ominfra 0.0.0.dev126__py3-none-any.whl → 0.0.0.dev128__py3-none-any.whl

Sign up to get free protection for your applications and to get access to all the features.
Files changed (44) hide show
  1. ominfra/clouds/aws/auth.py +1 -1
  2. ominfra/deploy/_executor.py +1 -1
  3. ominfra/deploy/poly/_main.py +1 -1
  4. ominfra/pyremote/_runcommands.py +1 -1
  5. ominfra/scripts/journald2aws.py +2 -2
  6. ominfra/scripts/supervisor.py +4736 -4166
  7. ominfra/supervisor/configs.py +34 -11
  8. ominfra/supervisor/context.py +7 -345
  9. ominfra/supervisor/dispatchers.py +21 -324
  10. ominfra/supervisor/dispatchersimpl.py +343 -0
  11. ominfra/supervisor/groups.py +33 -111
  12. ominfra/supervisor/groupsimpl.py +86 -0
  13. ominfra/supervisor/inject.py +45 -20
  14. ominfra/supervisor/main.py +3 -3
  15. ominfra/supervisor/pipes.py +85 -0
  16. ominfra/supervisor/poller.py +42 -38
  17. ominfra/supervisor/privileges.py +65 -0
  18. ominfra/supervisor/process.py +6 -742
  19. ominfra/supervisor/processimpl.py +516 -0
  20. ominfra/supervisor/setup.py +38 -0
  21. ominfra/supervisor/setupimpl.py +262 -0
  22. ominfra/supervisor/spawning.py +32 -0
  23. ominfra/supervisor/spawningimpl.py +350 -0
  24. ominfra/supervisor/supervisor.py +67 -84
  25. ominfra/supervisor/types.py +101 -47
  26. ominfra/supervisor/utils/__init__.py +0 -0
  27. ominfra/supervisor/utils/collections.py +52 -0
  28. ominfra/supervisor/utils/diag.py +31 -0
  29. ominfra/supervisor/utils/fds.py +46 -0
  30. ominfra/supervisor/utils/fs.py +47 -0
  31. ominfra/supervisor/utils/os.py +45 -0
  32. ominfra/supervisor/utils/ostypes.py +9 -0
  33. ominfra/supervisor/utils/signals.py +60 -0
  34. ominfra/supervisor/utils/strings.py +105 -0
  35. ominfra/supervisor/utils/users.py +67 -0
  36. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/METADATA +3 -3
  37. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/RECORD +41 -25
  38. ominfra/supervisor/datatypes.py +0 -175
  39. ominfra/supervisor/signals.py +0 -52
  40. ominfra/supervisor/utils.py +0 -206
  41. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/LICENSE +0 -0
  42. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/WHEEL +0 -0
  43. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/entry_points.txt +0 -0
  44. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/top_level.txt +0 -0
ominfra/supervisor/privileges.py ADDED
@@ -0,0 +1,65 @@
1
+ # ruff: noqa: UP006 UP007
2
+ import grp
3
+ import os
4
+ import pwd
5
+ import typing as ta
6
+
7
+
8
+ def drop_privileges(user: ta.Union[int, str, None]) -> ta.Optional[str]:
9
+ """
10
+ Drop privileges to become the specified user, which may be a username or uid. Called for supervisord startup
11
+ and when spawning subprocesses. Returns None on success or a string error message if privileges could not be
12
+ dropped.
13
+ """
14
+
15
+ if user is None:
16
+ return 'No user specified to setuid to!'
17
+
18
+ # get uid for user, which can be a number or username
19
+ try:
20
+ uid = int(user)
21
+ except ValueError:
22
+ try:
23
+ pwrec = pwd.getpwnam(user) # type: ignore
24
+ except KeyError:
25
+ return f"Can't find username {user!r}"
26
+ uid = pwrec[2]
27
+ else:
28
+ try:
29
+ pwrec = pwd.getpwuid(uid)
30
+ except KeyError:
31
+ return f"Can't find uid {uid!r}"
32
+
33
+ current_uid = os.getuid()
34
+
35
+ if current_uid == uid:
36
+ # do nothing and return successfully if the uid is already the current one. this allows a supervisord
37
+ # running as an unprivileged user "foo" to start a process where the config has "user=foo" (same user) in
38
+ # it.
39
+ return None
40
+
41
+ if current_uid != 0:
42
+ return "Can't drop privilege as nonroot user"
43
+
44
+ gid = pwrec[3]
45
+ if hasattr(os, 'setgroups'):
46
+ user = pwrec[0]
47
+ groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
48
+
49
+ # always put our primary gid first in this list, otherwise we can lose group info since sometimes the first
50
+ # group in the setgroups list gets overwritten on the subsequent setgid call (at least on freebsd 9 with
51
+ # python 2.7 - this will be safe though for all unix /python version combos)
52
+ groups.insert(0, gid)
53
+ try:
54
+ os.setgroups(groups)
55
+ except OSError:
56
+ return 'Could not set groups of effective user'
57
+
58
+ try:
59
+ os.setgid(gid)
60
+ except OSError:
61
+ return 'Could not set group id of effective user'
62
+
63
+ os.setuid(uid)
64
+
65
+ return None