pyjuju

Merge lp:~themue/pyjuju/go-state-auth into lp:pyjuju/go

  1. go-state-auth
  2. Merge into go
Proposed by Frank Mueller
Status: Rejected
Rejected by: Gustavo Niemeyer
Proposed branch: lp:~themue/pyjuju/go-state-auth
Merge into: lp:pyjuju/go
Diff against target: 171 lines (+162/-0)
2 files modified
state/auth.go (+65/-0)
state/auth_test.go (+97/-0)
To merge this branch: bzr merge lp:~themue/pyjuju/go-state-auth
Reviewer Review Type Date Requested Status
Juju Engineering Pending
Review via email: mp+98848@code.launchpad.net

Description of the change

Port off auth.py with tests to Go state.

https://codereview.appspot.com/5875047/

To post a comment you must log in.
Revision history for this message
Gustavo Niemeyer (niemeyer) wrote :

On 2012/03/22 14:24:11, TheMue wrote:
> Please take a look.

As we discussed, we won't be using this yet, so I'm marking it as
rejected for the moment. It may be revived in the future.

https://codereview.appspot.com/5875047/

Unmerged revisions

101. By Frank Mueller

Added go port off auth.py.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== added file 'state/auth.go'
2--- state/auth.go 1970-01-01 00:00:00 +0000
3+++ state/auth.go 2012-03-22 14:28:19 +0000
4@@ -0,0 +1,65 @@
5+// launchpad.net/juju/state
6+//
7+// Copyright (c) 2011-2012 Canonical Ltd.
8+
9+package state
10+
11+import (
12+ "crypto/sha1"
13+ "encoding/base64"
14+ "fmt"
15+ "io"
16+ "launchpad.net/gozk/zookeeper"
17+ "strings"
18+)
19+
20+var permMap = map[string]int{
21+ "read": zookeeper.PERM_READ,
22+ "write": zookeeper.PERM_WRITE,
23+ "create": zookeeper.PERM_CREATE,
24+ "delete": zookeeper.PERM_DELETE,
25+ "admin": zookeeper.PERM_ADMIN,
26+ "all": zookeeper.PERM_ALL,
27+}
28+
29+// MakeIdentity transforms principal credentials in the form of
30+// principal_id:password into an identiy of the form principal_id:hash
31+// that can be used for an access control list entry.
32+func MakeIdentity(credentials string) (string, error) {
33+ pp := strings.SplitN(credentials, ":", 2)
34+ if len(pp) != 2 {
35+ return "", fmt.Errorf("state: credentials in wrong format, should be principal_id:password")
36+ }
37+ hash := sha1.New()
38+ io.WriteString(hash, credentials)
39+ hash64 := base64.StdEncoding.EncodeToString(hash.Sum(nil))
40+ return fmt.Sprintf("%s:%s", pp[0], hash64), nil
41+}
42+
43+// AccessControlEntry is an association of identity to
44+// scheme and permissions.
45+type AccessControlEntry struct {
46+ Identity string `yaml:"id"`
47+ Scheme string
48+ Permissions int `yaml:"perms"`
49+}
50+
51+// MakeACE creates an access control entry (ACE) out of a user identity,
52+// a scheme and a number of permissions.
53+func MakeACE(identity, scheme string, permissions ...string) (*AccessControlEntry, error) {
54+ if scheme != "digest" && scheme != "world" {
55+ return nil, fmt.Errorf("state: invalid scheme %q", scheme)
56+ }
57+ acePermissions := 0
58+ for _, permName := range permissions {
59+ _, ok := permMap[permName]
60+ if !ok {
61+ return nil, fmt.Errorf("state: invalid permission keyword %q", permName)
62+ }
63+ acePermissions = acePermissions | permMap[permName]
64+ }
65+ if acePermissions == 0 {
66+ return nil, fmt.Errorf("state: no permissions specified")
67+ }
68+ return &AccessControlEntry{identity, scheme, acePermissions}, nil
