def add_acs_resource(resource): """Create given ACS `{resource}`. For more information consult the DC/OS documentation: https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/ """ import json try: logger.info('Adding ACS resource: {}'.format(resource)) url = dcos_url_path('acs/api/v1/acls/{}'.format(resource)) extra_args = {'headers': {'Content-Type': 'application/json'}} req = http.put(url, data=json.dumps({'description': resource}), **extra_args) assert req.status_code == 201, 'Failed create ACS resource: {}, {}'.format( req, req.text) except DCOSHTTPException as e: if (e.response.status_code == 409): logger.info('ACS resource {} already exists'.format(resource)) else: logger.error("Unexpected HTTP error: {}, {}".format( e.response, e.response.text)) raise except Exception: logger.exception( "Unexpected error while adding ACS resource {}".format(resource)) raise
def test_non_authorized_user(): with new_dcos_user('kenny', 'kenny') as auth_token: auth = DCOSAcsAuth(auth_token) response = requests.get(dcos_url_path('service/marathon/v2/apps'), auth=auth, verify=verify_ssl()) assert response.status_code == 403
def set_service_account_permissions(service_account, resource='dcos:superuser', action='full'): """Set permissions for given `{service_account}` for passed `{resource}` with `{action}`. For more information consult the DC/OS documentation: https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/ """ try: logger.info('Granting {} permissions to {}/users/{}'.format( action, resource, service_account)) url = dcos_url_path('acs/api/v1/acls/{}/users/{}/{}'.format( resource, service_account, action)) req = http.put(url) msg = 'Failed to grant permissions to the service account: {}, {}'.format( req, req.text) assert req.status_code == 204, msg except DCOSHTTPException as e: if (e.response.status_code == 409): logger.info( 'Service account {} already has {} permissions set'.format( service_account, resource)) else: logger.error("Unexpected HTTP error: {}".format(e.response)) raise except Exception: logger.exception( "Unexpected error when setting service account permissions") raise
async def sse_events(): url = dcos_url_path('service/marathon/v2/events') headers = {'Authorization': 'token={}'.format(dcos_acs_token()), 'Accept': 'text/event-stream'} ssl_context = get_ssl_context() verify_ssl = ssl_context is not None async with aiohttp.ClientSession(headers=headers) as session: async with session.get(url, verify_ssl=verify_ssl, ssl_context=ssl_context) as response: async def internal_generator(): client = SSEClient(response.content) async for event in client.events(): yield json.loads(event.data) yield internal_generator()
async def sse_events(): url = dcos_url_path('service/marathon/v2/events') headers = { 'Authorization': 'token={}'.format(dcos_acs_token()), 'Accept': 'text/event-stream' } ssl_context = get_ssl_context() verify_ssl = ssl_context is not None async with aiohttp.ClientSession(headers=headers) as session: async with session.get(url, verify_ssl=verify_ssl, ssl_context=ssl_context) as response: async def internal_generator(): client = SSEClient(response.content) async for event in client.events(): yield json.loads(event.data) yield internal_generator()
def add_acs_resource(resource): """Create given ACS `{resource}`. For more information consult the DC/OS documentation: https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/ """ import json try: logger.info('Adding ACS resource: {}'.format(resource)) url = dcos_url_path('acs/api/v1/acls/{}'.format(resource)) auth = DCOSAcsAuth(dcos_acs_token()) req = requests.put(url, data=json.dumps({'description': resource}), headers={'Content-Type': 'application/json'}, auth=auth, verify=verify_ssl()) req.raise_for_status() assert req.status_code == 201, 'Failed create ACS resource: {}, {}'.format(req, req.text) except requests.HTTPError as e: if (e.response.status_code == 409): logger.info('ACS resource {} already exists'.format(resource)) else: logger.error("Unexpected HTTP error: {}, {}".format(e.response, e.response.text)) raise except Exception: logger.exception("Unexpected error while adding ACS resource {}".format(resource)) raise
def set_service_account_permissions(service_account, resource='dcos:superuser', action='full'): """Set permissions for given `{service_account}` for passed `{resource}` with `{action}`. For more information consult the DC/OS documentation: https://docs.mesosphere.com/1.9/administration/id-and-access-mgt/permissions/user-service-perms/ """ try: logger.info('Granting {} permissions to {}/users/{}'.format(action, resource, service_account)) url = dcos_url_path('acs/api/v1/acls/{}/users/{}/{}'.format(resource, service_account, action)) auth = DCOSAcsAuth(dcos_acs_token()) req = requests.put(url, auth=auth, verify=verify_ssl()) req.raise_for_status() msg = 'Failed to grant permissions to the service account: {}, {}'.format(req, req.text) assert req.status_code == 204, msg except requests.HTTPError as e: if (e.response.status_code == 409): logger.info('Service account {} already has {} permissions set'.format(service_account, resource)) else: logger.error("Unexpected HTTP error: {}".format(e.response)) raise except Exception: logger.exception("Unexpected error when setting service account permissions") raise
def test_non_authenticated_user(): response = requests.get(dcos_url_path('service/marathon/v2/apps'), auth=None, verify=verify_ssl()) assert response.status_code == 401
def get_marathon_endpoint(path, marathon_name='marathon'): """Returns the url for the marathon endpoint.""" return dcos_url_path('service/{}/{}'.format(marathon_name, path))