def process(self, opt, arg, cli): path = arg[1] # FIXME duplicate code acl_info = arg[2].split(':') if len(acl_info) == 4: scheme, username, password, perm = acl_info id = f'{username}:{password}' elif len(acl_info) == 3: scheme, id, perm = acl_info scheme = scheme.lower() perm = perm.lower() if opt.unencrypted and scheme == 'digest': username, password = id.split(":") id = make_digest_acl_credential(username, password) try: perm_kw = { 'all': perm == 'all', 'read': 'r' in perm, 'write': 'w' in perm, 'create': 'c' in perm, 'delete': 'd' in perm, 'admin': 'a' in perm, } cli.client.set_acls(path, [make_acl(scheme, id, **perm_kw)], opt.version) except NoAuthError as e: raise ValueError(f"Authentication is not valid, '{path}'") except NoNodeError as e: raise ValueError(f"Path '{path}' not exists") except Exception as e: import traceback raise ValueError(f"Illegal arguments! {traceback.format_exc()}") return PlainViewModel(content='setAcl successfully', color='info')
def to_acl(access): cred = access.credential().get() if access.scheme().get() == 'digest': cred_parts = access.credential().get().split(':') if len(cred_parts) != 2: app.error('Digest credential should be of the form <user>:<password>') cred = make_digest_acl_credential(cred_parts[0], cred_parts[1]) return make_acl(access.scheme().get(), cred, read=access.permissions().read().get(), write=access.permissions().write().get(), create=access.permissions().create().get(), delete=access.permissions().delete().get(), admin=access.permissions().admin().get())
def test_create_makepath_incompatible_acls(self): from kazoo.client import KazooClient from kazoo.security import make_digest_acl_credential, CREATOR_ALL_ACL credential = make_digest_acl_credential("username", "password") alt_client = KazooClient(self.cluster[0].address + self.client.chroot, max_retries=5, auth_data=[("digest", credential)]) alt_client.start() alt_client.create("/1/2", b"val2", makepath=True, acl=CREATOR_ALL_ACL) try: self.assertRaises(NoAuthError, self.client.create, "/1/2/3/4/5", b"val2", makepath=True) finally: alt_client.delete('/', recursive=True) alt_client.stop()
def to_acl(access): cred = access.credential().get() if access.scheme().get() == 'digest': cred_parts = access.credential().get().split(':') if len(cred_parts) != 2: app.error( 'Digest credential should be of the form <user>:<password>') cred = make_digest_acl_credential(cred_parts[0], cred_parts[1]) return make_acl(access.scheme().get(), cred, read=access.permissions().read().get(), write=access.permissions().write().get(), create=access.permissions().create().get(), delete=access.permissions().delete().get(), admin=access.permissions().admin().get())
def generate_acl_list(module, acl_a): acl_list = [] for acl in [a.replace(';', '') for a in acl_a.split(';') if a is not '' and a is not None]: acl_data = [a.replace(':', '') for a in acl.split(':') if a is not ''] acl_access_type = acl_data[0] # generate public or ip acl if acl_access_type == 'world' or acl_access_type == 'ip': acl_list.append(get_acl(acl_access_type, acl_data[1], acl_data[2])) # generate acl from username and password elif acl_access_type == 'digest': acl_list.append(get_acl('digest', make_digest_acl_credential(acl_data[1], acl_data[2]), acl_data[3])) else: module.fail_json(msg='Unknown acl type: {0}'.format(acl_access_type)) return acl_list
from jones import Jones import zkutil import jonesconfig app = Flask(__name__) app.wsgi_app = ProxyFix(app.wsgi_app) app.config.from_object(jonesconfig) app.config.from_envvar('JONES_SETTINGS', silent=True) if 'SENTRY_DSN' in app.config: sentry = Sentry(app) jones_credential = make_digest_acl_credential( 'Jones', app.config['ZK_DIGEST_PASSWORD'] ) zk = KazooClient( app.config['ZK_CONNECTION_STRING'], default_acl=( # grants read permissions to anyone. make_acl('world', 'anyone', read=True), # grants all permissions to the creator of the node. make_acl('auth', '', all=True) ) ) zk.connect() zk.add_auth('digest', jones_credential) zk.ensure_path('/services')
from werkzeug.contrib.fixers import ProxyFix import json from jones import Jones, Env import zkutil import jonesconfig app = Flask(__name__) app.wsgi_app = ProxyFix(app.wsgi_app) app.config.from_object(jonesconfig) app.config.from_envvar('JONES_SETTINGS', silent=True) if 'SENTRY_DSN' in app.config: sentry = Sentry(app) jones_credential = make_digest_acl_credential('Jones', app.config['ZK_DIGEST_PASSWORD']) zk = KazooClient( app.config['ZK_CONNECTION_STRING'], default_acl=( # grants read permissions to anyone. make_acl('world', 'anyone', read=True), # grants all permissions to the creator of the node. make_acl('auth', '', all=True))) zk.start() zk.add_auth('digest', jones_credential) @zk.DataWatch('/services') def ensure_root(data, stat): if not data: zk.ensure_path('/services')