maojian
/
CnOCRService
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
图片解析应用
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
49 MiB
Tree: 98388440de
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '98388440de'
${ noResults }
CnOCRService/Lib/site-packages/kazoo/security.py

175 lines
4.7 KiB
Raw Normal View History

图片解析应用
7 months ago
  1. """Kazoo Security"""
  2. from base64 import b64encode
  3. from collections import namedtuple
  4. import hashlib
  7. # Represents a Zookeeper ID and ACL object
  8. Id = namedtuple("Id", "scheme id")
  11. class ACL(namedtuple("ACL", "perms id")):
  12. """An ACL for a Zookeeper Node
  14. An ACL object is created by using an :class:`Id` object along with
  15. a :class:`Permissions` setting. For convenience,
  16. :meth:`make_digest_acl` should be used to create an ACL object with
  17. the desired scheme, id, and permissions.
  18. """
  20. @property
  21. def acl_list(self):
  22. perms = []
  23. if self.perms & Permissions.ALL == Permissions.ALL:
  24. perms.append("ALL")
  25. return perms
  26. if self.perms & Permissions.READ == Permissions.READ:
  27. perms.append("READ")
  28. if self.perms & Permissions.WRITE == Permissions.WRITE:
  29. perms.append("WRITE")
  30. if self.perms & Permissions.CREATE == Permissions.CREATE:
  31. perms.append("CREATE")
  32. if self.perms & Permissions.DELETE == Permissions.DELETE:
  33. perms.append("DELETE")
  34. if self.perms & Permissions.ADMIN == Permissions.ADMIN:
  35. perms.append("ADMIN")
  36. return perms
  38. def __repr__(self):
  39. return "ACL(perms=%r, acl_list=%s, id=%r)" % (
  40. self.perms,
  41. self.acl_list,
  42. self.id,
  43. )
  46. class Permissions(object):
  47. READ = 1
  48. WRITE = 2
  49. CREATE = 4
  50. DELETE = 8
  51. ADMIN = 16
  52. ALL = 31
  55. # Shortcuts for common Ids
  56. ANYONE_ID_UNSAFE = Id("world", "anyone")
  57. AUTH_IDS = Id("auth", "")
  59. # Shortcuts for common ACLs
  60. OPEN_ACL_UNSAFE = [ACL(Permissions.ALL, ANYONE_ID_UNSAFE)]
  61. CREATOR_ALL_ACL = [ACL(Permissions.ALL, AUTH_IDS)]
  62. READ_ACL_UNSAFE = [ACL(Permissions.READ, ANYONE_ID_UNSAFE)]
  65. def make_digest_acl_credential(username, password):
  66. """Create a SHA1 digest credential.
  68. .. note::
  70. This function uses UTF-8 to encode non-ASCII codepoints,
  71. whereas ZooKeeper uses the "default locale" for decoding. It
  72. may be a good idea to start the JVM with `-Dfile.encoding=UTF-8`
  73. in non-UTF-8 locales.
  74. See: https://github.com/python-zk/kazoo/pull/584
  76. """
  77. credential = username.encode("utf-8") + b":" + password.encode("utf-8")
  78. cred_hash = b64encode(hashlib.sha1(credential).digest()).strip()
  79. return username + ":" + cred_hash.decode("utf-8")
  82. def make_acl(
  83. scheme,
  84. credential,
  85. read=False,
  86. write=False,
  87. create=False,
  88. delete=False,
  89. admin=False,
  90. all=False,
  91. ):
  92. """Given a scheme and credential, return an :class:`ACL` object
  93. appropriate for use with Kazoo.
  95. :param scheme: The scheme to use. I.e. `digest`.
  96. :param credential:
  97. A colon separated username, password. The password should be
  98. hashed with the `scheme` specified. The
  99. :meth:`make_digest_acl_credential` method will create and
  100. return a credential appropriate for use with the `digest`
  101. scheme.
  102. :param write: Write permission.
  103. :type write: bool
  104. :param create: Create permission.
  105. :type create: bool
  106. :param delete: Delete permission.
  107. :type delete: bool
  108. :param admin: Admin permission.
  109. :type admin: bool
  110. :param all: All permissions.
  111. :type all: bool
  113. :rtype: :class:`ACL`
  115. """
  116. if all:
  117. permissions = Permissions.ALL
  118. else:
  119. permissions = 0
  120. if read:
  121. permissions |= Permissions.READ
  122. if write:
  123. permissions |= Permissions.WRITE
  124. if create:
  125. permissions |= Permissions.CREATE
  126. if delete:
  127. permissions |= Permissions.DELETE
  128. if admin:
  129. permissions |= Permissions.ADMIN
  130. return ACL(permissions, Id(scheme, credential))
  133. def make_digest_acl(
  134. username,
  135. password,
  136. read=False,
  137. write=False,
  138. create=False,
  139. delete=False,
  140. admin=False,
  141. all=False,
  142. ):
  143. """Create a digest ACL for Zookeeper with the given permissions
  145. This method combines :meth:`make_digest_acl_credential` and
  146. :meth:`make_acl` to create an :class:`ACL` object appropriate for
  147. use with Kazoo's ACL methods.
  149. :param username: Username to use for the ACL.
  150. :param password: A plain-text password to hash.
  151. :param write: Write permission.
  152. :type write: bool
  153. :param create: Create permission.
  154. :type create: bool
  155. :param delete: Delete permission.
  156. :type delete: bool
  157. :param admin: Admin permission.
  158. :type admin: bool
  159. :param all: All permissions.
  160. :type all: bool
  162. :rtype: :class:`ACL`
  164. """
  165. cred = make_digest_acl_credential(username, password)
  166. return make_acl(
  167. "digest",
  168. cred,
  169. read=read,
  170. write=write,
  171. create=create,
  172. delete=delete,
  173. admin=admin,
  174. all=all,
  175. )