def add_acs_resource(resource):
"""Create given ACS `{resource}`. For more information consult the DC/OS documentation:
https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/
"""
import json
try:
logger.info('Adding ACS resource: {}'.format(resource))
url = dcos_url_path('acs/api/v1/acls/{}'.format(resource))
extra_args = {'headers': {'Content-Type': 'application/json'}}
req = http.put(url,
data=json.dumps({'description': resource}),
**extra_args)
assert req.status_code == 201, 'Failed create ACS resource: {}, {}'.format(
req, req.text)
except DCOSHTTPException as e:
if (e.response.status_code == 409):
logger.info('ACS resource {} already exists'.format(resource))
else:
logger.error("Unexpected HTTP error: {}, {}".format(
e.response, e.response.text))
raise
except Exception:
logger.exception(
"Unexpected error while adding ACS resource {}".format(resource))
raise
def test_non_authorized_user():
with new_dcos_user('kenny', 'kenny') as auth_token:
auth = DCOSAcsAuth(auth_token)
response = requests.get(dcos_url_path('service/marathon/v2/apps'),
auth=auth,
verify=verify_ssl())
assert response.status_code == 403
def set_service_account_permissions(service_account,
resource='dcos:superuser',
action='full'):
"""Set permissions for given `{service_account}` for passed `{resource}` with
`{action}`. For more information consult the DC/OS documentation:
https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/
"""
try:
logger.info('Granting {} permissions to {}/users/{}'.format(
action, resource, service_account))
url = dcos_url_path('acs/api/v1/acls/{}/users/{}/{}'.format(
resource, service_account, action))
req = http.put(url)
msg = 'Failed to grant permissions to the service account: {}, {}'.format(
req, req.text)
assert req.status_code == 204, msg
except DCOSHTTPException as e:
if (e.response.status_code == 409):
logger.info(
'Service account {} already has {} permissions set'.format(
service_account, resource))
else:
logger.error("Unexpected HTTP error: {}".format(e.response))
raise
except Exception:
logger.exception(
"Unexpected error when setting service account permissions")
raise
async def sse_events():
url = dcos_url_path('service/marathon/v2/events')
headers = {'Authorization': 'token={}'.format(dcos_acs_token()),
'Accept': 'text/event-stream'}
ssl_context = get_ssl_context()
verify_ssl = ssl_context is not None
async with aiohttp.ClientSession(headers=headers) as session:
async with session.get(url, verify_ssl=verify_ssl, ssl_context=ssl_context) as response:
async def internal_generator():
client = SSEClient(response.content)
async for event in client.events():
yield json.loads(event.data)
yield internal_generator()
async def sse_events():
url = dcos_url_path('service/marathon/v2/events')
headers = {
'Authorization': 'token={}'.format(dcos_acs_token()),
'Accept': 'text/event-stream'
}
ssl_context = get_ssl_context()
verify_ssl = ssl_context is not None
async with aiohttp.ClientSession(headers=headers) as session:
async with session.get(url,
verify_ssl=verify_ssl,
ssl_context=ssl_context) as response:
async def internal_generator():
client = SSEClient(response.content)
async for event in client.events():
yield json.loads(event.data)
yield internal_generator()
def add_acs_resource(resource):
"""Create given ACS `{resource}`. For more information consult the DC/OS documentation:
https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/
"""
import json
try:
logger.info('Adding ACS resource: {}'.format(resource))
url = dcos_url_path('acs/api/v1/acls/{}'.format(resource))
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.put(url, data=json.dumps({'description': resource}),
headers={'Content-Type': 'application/json'}, auth=auth, verify=verify_ssl())
req.raise_for_status()
assert req.status_code == 201, 'Failed create ACS resource: {}, {}'.format(req, req.text)
except requests.HTTPError as e:
if (e.response.status_code == 409):
logger.info('ACS resource {} already exists'.format(resource))
else:
logger.error("Unexpected HTTP error: {}, {}".format(e.response, e.response.text))
raise
except Exception:
logger.exception("Unexpected error while adding ACS resource {}".format(resource))
raise
def set_service_account_permissions(service_account, resource='dcos:superuser', action='full'):
"""Set permissions for given `{service_account}` for passed `{resource}` with
`{action}`. For more information consult the DC/OS documentation:
https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/
"""
try:
logger.info('Granting {} permissions to {}/users/{}'.format(action, resource, service_account))
url = dcos_url_path('acs/api/v1/acls/{}/users/{}/{}'.format(resource, service_account, action))
auth = DCOSAcsAuth(dcos_acs_token())
req = requests.put(url, auth=auth, verify=verify_ssl())
req.raise_for_status()
msg = 'Failed to grant permissions to the service account: {}, {}'.format(req, req.text)
assert req.status_code == 204, msg
except requests.HTTPError as e:
if (e.response.status_code == 409):
logger.info('Service account {} already has {} permissions set'.format(service_account, resource))
else:
logger.error("Unexpected HTTP error: {}".format(e.response))
raise
except Exception:
logger.exception("Unexpected error when setting service account permissions")
raise
def test_non_authenticated_user():
response = requests.get(dcos_url_path('service/marathon/v2/apps'),
auth=None,
verify=verify_ssl())
assert response.status_code == 401
def get_marathon_endpoint(path, marathon_name='marathon'):
"""Returns the url for the marathon endpoint."""
return dcos_url_path('service/{}/{}'.format(marathon_name, path))
def get_marathon_endpoint(path, marathon_name='marathon'):
"""Returns the url for the marathon endpoint."""
return dcos_url_path('service/{}/{}'.format(marathon_name, path))
def test_non_authorized_user():
with new_dcos_user('kenny', 'kenny') as auth_token:
auth = DCOSAcsAuth(auth_token)
response = requests.get(dcos_url_path('service/marathon/v2/apps'), auth=auth, verify=verify_ssl())
assert response.status_code == 403
def test_non_authenticated_user():
response = requests.get(dcos_url_path('service/marathon/v2/apps'), auth=None, verify=verify_ssl())
assert response.status_code == 401
