def test_perm_listing(self):
from kazoo.security import ACL
f = ACL(15, 'fred')
self.assert_('READ' in f.acl_list)
self.assert_('WRITE' in f.acl_list)
self.assert_('CREATE' in f.acl_list)
self.assert_('DELETE' in f.acl_list)
f = ACL(16, 'fred')
self.assert_('ADMIN' in f.acl_list)
f = ACL(31, 'george')
self.assert_('ALL' in f.acl_list)
def test_announcer_provider_with_acl(mock_client_provider,
mock_serverset_provider):
mock_client = create_autospec(spec=KazooClient, instance=True)
mock_client_provider.return_value = mock_client
mock_serverset = create_autospec(spec=ServerSet, instance=True)
mock_serverset_provider.return_value = mock_serverset
zk_auth = ZkAuth(auth=[Auth(scheme='s', credential='ca')],
acl=[
Access(scheme='s',
credential='cl',
permissions=Permissions(create=True))
])
dap = DefaultAnnouncerCheckerProvider('zookeeper.example.com', '', False,
None, zk_auth)
job = make_job('aurora', 'prod', 'proxy', 'primary', portmap={})
assigned_task = make_assigned_task(job, assigned_ports={'primary': 12345})
dap.from_assigned_task(assigned_task, None)
mock_client_provider.assert_called_once_with(
'zookeeper.example.com',
connection_retry=dap.DEFAULT_RETRY_POLICY,
auth_data=[('s', 'ca')],
default_acl=[ACL(KazooPermissions.CREATE, Id('s', 'cl'))])
def from_dict(cls, acl_dict):
""" ACL from dict """
perms = acl_dict.get("perms", Permissions.ALL)
id_dict = acl_dict.get("id", {})
id_scheme = id_dict.get("scheme", "world")
id_id = id_dict.get("id", "anyone")
return ACL(perms, Id(id_scheme, id_id))
def zk(zk_conn):
# FIXME(prozlach): Let's narrow down this permisssions to better reflect
# what bootstrap script is doing. This requires some research wrt the IP
# we are connecting from to the container
# acl = LOCALHOST_ALL + [self.make_service_acl('dcos_etcd', all=True)]
anyone_all = [ACL(Permissions.ALL, ANYONE_ID_UNSAFE)]
zk_conn.ensure_path('/etcd', acl=anyone_all)
zk_conn.ensure_path('/etcd/nodes', acl=anyone_all)
zk_conn.set('/etcd/nodes', b"")
zk_conn.ensure_path('/etcd/locking', acl=anyone_all)
zk_conn.set('/etcd/locking', b"")
yield zk_conn
zk_conn.delete('/etcd', recursive=True)
import uuid
import kazoo.exceptions
from kazoo.client import KazooClient
from kazoo.retry import KazooRetry
from kazoo.security import ACL, ANYONE_ID_UNSAFE, Permissions
from dcos_internal_utils import utils
from pkgpanda.util import is_windows
if not is_windows:
assert 'pwd' in sys.modules
log = logging.getLogger(__name__)
ANYONE_READ = [ACL(Permissions.READ, ANYONE_ID_UNSAFE)]
ANYONE_ALL = [ACL(Permissions.ALL, ANYONE_ID_UNSAFE)]
class Bootstrapper(object):
def __init__(self, zk_hosts):
conn_retry_policy = KazooRetry(max_tries=-1, delay=0.1, max_delay=0.1)
cmd_retry_policy = KazooRetry(max_tries=3,
delay=0.3,
backoff=1,
max_delay=1,
ignore_expire=False)
self._zk = KazooClient(hosts=zk_hosts,
connection_retry=conn_retry_policy,
command_retry=cmd_retry_policy)
def read_acl(bytes, offset):
perms = int_struct.unpack_from(bytes, offset)[0]
offset += int_struct.size
scheme, offset = read_string(bytes, offset)
id, offset = read_string(bytes, offset)
return ACL(perms, Id(scheme, id)), offset
def test_perm_repr(self):
from kazoo.security import ACL
f = ACL(16, 'fred')
self.assert_("ACL(perms=16, acl_list=['ADMIN']" in repr(f))
def test_username_password(self):
acl = ACLReader.extract_acl('username_password:user:secret:cdrwa')
expected = ACL(perms=31,
id=Id(scheme='digest',
id=u'user:5w9W4eL3797Y4Wq8AcKUPPk8ha4='))
self.assertEqual(expected, acl)
def test_extract_acl(self):
acl = ACLReader.extract_acl('world:anyone:cdrwa')
expected = ACL(perms=31, id=Id(scheme='world', id='anyone'))
self.assertEqual(expected, acl)