func NewUserManagerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*UserManagerAPI, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
resource, ok := resources.Get("createLocalLoginMacaroon").(common.ValueResource)
if !ok {
return nil, errors.NotFoundf("userAuth resource")
}
createLocalLoginMacaroon, ok := resource.Value.(func(names.UserTag) (*macaroon.Macaroon, error))
if !ok {
return nil, errors.NotValidf("userAuth resource")
}
return &UserManagerAPI{
state: st,
authorizer: authorizer,
createLocalLoginMacaroon: createLocalLoginMacaroon,
check: common.NewBlockChecker(st),
}, nil
}
// NewPinger returns an object that can be pinged by calling its Ping method.
// If this method is not called frequently enough, the connection will be
// dropped.
func NewPinger(st *state.State, resources *common.Resources, authorizer common.Authorizer) (Pinger, error) {
pingTimeout, ok := resources.Get("pingTimeout").(*pingTimeout)
if !ok {
return nullPinger{}, nil
}
return pingTimeout, nil
}
func extractResourceValue(resources *common.Resources, key string) (string, error) {
res := resources.Get(key)
strRes, ok := res.(common.StringResource)
if !ok {
if res == nil {
strRes = ""
} else {
return "", errors.Errorf("invalid %s resource: %v", key, res)
}
}
return strRes.String(), nil
}
func leadershipSettingsAccessorFactory(
st *state.State,
resources *common.Resources,
auth common.Authorizer,
) *leadershipapiserver.LeadershipSettingsAccessor {
registerWatcher := func(serviceId string) (string, error) {
settingsWatcher := st.WatchLeadershipSettings(serviceId)
if _, ok := <-settingsWatcher.Changes(); ok {
return resources.Register(settingsWatcher), nil
}
return "", watcher.EnsureErr(settingsWatcher)
}
// TODO(katco-): <2015-01-21 Wed>
// Due to time constraints, we're translating between
// map[string]interface{} and map[string]string. At some point we
// should support a native read of this format straight from
// state.
getSettings := func(serviceId string) (map[string]string, error) {
settings, err := st.ReadLeadershipSettings(serviceId)
if err != nil {
return nil, err
}
// Perform the conversion
rawMap := settings.Map()
leadershipSettings := make(map[string]string)
for k, v := range rawMap {
leadershipSettings[k] = v.(string)
}
return leadershipSettings, nil
}
writeSettings := func(serviceId string, settings map[string]string) error {
currentSettings, err := st.ReadLeadershipSettings(serviceId)
if err != nil {
return err
}
rawSettings := make(map[string]interface{})
for k, v := range settings {
rawSettings[k] = v
}
currentSettings.Update(rawSettings)
_, err = currentSettings.Write()
return errors.Annotate(err, "could not write changes")
}
ldrMgr := leadership.NewLeadershipManager(lease.Manager())
return leadershipapiserver.NewLeadershipSettingsAccessor(
auth,
registerWatcher,
getSettings,
writeSettings,
ldrMgr.Leader,
)
}
func newNotifyWatcher(st *state.State, resources *common.Resources, auth common.Authorizer, id string) (interface{}, error) {
if !isAgent(auth) {
return nil, common.ErrPerm
}
watcher, ok := resources.Get(id).(state.NotifyWatcher)
if !ok {
return nil, common.ErrUnknownWatcher
}
return &srvNotifyWatcher{
watcher: watcher,
id: id,
resources: resources,
}, nil
}
func newClientAllWatcher(st *state.State, resources *common.Resources, auth common.Authorizer, id string) (interface{}, error) {
if !auth.AuthClient() {
return nil, common.ErrPerm
}
watcher, ok := resources.Get(id).(*state.Multiwatcher)
if !ok {
return nil, common.ErrUnknownWatcher
}
return &srvClientAllWatcher{
watcher: watcher,
id: id,
resources: resources,
}, nil
}
func newMachineStorageIdsWatcher(
st *state.State,
resources *common.Resources,
auth common.Authorizer,
id string,
parser func([]string) ([]params.MachineStorageId, error),
) (interface{}, error) {
if !isAgent(auth) {
return nil, common.ErrPerm
}
watcher, ok := resources.Get(id).(state.StringsWatcher)
if !ok {
return nil, common.ErrUnknownWatcher
}
return &srvMachineStorageIdsWatcher{watcher, id, resources, parser}, nil
}
func newMigrationStatusWatcher(
st *state.State,
resources *common.Resources,
auth common.Authorizer,
id string,
) (interface{}, error) {
if !(auth.AuthMachineAgent() || auth.AuthUnitAgent()) {
return nil, common.ErrPerm
}
w, ok := resources.Get(id).(state.NotifyWatcher)
if !ok {
return nil, common.ErrUnknownWatcher
}
return &srvMigrationStatusWatcher{
watcher: w,
id: id,
resources: resources,
st: getMigrationBackend(st),
}, nil
}
func newMigrationMasterWatcher(
st *state.State,
resources *common.Resources,
auth common.Authorizer,
id string,
) (interface{}, error) {
if !auth.AuthModelManager() {
return nil, common.ErrPerm
}
w, ok := resources.Get(id).(state.NotifyWatcher)
if !ok {
return nil, common.ErrUnknownWatcher
}
return &srvMigrationMasterWatcher{
watcher: w,
id: id,
resources: resources,
st: migrationGetter(st),
}, nil
}
// TestWatchMeterStatus tests the meter status watcher functionality.
