ominfra 0.0.0.dev126__py3-none-any.whl → 0.0.0.dev128__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. ominfra/clouds/aws/auth.py +1 -1
  2. ominfra/deploy/_executor.py +1 -1
  3. ominfra/deploy/poly/_main.py +1 -1
  4. ominfra/pyremote/_runcommands.py +1 -1
  5. ominfra/scripts/journald2aws.py +2 -2
  6. ominfra/scripts/supervisor.py +4736 -4166
  7. ominfra/supervisor/configs.py +34 -11
  8. ominfra/supervisor/context.py +7 -345
  9. ominfra/supervisor/dispatchers.py +21 -324
  10. ominfra/supervisor/dispatchersimpl.py +343 -0
  11. ominfra/supervisor/groups.py +33 -111
  12. ominfra/supervisor/groupsimpl.py +86 -0
  13. ominfra/supervisor/inject.py +45 -20
  14. ominfra/supervisor/main.py +3 -3
  15. ominfra/supervisor/pipes.py +85 -0
  16. ominfra/supervisor/poller.py +42 -38
  17. ominfra/supervisor/privileges.py +65 -0
  18. ominfra/supervisor/process.py +6 -742
  19. ominfra/supervisor/processimpl.py +516 -0
  20. ominfra/supervisor/setup.py +38 -0
  21. ominfra/supervisor/setupimpl.py +262 -0
  22. ominfra/supervisor/spawning.py +32 -0
  23. ominfra/supervisor/spawningimpl.py +350 -0
  24. ominfra/supervisor/supervisor.py +67 -84
  25. ominfra/supervisor/types.py +101 -47
  26. ominfra/supervisor/utils/__init__.py +0 -0
  27. ominfra/supervisor/utils/collections.py +52 -0
  28. ominfra/supervisor/utils/diag.py +31 -0
  29. ominfra/supervisor/utils/fds.py +46 -0
  30. ominfra/supervisor/utils/fs.py +47 -0
  31. ominfra/supervisor/utils/os.py +45 -0
  32. ominfra/supervisor/utils/ostypes.py +9 -0
  33. ominfra/supervisor/utils/signals.py +60 -0
  34. ominfra/supervisor/utils/strings.py +105 -0
  35. ominfra/supervisor/utils/users.py +67 -0
  36. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/METADATA +3 -3
  37. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/RECORD +41 -25
  38. ominfra/supervisor/datatypes.py +0 -175
  39. ominfra/supervisor/signals.py +0 -52
  40. ominfra/supervisor/utils.py +0 -206
  41. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/LICENSE +0 -0
  42. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/WHEEL +0 -0
  43. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/entry_points.txt +0 -0
  44. {ominfra-0.0.0.dev126.dist-info → ominfra-0.0.0.dev128.dist-info}/top_level.txt +0 -0
ominfra/supervisor/privileges.py ADDED
@@ -0,0 +1,65 @@
1
+ # ruff: noqa: UP006 UP007
2
+ import grp
3
+ import os
4
+ import pwd
5
+ import typing as ta
6
+
7
+
8
+ def drop_privileges(user: ta.Union[int, str, None]) -> ta.Optional[str]:
9
+ """
10
+ Drop privileges to become the specified user, which may be a username or uid. Called for supervisord startup
11
+ and when spawning subprocesses. Returns None on success or a string error message if privileges could not be
12
+ dropped.
13
+ """
14
+
15
+ if user is None:
16
+ return 'No user specified to setuid to!'
17
+
18
+ # get uid for user, which can be a number or username
19
+ try:
20
+ uid = int(user)
21
+ except ValueError:
22
+ try:
23
+ pwrec = pwd.getpwnam(user) # type: ignore
24
+ except KeyError:
25
+ return f"Can't find username {user!r}"
26
+ uid = pwrec[2]
27
+ else:
28
+ try:
29
+ pwrec = pwd.getpwuid(uid)
30
+ except KeyError:
31
+ return f"Can't find uid {uid!r}"
32
+
33
+ current_uid = os.getuid()
34
+
35
+ if current_uid == uid:
36
+ # do nothing and return successfully if the uid is already the current one. this allows a supervisord
37
+ # running as an unprivileged user "foo" to start a process where the config has "user=foo" (same user) in
38
+ # it.
39
+ return None
40
+
41
+ if current_uid != 0:
42
+ return "Can't drop privilege as nonroot user"
43
+
44
+ gid = pwrec[3]
45
+ if hasattr(os, 'setgroups'):
46
+ user = pwrec[0]
47
+ groups = [grprec[2] for grprec in grp.getgrall() if user in grprec[3]]
48
+
49
+ # always put our primary gid first in this list, otherwise we can lose group info since sometimes the first
50
+ # group in the setgroups list gets overwritten on the subsequent setgid call (at least on freebsd 9 with
51
+ # python 2.7 - this will be safe though for all unix /python version combos)
52
+ groups.insert(0, gid)
53
+ try:
54
+ os.setgroups(groups)
55
+ except OSError:
56
+ return 'Could not set groups of effective user'
57
+
58
+ try:
59
+ os.setgid(gid)
60
+ except OSError:
61
+ return 'Could not set group id of effective user'
62
+
63
+ os.setuid(uid)
64
+
65
+ return None