func (as *authSuite) TestAuthContextStoreIDFallback(c *C) { authContext := auth.NewAuthContext(as.state, nil) storeID, err := authContext.StoreID("store-id") c.Assert(err, IsNil) c.Check(storeID, Equals, "store-id") }
func (as *authSuite) TestAuthContextDeviceForNonExistent(c *C) { authContext := auth.NewAuthContext(as.state, nil) device, err := authContext.Device() c.Check(err, IsNil) c.Check(device, DeepEquals, &auth.DeviceState{}) }
func (as *authSuite) TestAuthContextUpdateDeviceAuthOtherUpdate(c *C) { as.state.Lock() device, _ := auth.Device(as.state) otherUpdateDevice := *device otherUpdateDevice.SessionMacaroon = "othe-session-macaroon" otherUpdateDevice.KeyID = "KEYID" err := auth.SetDevice(as.state, &otherUpdateDevice) as.state.Unlock() c.Check(err, IsNil) sessionMacaroon := "the-device-macaroon" authContext := auth.NewAuthContext(as.state, nil) curDevice, err := authContext.UpdateDeviceAuth(device, sessionMacaroon) c.Assert(err, IsNil) as.state.Lock() deviceFromState, err := auth.Device(as.state) as.state.Unlock() c.Check(err, IsNil) c.Check(deviceFromState, DeepEquals, curDevice) c.Check(curDevice, DeepEquals, &auth.DeviceState{ KeyID: "KEYID", SessionMacaroon: sessionMacaroon, }) }
func (as *authSuite) TestAuthContextUpdateUserAuthOtherUpdate(c *C) { as.state.Lock() user, _ := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) otherUpdateUser := *user otherUpdateUser.Macaroon = "macaroon2" otherUpdateUser.StoreDischarges = []string{"other-discharges"} err := auth.UpdateUser(as.state, &otherUpdateUser) as.state.Unlock() c.Assert(err, IsNil) newDischarges := []string{"updated-discharge"} authContext := auth.NewAuthContext(as.state, nil) // last discharges win curUser, err := authContext.UpdateUserAuth(user, newDischarges) c.Assert(err, IsNil) as.state.Lock() userFromState, err := auth.User(as.state, user.ID) as.state.Unlock() c.Check(err, IsNil) c.Check(userFromState, DeepEquals, curUser) c.Check(curUser, DeepEquals, &auth.UserState{ ID: user.ID, Username: "******", Macaroon: "macaroon2", Discharges: []string{"discharge"}, StoreMacaroon: "macaroon", StoreDischarges: newDischarges, }) }
func (as *authSuite) TestAuthContextStoreIDFromEnv(c *C) { authContext := auth.NewAuthContext(as.state, nil) os.Setenv("UBUNTU_STORE_ID", "env-store-id") defer os.Unsetenv("UBUNTU_STORE_ID") storeID, err := authContext.StoreID("") c.Assert(err, IsNil) c.Check(storeID, Equals, "env-store-id") }
func (as *authSuite) TestAuthContextMissingDeviceAssertions(c *C) { // no assertions in state authContext := auth.NewAuthContext(as.state, &testDeviceAssertions{nothing: true}) _, _, err := authContext.DeviceSessionRequest("NONCE") c.Check(err, Equals, auth.ErrNoSerial) storeID, err := authContext.StoreID("fallback") c.Assert(err, IsNil) c.Check(storeID, Equals, "fallback") }
func (as *authSuite) TestAuthContextDevice(c *C) { device := &auth.DeviceState{Brand: "some-brand"} as.state.Lock() err := auth.SetDevice(as.state, device) as.state.Unlock() c.Check(err, IsNil) authContext := auth.NewAuthContext(as.state, nil) deviceFromState, err := authContext.Device() c.Check(err, IsNil) c.Check(deviceFromState, DeepEquals, device) }
