def test_3_access(self): logging.debug('') logging.debug('test_access') # This 'spook' creation is only for testing. # Normally the protector would run with regular credentials # in effect at the proprietary site. user = '******'+socket.gethostname() key_pair = get_key_pair(user) data = '\n'.join([user, '0', key_pair.publickey().exportKey()]) hash = hashlib.sha256(data).digest() signature = key_pair.sign(hash, get_random_bytes) spook = Credentials((data, signature, None)) credentials = get_credentials() allowed_users = {credentials.user: credentials.public_key, spook.user: spook.public_key} factory = self.start_factory(allowed_users=allowed_users) # Create model and run it. saved = get_credentials() set_credentials(spook) box = factory.create(_MODULE+'.ProtectedBox', allowed_users=allowed_users) set_credentials(saved) model = set_as_top(Model(box)) model.run() # Check results. for width in range(1, 2): for height in range(1, 3): for depth in range(1, 4): case = model.driver.recorders[0].cases.pop(0) self.assertEqual(case.outputs[0][2], width*height*depth)
def _get_count(self, allocator, resource_desc, credentials): """ Get `max_servers` from an allocator. """ set_credentials(credentials) count = 0 try: count = allocator.max_servers(resource_desc) except Exception: msg = traceback.format_exc() self._logger.error("%r max_servers() caught exception %s", allocator._name, msg) return count
def _start_manager(self, host, i, address, credentials): """ Start one host manager. """ set_credentials(credentials) try: host.start_manager(i, self._authkey, address, self._files, self._allow_shell) except Exception as exc: msg = '%s\n%s' % (exc, traceback.format_exc()) _LOGGER.error('starter for %s caught exception %s', host.hostname, msg) return host
def _service_loop(self, name, resource_desc, credentials, reply_q): """ Each server has an associated thread executing this. """ set_credentials(credentials) server, server_info = RAM.allocate(resource_desc) # Just being defensive, this should never happen. if server is None: # pragma no cover self._logger.error('Server allocation for %r failed :-(', name) reply_q.put((name, False, None)) return else: # Clear egg re-use indicator. server_info['egg_file'] = None self._logger.debug('%r using %r', name, server_info['name']) if self._logger.level == logging.NOTSET: # By default avoid lots of protocol messages. server.set_log_level(logging.DEBUG) else: server.set_log_level(self._logger.level) request_q = Queue.Queue() try: with self._server_lock: sdata = self._servers[name] sdata.server = server sdata.info = server_info sdata.queue = request_q reply_q.put((name, True, None)) # ACK startup. while True: request = request_q.get() if request is None: break try: result = request[0](request[1]) except Exception as req_exc: self._logger.error('%r: %s caused %r', name, request[0], req_exc) result = None else: req_exc = None reply_q.put((name, result, req_exc)) except Exception as exc: # pragma no cover # This can easily happen if we take a long time to allocate and # we get 'cleaned-up' before we get started. if self._server_lock is not None: self._logger.error('%r: %r', name, exc) finally: self._logger.debug('%r releasing server', name) RAM.release(server) reply_q.put((name, True, None)) # ACK shutdown.
def cleanup(self): """ Shut-down all remaining :class:`ObjServers`. """ self._logger.debug('cleanup') cleanup_creds = get_credentials() servers = self._managers.keys() for server in servers: # Cleanup overrides release() 'owner' protection. set_credentials(self._managers[server][2]) try: self.release(server) finally: set_credentials(cleanup_creds) self._managers = {}
def _get_estimate(self, allocator, resource_desc, credentials): """ Get (estimate, criteria) from an allocator. """ set_credentials(credentials) try: estimate, criteria = allocator.time_estimate(resource_desc) except Exception: msg = traceback.format_exc() self._logger.error("%r time_estimate() caught exception %s", allocator._name, msg) estimate = None criteria = None else: if estimate == 0: self._logger.debug("%r returned %g (%g)", allocator._name, estimate, criteria["loadavgs"][0]) else: self._logger.debug("%r returned %g", allocator._name, estimate) return (allocator, estimate, criteria)
self.assertTrue(msg in str(exc)) else: self.fail('Expected RemoteError') try: model.box.proprietary_method() except RemoteError as exc: msg = "RoleError: proprietary_method(): No access for role 'user'" logging.debug('msg: %s', msg) logging.debug('exc: %s', exc) self.assertTrue(msg in str(exc)) else: self.fail('Expected RemoteError') saved = get_credentials() set_credentials(spook) try: i = model.box.secret model.box.proprietary_method() finally: # Reset credentials to allow factory shutdown. set_credentials(saved) def test_4_authkey(self): logging.debug('') logging.debug('test_authkey') factory = self.start_factory() # Start server in non-public-key mode. # Connections must have matching authkey,
def test_3_access(self): logging.debug('') logging.debug('test_access') # This 'spook' creation is only for testing. # Normally the protector would run with regular credentials # in effect at the proprietary site. user = '******'+socket.gethostname() key_pair = get_key_pair(user) data = '\n'.join([user, '0', key_pair.publickey().exportKey()]) hash = hashlib.sha256(data).digest() signature = key_pair.sign(hash, get_random_bytes) spook = Credentials((data, signature, None)) credentials = get_credentials() allowed_users = {credentials.user: credentials.public_key, spook.user: spook.public_key} factory = self.start_factory(allowed_users=allowed_users) # Create model and run it. saved = get_credentials() set_credentials(spook) box = factory.create(_MODULE+'.ProtectedBox', allowed_users=allowed_users) set_credentials(saved) model = set_as_top(Model(box)) model.run() # Check results. for width in range(1, 2): for height in range(1, 3): for depth in range(1, 4): case = model.driver.recorder.cases.pop(0) self.assertEqual(case.outputs[0][2], width*height*depth) # Check access protections. try: i = model.box.secret except RemoteError as exc: msg = "RoleError: No __getattribute__ access to 'secret' by role 'user'" logging.debug('msg: %s', msg) logging.debug('exc: %s', exc) self.assertTrue(msg in str(exc)) else: self.fail('Expected RemoteError') try: model.box.proprietary_method() except RemoteError as exc: msg = "RoleError: proprietary_method(): No access for role 'user'" logging.debug('msg: %s', msg) logging.debug('exc: %s', exc) self.assertTrue(msg in str(exc)) else: self.fail('Expected RemoteError') saved = get_credentials() set_credentials(spook) try: i = model.box.secret model.box.proprietary_method() finally: # Reset credentials to allow factory shutdown. set_credentials(saved)