func TestWatchMeterStatus(c *gc.C, status meterstatus.MeterStatus, unit *jujustate.Unit, state *jujustate.State, resources *common.Resources) {
c.Assert(resources.Count(), gc.Equals, 0)
args := params.Entities{Entities: []params.Entity{
{Tag: unit.UnitTag().String()},
{Tag: "unit-foo-42"},
}}
result, err := status.WatchMeterStatus(args)
c.Assert(err, jc.ErrorIsNil)
c.Assert(result, gc.DeepEquals, params.NotifyWatchResults{
Results: []params.NotifyWatchResult{
{NotifyWatcherId: "1"},
{Error: apiservertesting.ErrUnauthorized},
},
})
// Verify the resource was registered and stop when done
c.Assert(resources.Count(), gc.Equals, 1)
resource := resources.Get("1")
defer statetesting.AssertStop(c, resource)
// Check that the Watch has consumed the initial event ("returned" in
// the Watch call)
wc := statetesting.NewNotifyWatcherC(c, state, resource.(jujustate.NotifyWatcher))
wc.AssertNoChange()
err = unit.SetMeterStatus("GREEN", "No additional information.")
c.Assert(err, jc.ErrorIsNil)
wc.AssertOneChange()
}
func leadershipSettingsAccessorFactory(
st *state.State,
resources *common.Resources,
auth common.Authorizer,
) *leadershipapiserver.LeadershipSettingsAccessor {
registerWatcher := func(serviceId string) (string, error) {
service, err := st.Service(serviceId)
if err != nil {
return "", err
}
w := service.WatchLeaderSettings()
if _, ok := <-w.Changes(); ok {
return resources.Register(w), nil
}
return "", watcher.EnsureErr(w)
}
getSettings := func(serviceId string) (map[string]string, error) {
service, err := st.Service(serviceId)
if err != nil {
return nil, err
}
return service.LeaderSettings()
}
writeSettings := func(token leadership.Token, serviceId string, settings map[string]string) error {
service, err := st.Service(serviceId)
if err != nil {
return err
}
return service.UpdateLeaderSettings(token, settings)
}
return leadershipapiserver.NewLeadershipSettingsAccessor(
auth,
registerWatcher,
getSettings,
st.LeadershipChecker().LeadershipCheck,
writeSettings,
)
}
func NewUserManagerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*UserManagerAPI, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
// Since we know this is a user tag (because AuthClient is true),
// we just do the type assertion to the UserTag.
apiUser, _ := authorizer.GetAuthTag().(names.UserTag)
// Pretty much all of the user manager methods have special casing for admin
// users, so look once when we start and remember if the user is an admin.
isAdmin, err := st.IsControllerAdministrator(apiUser)
if err != nil {
return nil, errors.Trace(err)
}
resource, ok := resources.Get("createLocalLoginMacaroon").(common.ValueResource)
if !ok {
return nil, errors.NotFoundf("userAuth resource")
}
createLocalLoginMacaroon, ok := resource.Value.(func(names.UserTag) (*macaroon.Macaroon, error))
if !ok {
return nil, errors.NotValidf("userAuth resource")
}
return &UserManagerAPI{
state: st,
authorizer: authorizer,
createLocalLoginMacaroon: createLocalLoginMacaroon,
check: common.NewBlockChecker(st),
apiUser: apiUser,
isAdmin: isAdmin,
}, nil
}
