def test_make_zk_auth_config_validation():
  invalid_configs = [
    # No credential in auth
    {'auth': [{'scheme': 's'}],
     'acl': [{'scheme': 's', 'credential': 'c', 'permissions': {'read': True}}]},
    # Acl is not a list
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': {'scheme': 's', 'credential': 'c', 'permissions': {'read': True}}},
    # No credential in acl
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': [{'scheme': 's', 'permissions': {'read': True}}]},
    # permissions is not an object
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': [{'scheme': 's', 'credential': 'c', 'permissions': 'non-object'}]},
    # permissions object has unrecognized property
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': [{'scheme': 's', 'credential': 'c', 'permissions': {'extraprop': True}}]},
    # non boolean property in permissions object
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': [{'scheme': 's', 'credential': 'c', 'permissions': {'read': 'non-bool'}}]},
  ]
  for invalid_config in invalid_configs:
    with temporary_file() as fp:
      fp.write(json.dumps(invalid_config))
      fp.flush()

      with pytest.raises(SystemExit):
        make_zk_auth(fp.name)
Exemple #2
0
def test_make_zk_auth_config_validation():
  invalid_configs = [
    # No credential in auth
    {'auth': [{'scheme': 's'}],
     'acl': [{'scheme': 's', 'credential': 'c', 'permissions': {'read': True}}]},
    # Acl is not a list
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': {'scheme': 's', 'credential': 'c', 'permissions': {'read': True}}},
    # No credential in acl
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': [{'scheme': 's', 'permissions': {'read': True}}]},
    # permissions is not an object
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': [{'scheme': 's', 'credential': 'c', 'permissions': 'non-object'}]},
    # permissions object has unrecognized property
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': [{'scheme': 's', 'credential': 'c', 'permissions': {'extraprop': True}}]},
    # non boolean property in permissions object
    {'auth': [{'scheme': 's', 'credential': 'c'}],
     'acl': [{'scheme': 's', 'credential': 'c', 'permissions': {'read': 'non-bool'}}]},
  ]
  for invalid_config in invalid_configs:
    with temporary_file() as fp:
      fp.write(json.dumps(invalid_config))
      fp.flush()

      with pytest.raises(SystemExit):
        make_zk_auth(fp.name)
Exemple #3
0
def test_make_zk_auth_with_bad_config():
  with pytest.raises(SystemExit):
    make_zk_auth('file-not-present')

  with temporary_file() as fp:
    fp.write('Bad json')
    fp.flush()

    with pytest.raises(SystemExit):
      make_zk_auth(fp.name)
def test_make_zk_auth_with_bad_config():
  with pytest.raises(SystemExit):
    make_zk_auth('file-not-present')

  with temporary_file() as fp:
    fp.write('Bad json')
    fp.flush()

    with pytest.raises(SystemExit):
      make_zk_auth(fp.name)
def initialize(options):
  cwd_path = os.path.abspath(CWD)
  checkpoint_root = os.path.join(cwd_path, MesosPathDetector.DEFAULT_SANDBOX_PATH)

  # status providers:
  status_providers = [
      HealthCheckerProvider(),
      ResourceManagerProvider(checkpoint_root=checkpoint_root)
  ]

  if options.announcer_enable:
    log.warn('Please remove the deprecated and no-op --announcer-enable flag in scheduler config!')

  if options.announcer_ensemble is not None:
    status_providers.append(DefaultAnnouncerCheckerProvider(
      options.announcer_ensemble,
      options.announcer_serverset_path,
      options.announcer_allow_custom_serverset_path,
      options.announcer_hostname,
      make_zk_auth(options.announcer_zookeeper_auth_config)
    ))

  # Create executor stub
  if options.execute_as_user or options.nosetuid:
    # If nosetuid is set, execute_as_user is also None
    thermos_runner_provider = UserOverrideThermosTaskRunnerProvider(
      dump_runner_pex(),
      checkpoint_root,
      artifact_dir=cwd_path,
      process_logger_destination=options.runner_logger_destination,
      process_logger_mode=options.runner_logger_mode,
      rotate_log_size_mb=options.runner_rotate_log_size_mb,
      rotate_log_backups=options.runner_rotate_log_backups,
      preserve_env=options.preserve_env
    )
    thermos_runner_provider.set_role(None)

    thermos_executor = AuroraExecutor(
      runner_provider=thermos_runner_provider,
      status_providers=status_providers,
      sandbox_provider=UserOverrideDirectorySandboxProvider(options.execute_as_user)
    )
  else:
    thermos_runner_provider = DefaultThermosTaskRunnerProvider(
      dump_runner_pex(),
      checkpoint_root,
      artifact_dir=cwd_path,
      process_logger_destination=options.runner_logger_destination,
      process_logger_mode=options.runner_logger_mode,
      rotate_log_size_mb=options.runner_rotate_log_size_mb,
      rotate_log_backups=options.runner_rotate_log_backups,
      preserve_env=options.preserve_env
    )

    thermos_executor = AuroraExecutor(
      runner_provider=thermos_runner_provider,
      status_providers=status_providers
    )

  return thermos_executor
Exemple #6
0
def initialize(options):
  cwd_path = os.path.abspath(CWD)
  checkpoint_root = os.path.join(cwd_path, MesosPathDetector.DEFAULT_SANDBOX_PATH)

  # status providers:
  status_providers = [
      HealthCheckerProvider(nosetuid_health_checks=options.nosetuid_health_checks),
      ResourceManagerProvider(checkpoint_root=checkpoint_root)
  ]

  if options.announcer_ensemble is not None:
    status_providers.append(DefaultAnnouncerCheckerProvider(
      options.announcer_ensemble,
      options.announcer_serverset_path,
      options.announcer_allow_custom_serverset_path,
      options.announcer_hostname,
      make_zk_auth(options.announcer_zookeeper_auth_config)
    ))

