue()
try:
with self._server_lock:
sdata = self._servers[name]
sdata.server = server
sdata.info = server_info
sdata.queue = request_q
reply_q.put((name, True, None)) # ACK startup.
while True:
request = request_q.get()
if request is None:
break
try:
result = request[0](request[1])
except Exception as req_exc:
self._logger.error('%r: %s caused %r', name, request[0],
req_exc)
result = None
else:
req_exc = None
reply_q.put((name, result, req_exc))
except Exception as exc: # pragma no cover
# This can easily happen if we take a long time to allocate and
# we get 'cleaned-up' before we get started.
if self._server_lock is not None:
self._logger.error('%r: %r', name, exc)
finally:
self._logger.debug('%r releasing server', name)
RAM.release(server)
reply_q.put((name, True, None)) # ACK shutdown.
def _service_loop(self, name, resource_desc, credentials, reply_q):
""" Each server has an associated thread executing this. """
set_credentials(credentials)
server, server_info = RAM.allocate(resource_desc)
# Just being defensive, this should never happen.
if server is None: # pragma no cover
self._logger.error('Server allocation for %r failed :-(', name)
reply_q.put((name, False, None))
return
else:
# Clear egg re-use indicator.
server_info['egg_file'] = None
self._logger.debug('%r using %r', name, server_info['name'])
if self._logger.level == logging.NOTSET:
# By default avoid lots of protocol messages.
server.set_log_level(logging.DEBUG)
else:
server.set_log_level(self._logger.level)
request_q = Queue.Queue()
try:
with self._server_lock:
sdata = self._servers[name]
sdata.server = server
sdata.info = server_info
sdata.queue = request_q
reply_q.put((name, True, None)) # ACK startup.
while True:
request = request_q.get()
if request is None:
break
try:
result = request[0](request[1])
except Exception as req_exc:
self._logger.error('%r: %s caused %r', name,
request[0], req_exc)
result = None
else:
req_exc = None
reply_q.put((name, result, req_exc))
except Exception as exc: # pragma no cover
# This can easily happen if we take a long time to allocate and
# we get 'cleaned-up' before we get started.
if self._server_lock is not None:
self._logger.error('%r: %r', name, exc)
finally:
self._logger.debug('%r releasing server', name)
RAM.release(server)
reply_q.put((name, True, None)) # ACK shutdown.
def cleanup(self):
""" Shut-down all remaining :class:`ObjServers`. """
self._logger.debug('cleanup')
cleanup_creds = get_credentials()
servers = self._managers.keys()
for server in servers:
# Cleanup overrides release() 'owner' protection.
set_credentials(self._managers[server][2])
try:
self.release(server)
finally:
set_credentials(cleanup_creds)
self._managers = {}
def cleanup(self):
""" Shut-down all remaining :class:`ObjServers`. """
self._logger.debug('cleanup')
cleanup_creds = get_credentials()
servers = self._managers.keys()
for server in servers:
# Cleanup overrides release() 'owner' protection.
set_credentials(self._managers[server][2])
try:
self.release(server)
finally:
set_credentials(cleanup_creds)
self._managers = {}
def _get_estimate(self, allocator, resource_desc, credentials):
""" Get (estimate, criteria) from an allocator. """
set_credentials(credentials)
try:
estimate, criteria = allocator.time_estimate(resource_desc)
except Exception:
msg = traceback.format_exc()
self._logger.error("%r time_estimate() caught exception %s", allocator._name, msg)
estimate = None
criteria = None
else:
if estimate == 0:
self._logger.debug("%r returned %g (%g)", allocator._name, estimate, criteria["loadavgs"][0])
else:
self._logger.debug("%r returned %g", allocator._name, estimate)
return (allocator, estimate, criteria)
self.assertTrue(msg in str(exc))
else:
self.fail('Expected RemoteError')
try:
model.box.proprietary_method()
except RemoteError as exc:
msg = "RoleError: proprietary_method(): No access for role 'user'"
logging.debug('msg: %s', msg)
logging.debug('exc: %s', exc)
self.assertTrue(msg in str(exc))
else:
self.fail('Expected RemoteError')
saved = get_credentials()
set_credentials(spook)
try:
i = model.box.secret
model.box.proprietary_method()
finally:
# Reset credentials to allow factory shutdown.
set_credentials(saved)
def test_4_authkey(self):
logging.debug('')
logging.debug('test_authkey')
factory = self.start_factory()
# Start server in non-public-key mode.
# Connections must have matching authkey,
def test_3_access(self):
logging.debug('')
logging.debug('test_access')
# This 'spook' creation is only for testing.
# Normally the protector would run with regular credentials
# in effect at the proprietary site.
user = '******'+socket.gethostname()
key_pair = get_key_pair(user)
data = '\n'.join([user, '0', key_pair.publickey().exportKey()])
hash = hashlib.sha256(data).digest()
signature = key_pair.sign(hash, get_random_bytes)
spook = Credentials((data, signature, None))
credentials = get_credentials()
allowed_users = {credentials.user: credentials.public_key,
spook.user: spook.public_key}
factory = self.start_factory(allowed_users=allowed_users)
# Create model and run it.
saved = get_credentials()
set_credentials(spook)
box = factory.create(_MODULE+'.ProtectedBox',
allowed_users=allowed_users)
set_credentials(saved)
model = set_as_top(Model(box))
model.run()
# Check results.
for width in range(1, 2):
for height in range(1, 3):
for depth in range(1, 4):
case = model.driver.recorder.cases.pop(0)
self.assertEqual(case.outputs[0][2], width*height*depth)
# Check access protections.
try:
i = model.box.secret
except RemoteError as exc:
msg = "RoleError: No __getattribute__ access to 'secret' by role 'user'"
logging.debug('msg: %s', msg)
logging.debug('exc: %s', exc)
self.assertTrue(msg in str(exc))
else:
self.fail('Expected RemoteError')
try:
model.box.proprietary_method()
except RemoteError as exc:
msg = "RoleError: proprietary_method(): No access for role 'user'"
logging.debug('msg: %s', msg)
logging.debug('exc: %s', exc)
self.assertTrue(msg in str(exc))
else:
self.fail('Expected RemoteError')
saved = get_credentials()
set_credentials(spook)
try:
i = model.box.secret
model.box.proprietary_method()
finally:
# Reset credentials to allow factory shutdown.
set_credentials(saved)
