def test_activate(self): """A principal can be used with a client connection.""" client = yield self.get_zookeeper_client().connect() self.addCleanup(lambda: client.close()) admin_credentials = "admin:admin" test_credentials = "test:test" yield self.client.add_auth("digest", admin_credentials) acl = [make_ace(make_identity(admin_credentials), all=True), make_ace(make_identity( test_credentials), read=True, create=True)] yield client.create("/acl-test", "content", acls=acl) # Verify the acl is active yield self.assertFailure( client.get("/acl-test"), zookeeper.NoAuthException) # Attach the principal to the connection group = GroupPrincipal(self.client, "/group-b") yield group.create("test", "test") yield group.attach(client) content, stat = yield client.get("/acl-test") self.assertEqual(content, "content")
def test_activate(self): """A principal can be used with a client connection.""" client = yield self.get_zookeeper_client().connect() self.addCleanup(lambda: client.close()) admin_credentials = "admin:admin" test_credentials = "test:test" yield self.client.add_auth("digest", admin_credentials) acl = [ make_ace(make_identity(admin_credentials), all=True), make_ace(make_identity(test_credentials), read=True, create=True) ] yield client.create("/acl-test", "content", acls=acl) # Verify the acl is active yield self.assertFailure(client.get("/acl-test"), zookeeper.NoAuthException) # Attach the principal to the connection group = GroupPrincipal(self.client, "/group-b") yield group.create("test", "test") yield group.attach(client) content, stat = yield client.get("/acl-test") self.assertEqual(content, "content")
def get_token(self): """A principal identity token can be retrieved. An identity token is used to construct ACLs. """ self._check() return make_identity("%s:%s" % (self._name, self._password))
def create(self, name, password=None, otp_name=None, otp=None): """Create an OTP for a principal. """ if self._name: raise ValueError("OTPPrincipal has already been created.") self._name = name self._password = password or self._generate_string() self._otp_name = otp_name or self._generate_string() self._otp = otp or self._generate_string() acl = [make_ace( make_identity("%s:%s" % (self._otp_name, self._otp)), read=True)] # Optional additional ACL entry for unit test teardown. if self._extra_otp_ace: acl.append(self._extra_otp_ace) self._path = yield self._client.create( self._path, yaml.safe_dump(dict(name=name, password=password)), acls=acl, flags=SEQUENCE) returnValue(self)
def create(self, name, password=None, otp_name=None, otp=None): """Create an OTP for a principal. """ if self._name: raise ValueError("OTPPrincipal has already been created.") self._name = name self._password = password or self._generate_string() self._otp_name = otp_name or self._generate_string() self._otp = otp or self._generate_string() acl = [ make_ace(make_identity("%s:%s" % (self._otp_name, self._otp)), read=True) ] # Optional additional ACL entry for unit test teardown. if self._extra_otp_ace: acl.append(self._extra_otp_ace) self._path = yield self._client.create(self._path, yaml.safe_dump( dict(name=name, password=password)), acls=acl, flags=SEQUENCE) returnValue(self)
def setUp(self): self.log = self.capture_logging("juju.state.init") zookeeper.set_debug_level(0) self.client = ZookeeperClient(get_test_zookeeper_address()) self.identity = make_identity("admin:genie") self.layout = StateHierarchy( self.client, self.identity, "i-abcdef", "dummy") return self.client.connect()
def setUp(self): self.log = self.capture_logging("juju.state.init") zookeeper.set_debug_level(0) self.client = ZookeeperClient(get_test_zookeeper_address()) self.identity = make_identity("admin:genie") self.layout = StateHierarchy(self.client, self.identity, "i-abcdef", "dummy") return self.client.connect()
def _zookeeper_scripts(instance_id, secret, provider_type): return [ "juju-admin initialize" " --instance-id=%s" " --admin-identity=%s" " --provider-type=%s" % (instance_id, make_identity("admin:%s" % secret), provider_type)]
def _zookeeper_scripts(instance_id, secret, constraints, provider_type): return [ "juju-admin initialize" " --instance-id=%s" " --admin-identity=%s" " --constraints-data=%s" " --provider-type=%s" % (instance_id, make_identity("admin:%s" % secret), b64encode(safe_dump(constraints.data)), provider_type)]