func (as *authSuite) TestAuthContextWithDeviceAssertions(c *C) { // having assertions in state authContext := auth.NewAuthContext(as.state, &testDeviceAssertions{}) req, serial, err := authContext.DeviceSessionRequest("NONCE-1") c.Assert(err, IsNil) c.Check(strings.Contains(string(req), "nonce: NONCE-1\n"), Equals, true) c.Check(strings.Contains(string(req), "serial: 9999\n"), Equals, true) c.Check(strings.Contains(string(serial), "serial: 9999\n"), Equals, true) storeID, err := authContext.StoreID("store-id") c.Assert(err, IsNil) c.Check(storeID, Equals, "my-brand-store-id") }
func (as *authSuite) TestAuthContextUpdateUserAuthInvalid(c *C) { as.state.Lock() _, _ = auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() user := &auth.UserState{ ID: 102, Username: "******", Macaroon: "macaroon", } authContext := auth.NewAuthContext(as.state, nil) _, err := authContext.UpdateUserAuth(user, nil) c.Assert(err, ErrorMatches, "invalid user") }
func (as *authSuite) TestAuthContextUpdateDeviceAuth(c *C) { as.state.Lock() device, err := auth.Device(as.state) as.state.Unlock() c.Check(err, IsNil) c.Check(device, DeepEquals, &auth.DeviceState{}) sessionMacaroon := "the-device-macaroon" authContext := auth.NewAuthContext(as.state, nil) device, err = authContext.UpdateDeviceAuth(device, sessionMacaroon) c.Check(err, IsNil) deviceFromState, err := authContext.Device() c.Check(err, IsNil) c.Check(deviceFromState, DeepEquals, device) c.Check(deviceFromState.SessionMacaroon, DeepEquals, sessionMacaroon) }
func (as *authSuite) TestAuthContextUpdateUserAuth(c *C) { as.state.Lock() user, _ := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"}) as.state.Unlock() newDischarges := []string{"updated-discharge"} authContext := auth.NewAuthContext(as.state, nil) user, err := authContext.UpdateUserAuth(user, newDischarges) c.Check(err, IsNil) as.state.Lock() userFromState, err := auth.User(as.state, user.ID) as.state.Unlock() c.Check(err, IsNil) c.Check(userFromState, DeepEquals, user) c.Check(userFromState.Discharges, DeepEquals, []string{"discharge"}) c.Check(user.StoreDischarges, DeepEquals, newDischarges) }
// New creates a new Overlord with all its state managers. func New() (*Overlord, error) { o := &Overlord{ loopTomb: new(tomb.Tomb), } backend := &overlordStateBackend{ path: dirs.SnapStateFile, ensureBefore: o.ensureBefore, requestRestart: o.requestRestart, } s, err := loadState(backend) if err != nil { return nil, err } o.stateEng = NewStateEngine(s) snapMgr, err := snapstate.Manager(s) if err != nil { return nil, err } o.snapMgr = snapMgr o.stateEng.AddManager(o.snapMgr) assertMgr, err := assertstate.Manager(s) if err != nil { return nil, err } o.assertMgr = assertMgr o.stateEng.AddManager(o.assertMgr) ifaceMgr, err := ifacestate.Manager(s, nil) if err != nil { return nil, err } o.ifaceMgr = ifaceMgr o.stateEng.AddManager(o.ifaceMgr) hookMgr, err := hookstate.Manager(s) if err != nil { return nil, err } o.hookMgr = hookMgr o.stateEng.AddManager(o.hookMgr) configMgr, err := configstate.Manager(s, hookMgr) if err != nil { return nil, err } o.configMgr = configMgr deviceMgr, err := devicestate.Manager(s) if err != nil { return nil, err } o.deviceMgr = deviceMgr o.stateEng.AddManager(o.deviceMgr) // setting up the store authContext := auth.NewAuthContext(s, o.deviceMgr) sto := storeNew(nil, authContext) s.Lock() snapstate.ReplaceStore(s, sto) s.Unlock() return o, nil }
func (as *authSuite) TestAuthContextDeviceSessionRequestNilDeviceAssertions(c *C) { authContext := auth.NewAuthContext(as.state, nil) _, _, err := authContext.DeviceSessionRequest("NONCE") c.Check(err, Equals, auth.ErrNoSerial) }