69+}
70
71=== added file 'state/auth_test.go'
72--- state/auth_test.go 1970-01-01 00:00:00 +0000
73+++ state/auth_test.go 2012-03-22 14:28:19 +0000
74@@ -0,0 +1,97 @@
75+// launchpad.net/juju/go/state
76+//
77+// Copyright (c) 2011-2012 Canonical Ltd.
78+package state_test
79+
80+import (
81+ "crypto/sha1"
82+ "encoding/base64"
83+ "fmt"
84+ "io"
85+ . "launchpad.net/gocheck"
86+ "launchpad.net/gozk/zookeeper"
87+ "launchpad.net/juju/go/state"
88+)
89+
90+type AuthSuite struct{}
91+
92+var _ = Suite(&AuthSuite{})
93+
94+// encode64 builds the sha1 checksum of a string and
95+// encodes it in base64.
96+func encode64(s string) string {
97+ hash := sha1.New()
98+ io.WriteString(hash, s)
99+ return base64.StdEncoding.EncodeToString(hash.Sum(nil))
100+}
101+
102+func (s *AuthSuite) TestMakeIdentitiy(c *C) {
103+ username := "admin"
104+ password := "pass"
105+ credentials := fmt.Sprintf("%s:%s", username, password)
106+ identity := fmt.Sprintf("%s:%s", username, encode64(credentials))
107+ makeIdentity, err := state.MakeIdentity(credentials)
108+
109+ c.Assert(err, IsNil)
110+ c.Assert(identity, Equals, makeIdentity)
111+}
112+
113+func (s *AuthSuite) TestMakeIdentitiyWithColonInPassword(c *C) {
114+ username := "admin"
115+ password := ":pass:"
116+ credentials := fmt.Sprintf("%s:%s", username, password)
117+ identity := fmt.Sprintf("%s:%s", username, encode64(credentials))
118+ makeIdentity, err := state.MakeIdentity(credentials)
119+
120+ c.Assert(err, IsNil)
121+ c.Assert(identity, Equals, makeIdentity)
122+}
123+
124+func (s *AuthSuite) TestMakeIdentitiyInvalidCredentials(c *C) {
125+ credentials := "abc"
126+ _, err := state.MakeIdentity(credentials)
127+
128+ c.Assert(err, ErrorMatches, "state: credentials in wrong format, should be principal_id:password")
129+}
130+
131+func (s *AuthSuite) TestMakeACE(c *C) {
132+ identity := "admin:moss"
133+ ace, err := state.MakeACE(identity, "digest", "write", "create")
134+
135+ c.Assert(err, IsNil)
136+ c.Assert(ace.Identity, Equals, identity)
137+ c.Assert(ace.Scheme, Equals, "digest")
138+ c.Assert(ace.Permissions, Equals, zookeeper.PERM_WRITE|zookeeper.PERM_CREATE)
139+}
140+
141+func (s *AuthSuite) TestMakeACEWithUnknownPermission(c *C) {
142+ identity := "admin:moss"
143+ _, err := state.MakeACE(identity, "digest", "read", "extra", "write")
144+
145+ c.Assert(err, ErrorMatches, `state: invalid permission keyword "extra"`)
146+}
147+
148+func (s *AuthSuite) TestMakeACENoPermissions(c *C) {
149+ identity := "admin:moss"
150+
151+ _, err := state.MakeACE(identity, "digest")
152+
153+ c.Assert(err, ErrorMatches, "state: no permissions specified")
154+}
155+
156+func (s *AuthSuite) TestMakeACEWorldScheme(c *C) {
157+ identity := "anyone"
158+ ace, err := state.MakeACE(identity, "world", "all")
159+
160+ c.Assert(err, IsNil)
161+ c.Assert(ace.Identity, Equals, identity)
162+ c.Assert(ace.Scheme, Equals, "world")
163+ c.Assert(ace.Permissions, Equals, zookeeper.PERM_ALL)
164+}
165+
166+func (s *AuthSuite) TestMakeACEUnknownScheme(c *C) {
167+ identity := "anyone"
168+ _, err := state.MakeACE(identity, "mickey", "all")
169+
170+ c.Assert(err, ErrorMatches, `state: invalid scheme "mickey"`)
171+}

Subscribers

People subscribed via source and target branches