def test_make_identity_with_colon_in_password(self): username = "******" password = "******" credentials = "%s:%s" % (username, password) identity = "%s:%s" %( username, base64.b64encode(hashlib.new("sha1", credentials).digest())) self.assertEqual(identity, make_identity(credentials))
def test_get_token(self): """An identity token can be gotten from a OTPPrincipal. The token returned is that of the stored credentials, not the serialized one time password principal. """ self.set_otp_test_ace() principal = OTPPrincipal(self.client) yield principal.create("foobar", "secret") self.assertEqual(principal.get_token(), make_identity("foobar:secret")) self.assertEqual(principal.name, "foobar")
def test_serialize(self): """The principal can be serialized to just the OTP data.""" self.set_otp_test_ace() principal = OTPPrincipal(self.client) yield principal.create("foobar", "secret") otp_data = principal.serialize() path, user, password = base64.b64decode(otp_data).split(":") acl, stat = yield self.client.get_acl(path) self.assertEqual(principal.get_token(), make_identity("foobar:secret")) self.assertEqual(principal.name, "foobar")
def setUp(self): yield super(LayoutTest, self).setUp() self.log = self.capture_logging("juju.state.init") zookeeper.set_debug_level(0) self.client = self.get_zookeeper_client() self.identity = make_identity("admin:genie") constraints_data = { "arch": "arm", "cpu": None, "ubuntu-series": "cranky", "provider-type": "dummy"} self.layout = StateHierarchy( self.client, self.identity, "i-abcdef", constraints_data, "dummy") yield self.client.connect()
def test_get_token(self): """An identity token can be gotten from a Principal.""" principal = GroupPrincipal(self.client, "/group-a") yield principal.create("foobar", "secret") self.assertEqual(principal.get_token(), make_identity("foobar:secret"))
def test_get_token(self): """An identity token can be gotten from a Principal.""" principal = Principal("foobar", "secret") self.assertEqual(principal.get_token(), make_identity("foobar:secret"))
def bootstrap(self): """Bootstrap a local development environment. """ # Check for existing environment state = yield self.load_state() if state is not False: raise ProviderError("Environment already bootstrapped") # Check for required packages log.info("Checking for required packages...") missing = check_packages(*REQUIRED_PACKAGES) if missing: raise ProviderError("Missing packages %s" % ( ", ".join(sorted(list(missing))))) # Get/create directory for zookeeper and files zookeeper_dir = os.path.join(self._directory, "zookeeper") if not os.path.exists(zookeeper_dir): os.makedirs(zookeeper_dir) # Start networking, and get an open port. log.info("Starting networking...") net = Network("default", subnet=122) # Start is a noop if its already started, which it is by default, # per libvirt-bin package installation yield net.start() net_attributes = yield net.get_attributes() port = get_open_port(net_attributes["ip"]["address"]) # Start zookeeper log.info("Starting zookeeper...") # Run zookeeper as the current user, unless we're being run as root # in which case run zookeeper as the 'zookeeper' user. zookeeper_user = None if os.geteuid() == 0: zookeeper_user = "******" zookeeper = Zookeeper(zookeeper_dir, port=port, host=net_attributes["ip"]["address"], user=zookeeper_user, group=zookeeper_user) yield zookeeper.start() # Starting provider storage server log.info("Starting storage server...") storage_server = StorageServer( pid_file=os.path.join(self._directory, "storage-server.pid"), storage_dir=os.path.join(self._directory, "files"), host=net_attributes["ip"]["address"], port=get_open_port(net_attributes["ip"]["address"]), log_file=os.path.join(self._directory, "storage-server.log")) yield storage_server.start() # Save the zookeeper start to provider storage. yield self.save_state({"zookeeper-instances": ["local"], "zookeeper-address": zookeeper.address}) # Initialize the zookeeper state log.debug("Initializing state...") admin_identity = make_identity( "admin:%s" % self.config["admin-secret"]) client = ZookeeperClient(zookeeper.address) yield client.connect() hierarchy = StateHierarchy(client, admin_identity, "local", "local") yield hierarchy.initialize() # Store user credentials from the running user try: public_key = get_user_authorized_keys(self.config) public_key = public_key.strip() except LookupError, e: raise ProviderError(str(e))