1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
"""Kazoo Security
"""
from collections import namedtuple
import hashlib
# Represents a Zookeeper ID and ACL object
Id = namedtuple('Id', 'scheme id')
ACL = namedtuple('ACL', 'perms id')
class Permissions(object):
READ = 1
WRITE = 2
CREATE = 4
DELETE = 8
ADMIN = 16
ALL = 31
# Shortcuts for common Ids
ANYONE_ID_UNSAFE = Id('world', 'anyone')
AUTH_IDS = Id('world', 'anyone')
# Shortcuts for common ACLs
OPEN_ACL_UNSAFE = [ACL(Permissions.ALL, ANYONE_ID_UNSAFE)]
CREATOR_ALL_ACL = [ACL(Permissions.ALL, AUTH_IDS)]
READ_ACL_UNSAFE = [ACL(Permissions.READ, ANYONE_ID_UNSAFE)]
def make_digest_acl_credential(username, password):
"""Create a SHA1 digest credential"""
credential = "%s:%s" % (username, password)
cred_hash = hashlib.sha1(credential).digest().encode('base64').strip()
return "%s:%s" % (username, cred_hash)
def make_acl(scheme, credential, read=False, write=False,
create=False, delete=False, admin=False, all=False):
"""Given a scheme and credential, return an ACL dict appropriate for
Zookeeper"""
if all:
permissions = Permissions.ALL
else:
permissions = 0
if read:
permissions |= Permissions.READ
if write:
permissions |= Permissions.WRITE
if create:
permissions |= Permissions.CREATE
if delete:
permissions |= Permissions.DELETE
if admin:
permissions |= Permissions.ADMIN
return dict(scheme=scheme, id=credential, perms=permissions)
def make_digest_acl(username, password, read=False, write=False,
create=False, delete=False, admin=False, all=False):
"""Create a digest ACL for Zookeeper with the given permissions"""
cred = make_digest_acl_credential(username, password)
return make_acl("digest", cred, read=read, write=write, create=create,
delete=delete, admin=admin, all=all)
|
