kazoo.security
¶
Kazoo Security
Public API¶
- class kazoo.security.ACL(perms, id)[source]¶
An ACL for a Zookeeper Node
An ACL object is created by using an
Id
object along with aPermissions
setting. For convenience,make_digest_acl()
should be used to create an ACL object with the desired scheme, id, and permissions.
- class kazoo.security.Id(scheme, id)¶
- kazoo.security.make_digest_acl(username, password, read=False, write=False, create=False, delete=False, admin=False, all=False)[source]¶
Create a digest ACL for Zookeeper with the given permissions
This method combines
make_digest_acl_credential()
andmake_acl()
to create anACL
object appropriate for use with Kazoo’s ACL methods.
- Parameters:
username – Username to use for the ACL.
password – A plain-text password to hash.
write (bool) – Write permission.
create (bool) – Create permission.
delete (bool) – Delete permission.
admin (bool) – Admin permission.
all (bool) – All permissions.
- Return type:
Private API¶
- kazoo.security.make_acl(scheme, credential, read=False, write=False, create=False, delete=False, admin=False, all=False)[source]¶
Given a scheme and credential, return an
ACL
object appropriate for use with Kazoo.
- Parameters:
scheme – The scheme to use. I.e. digest.
credential – A colon separated username, password. The password should be hashed with the scheme specified. The
make_digest_acl_credential()
method will create and return a credential appropriate for use with the digest scheme.write (bool) – Write permission.
create (bool) – Create permission.
delete (bool) – Delete permission.
admin (bool) – Admin permission.
all (bool) – All permissions.
- Return type:
- kazoo.security.make_digest_acl_credential(username, password)[source]¶
Create a SHA1 digest credential.
Note
This function uses UTF-8 to encode non-ASCII codepoints, whereas ZooKeeper uses the “default locale” for decoding. It may be a good idea to start the JVM with -Dfile.encoding=UTF-8 in non-UTF-8 locales. See: https://github.com/python-zk/kazoo/pull/584