  # Create executor stub
  if options.execute_as_user or options.nosetuid:
    # If nosetuid is set, execute_as_user is also None
    thermos_runner_provider = UserOverrideThermosTaskRunnerProvider(
      dump_runner_pex(),
      checkpoint_root,
      artifact_dir=cwd_path,
      process_logger_destination=options.runner_logger_destination,
      process_logger_mode=options.runner_logger_mode,
      rotate_log_size_mb=options.runner_rotate_log_size_mb,
      rotate_log_backups=options.runner_rotate_log_backups,
      preserve_env=options.preserve_env
    )
    thermos_runner_provider.set_role(None)

    thermos_executor = AuroraExecutor(
      runner_provider=thermos_runner_provider,
      status_providers=status_providers,
      sandbox_provider=UserOverrideDirectorySandboxProvider(options.execute_as_user)
    )
  else:
    thermos_runner_provider = DefaultThermosTaskRunnerProvider(
      dump_runner_pex(),
      checkpoint_root,
      artifact_dir=cwd_path,
      process_logger_destination=options.runner_logger_destination,
      process_logger_mode=options.runner_logger_mode,
      rotate_log_size_mb=options.runner_rotate_log_size_mb,
      rotate_log_backups=options.runner_rotate_log_backups,
      preserve_env=options.preserve_env
    )

    thermos_executor = AuroraExecutor(
      runner_provider=thermos_runner_provider,
      status_providers=status_providers
    )

  return thermos_executor
Exemple #7
0
def test_make_zk_auth_with_good_config():
  with temporary_file() as fp:
    fp.write(generate_zk_auth_json())
    fp.flush()

    zk_auth = make_zk_auth(fp.name)
    perms = Permissions(read=True, write=True, delete=True, create=True, admin=False)
    assert zk_auth.acl()[0] == Access(scheme='digest',
                                      credential='user:pass',
                                      permissions=perms)
    assert zk_auth.auth()[0] == Auth(scheme='digest', credential='user:pass')
def test_make_zk_auth_with_good_config():
  with temporary_file() as fp:
    fp.write(generate_zk_auth_json())
    fp.flush()

    zk_auth = make_zk_auth(fp.name)
    perms = Permissions(read=True, write=True, delete=True, create=True, admin=False)
    assert zk_auth.acl()[0] == Access(scheme='digest',
                                      credential='user:pass',
                                      permissions=perms)
    assert zk_auth.auth()[0] == Auth(scheme='digest', credential='user:pass')
Exemple #9
0
def test_make_zk_auth_with_no_config():
  auth = make_zk_auth(None)
  assert auth is None
def test_make_zk_auth_with_no_config():
  auth = make_zk_auth(None)
  assert auth is None
def initialize(options):
  cwd_path = os.path.abspath(CWD)
  checkpoint_root = os.path.join(cwd_path, MesosPathDetector.DEFAULT_SANDBOX_PATH)

  # status providers:
  status_providers = [
      HealthCheckerProvider(
          nosetuid_health_checks=options.nosetuid_health_checks,
          mesos_containerizer_path=options.mesos_containerizer_path),
      ResourceManagerProvider(checkpoint_root=checkpoint_root)
  ]

  if options.announcer_ensemble is not None:
    status_providers.append(DefaultAnnouncerCheckerProvider(
      options.announcer_ensemble,
      options.announcer_serverset_path,
      options.announcer_allow_custom_serverset_path,
      options.announcer_hostname,
      make_zk_auth(options.announcer_zookeeper_auth_config)
    ))

  # Create executor stub
  if options.execute_as_user or options.nosetuid:
    # If nosetuid is set, execute_as_user is also None
    thermos_runner_provider = UserOverrideThermosTaskRunnerProvider(
      dump_runner_pex(),
      checkpoint_root,
      artifact_dir=cwd_path,
      process_logger_destination=options.runner_logger_destination,
      process_logger_mode=options.runner_logger_mode,
      rotate_log_size_mb=options.runner_rotate_log_size_mb,
      rotate_log_backups=options.runner_rotate_log_backups,
      preserve_env=options.preserve_env,
      mesos_containerizer_path=options.mesos_containerizer_path
    )
    thermos_runner_provider.set_role(None)

    thermos_executor = AuroraExecutor(
      runner_provider=thermos_runner_provider,
      status_providers=status_providers,
      sandbox_provider=UserOverrideDirectorySandboxProvider(options.execute_as_user),
      no_sandbox_create_user=options.no_create_user,
      sandbox_mount_point=options.sandbox_mount_point,
      stop_timeout_in_secs=options.stop_timeout_in_secs
    )
  else:
    thermos_runner_provider = DefaultThermosTaskRunnerProvider(
      dump_runner_pex(),
      checkpoint_root,
      artifact_dir=cwd_path,
      process_logger_destination=options.runner_logger_destination,
      process_logger_mode=options.runner_logger_mode,
      rotate_log_size_mb=options.runner_rotate_log_size_mb,
      rotate_log_backups=options.runner_rotate_log_backups,
      preserve_env=options.preserve_env,
      mesos_containerizer_path=options.mesos_containerizer_path
    )

    thermos_executor = AuroraExecutor(
      runner_provider=thermos_runner_provider,
      status_providers=status_providers,
      no_sandbox_create_user=options.no_create_user,
      sandbox_mount_point=options.sandbox_mount_point,
      stop_timeout_in_secs=options.stop_timeout_in_secs
    )

  return thermos_executor