How to use the kazoo.security.make_acl function in kazoo
To help you get started, we’ve selected a few kazoo examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
mwhooker / jones / jones / web.py View on Github 
def get_zk():
global _zk
if _zk is None:
_zk = KazooClient(
app.config['ZK_CONNECTION_STRING'],
default_acl=(
# grants read permissions to anyone.
make_acl('world', 'anyone', read=True),
# grants all permissions to the creator of the node.
make_acl('auth', '', all=True)
)
)
_zk.start()
_zk.add_auth('digest', jones_credential)
_zk.DataWatch('/services', func=ensure_root)
return _zk# completely own any nodes that were also created with the same
# USERNAME+PASSWORD combo. This means that if all of your
# production machines share a particular username/password,
# they can each mess with the other machines node
# registrations.
#
# Its highly recommended that you break up your server farms
# into different permission groups.
ACL = kazoo.security.make_digest_acl(u'%s' % self._username,
u'%s' % self._password,
all=True)
# This allows *all* users to read child nodes, but disallows
# them from reading, updating permissions, deleting child
# nodes, or writing to child nodes that they do not own.
READONLY_ACL = kazoo.security.make_acl(u'world', u'anyone',
create=False,
delete=False,
write=False,
read=True,
admin=False)
log.debug('Credentials were supplied, adding auth.')
self._zk.retry(self._zk.add_auth_async, 'digest', "%s:%s" %
(self._username, self._password))
if not self._acl:
self._acl = (ACL, READONLY_ACL)
# If an ACL was providfed, or we dynamically generated one with the
# username/password, then set it.
if self._acl:def get_zk():
global _zk
if _zk is None:
_zk = KazooClient(
app.config['ZK_CONNECTION_STRING'],
default_acl=(
# grants read permissions to anyone.
make_acl('world', 'anyone', read=True),
# grants all permissions to the creator of the node.
make_acl('auth', '', all=True)
)
)
_zk.start()
_zk.add_auth('digest', jones_credential)
_zk.DataWatch('/services', func=ensure_root)
return _zkdef _make_anonymous_acl(perm):
"""Constructs anonymous (world) acl."""
if not perm:
perm = 'r'
assert _is_valid_perm(perm)
return kazoo.security.make_acl(
'world', 'anyone',
read='r' in perm,
write='w' in perm,
create='c' in perm,
delete='d' in perm,
admin='a' in perm
)def make_host_acl(host, perm):
"""Create host acl in zookeeper.
"""
return kazoo.security.make_acl(
scheme='sasl', credential='host/{0}'.format(host),
read='r' in perm, write='w' in perm,
delete='d' in perm, create='c' in perm,
admin='a' in perm
)def make_role_acl(role, perm):
"""Create role acl in zookeeper.
"""
assert role in _ROLES
return kazoo.security.make_acl(
scheme='sasl', credential='role/{0}'.format(role),
read='r' in perm, write='w' in perm,
delete='d' in perm, create='c' in perm,
admin='a' in perm
)
Popular kazoo functions
- kazoo.client
- kazoo.client.KazooClient
- kazoo.client.KazooState
- kazoo.exceptions
- kazoo.exceptions.AuthFailedError
- kazoo.exceptions.ConnectionDropped
- kazoo.exceptions.KazooException
- kazoo.exceptions.NodeExistsError
- kazoo.exceptions.NoNodeError
- kazoo.exceptions.SessionExpiredError
- kazoo.exceptions.ZookeeperError
- kazoo.protocol.paths._prefix_root
- kazoo.protocol.serialization.int_struct.pack
- kazoo.protocol.serialization.int_struct.unpack
- kazoo.protocol.states.EventType
- kazoo.protocol.states.KazooState
- kazoo.protocol.states.KeeperState
- kazoo.recipe.watchers.ChildrenWatch
- kazoo.retry.KazooRetry
- kazoo.security.make_acl