func (as *authSuite) TestAuthContextStoreIDFallback(c *C) {
authContext := auth.NewAuthContext(as.state, nil)
storeID, err := authContext.StoreID("store-id")
c.Assert(err, IsNil)
c.Check(storeID, Equals, "store-id")
}
func (as *authSuite) TestAuthContextDeviceForNonExistent(c *C) {
authContext := auth.NewAuthContext(as.state, nil)
device, err := authContext.Device()
c.Check(err, IsNil)
c.Check(device, DeepEquals, &auth.DeviceState{})
}
func (as *authSuite) TestAuthContextUpdateDeviceAuthOtherUpdate(c *C) {
as.state.Lock()
device, _ := auth.Device(as.state)
otherUpdateDevice := *device
otherUpdateDevice.SessionMacaroon = "othe-session-macaroon"
otherUpdateDevice.KeyID = "KEYID"
err := auth.SetDevice(as.state, &otherUpdateDevice)
as.state.Unlock()
c.Check(err, IsNil)
sessionMacaroon := "the-device-macaroon"
authContext := auth.NewAuthContext(as.state, nil)
curDevice, err := authContext.UpdateDeviceAuth(device, sessionMacaroon)
c.Assert(err, IsNil)
as.state.Lock()
deviceFromState, err := auth.Device(as.state)
as.state.Unlock()
c.Check(err, IsNil)
c.Check(deviceFromState, DeepEquals, curDevice)
c.Check(curDevice, DeepEquals, &auth.DeviceState{
KeyID: "KEYID",
SessionMacaroon: sessionMacaroon,
})
}
func (as *authSuite) TestAuthContextUpdateUserAuthOtherUpdate(c *C) {
as.state.Lock()
user, _ := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"})
otherUpdateUser := *user
otherUpdateUser.Macaroon = "macaroon2"
otherUpdateUser.StoreDischarges = []string{"other-discharges"}
err := auth.UpdateUser(as.state, &otherUpdateUser)
as.state.Unlock()
c.Assert(err, IsNil)
newDischarges := []string{"updated-discharge"}
authContext := auth.NewAuthContext(as.state, nil)
// last discharges win
curUser, err := authContext.UpdateUserAuth(user, newDischarges)
c.Assert(err, IsNil)
as.state.Lock()
userFromState, err := auth.User(as.state, user.ID)
as.state.Unlock()
c.Check(err, IsNil)
c.Check(userFromState, DeepEquals, curUser)
c.Check(curUser, DeepEquals, &auth.UserState{
ID: user.ID,
Username: "******",
Macaroon: "macaroon2",
Discharges: []string{"discharge"},
StoreMacaroon: "macaroon",
StoreDischarges: newDischarges,
})
}
func (as *authSuite) TestAuthContextStoreIDFromEnv(c *C) {
authContext := auth.NewAuthContext(as.state, nil)
os.Setenv("UBUNTU_STORE_ID", "env-store-id")
defer os.Unsetenv("UBUNTU_STORE_ID")
storeID, err := authContext.StoreID("")
c.Assert(err, IsNil)
c.Check(storeID, Equals, "env-store-id")
}
func (as *authSuite) TestAuthContextMissingDeviceAssertions(c *C) {
// no assertions in state
authContext := auth.NewAuthContext(as.state, &testDeviceAssertions{nothing: true})
_, _, err := authContext.DeviceSessionRequest("NONCE")
c.Check(err, Equals, auth.ErrNoSerial)
storeID, err := authContext.StoreID("fallback")
c.Assert(err, IsNil)
c.Check(storeID, Equals, "fallback")
}
func (as *authSuite) TestAuthContextDevice(c *C) {
device := &auth.DeviceState{Brand: "some-brand"}
as.state.Lock()
err := auth.SetDevice(as.state, device)
as.state.Unlock()
c.Check(err, IsNil)
authContext := auth.NewAuthContext(as.state, nil)
deviceFromState, err := authContext.Device()
c.Check(err, IsNil)
c.Check(deviceFromState, DeepEquals, device)
}
func (as *authSuite) TestAuthContextWithDeviceAssertions(c *C) {
// having assertions in state
authContext := auth.NewAuthContext(as.state, &testDeviceAssertions{})
req, serial, err := authContext.DeviceSessionRequest("NONCE-1")
c.Assert(err, IsNil)
c.Check(strings.Contains(string(req), "nonce: NONCE-1\n"), Equals, true)
c.Check(strings.Contains(string(req), "serial: 9999\n"), Equals, true)
c.Check(strings.Contains(string(serial), "serial: 9999\n"), Equals, true)
storeID, err := authContext.StoreID("store-id")
c.Assert(err, IsNil)
c.Check(storeID, Equals, "my-brand-store-id")
}
func (as *authSuite) TestAuthContextUpdateUserAuthInvalid(c *C) {
as.state.Lock()
_, _ = auth.NewUser(as.state, "username", "macaroon", []string{"discharge"})
as.state.Unlock()
user := &auth.UserState{
ID: 102,
Username: "******",
Macaroon: "macaroon",
}
authContext := auth.NewAuthContext(as.state, nil)
_, err := authContext.UpdateUserAuth(user, nil)
c.Assert(err, ErrorMatches, "invalid user")
}
func (as *authSuite) TestAuthContextUpdateDeviceAuth(c *C) {
as.state.Lock()
device, err := auth.Device(as.state)
as.state.Unlock()
c.Check(err, IsNil)
c.Check(device, DeepEquals, &auth.DeviceState{})
sessionMacaroon := "the-device-macaroon"
authContext := auth.NewAuthContext(as.state, nil)
device, err = authContext.UpdateDeviceAuth(device, sessionMacaroon)
c.Check(err, IsNil)
deviceFromState, err := authContext.Device()
c.Check(err, IsNil)
c.Check(deviceFromState, DeepEquals, device)
c.Check(deviceFromState.SessionMacaroon, DeepEquals, sessionMacaroon)
}
func (as *authSuite) TestAuthContextUpdateUserAuth(c *C) {
as.state.Lock()
user, _ := auth.NewUser(as.state, "username", "macaroon", []string{"discharge"})
as.state.Unlock()
newDischarges := []string{"updated-discharge"}
authContext := auth.NewAuthContext(as.state, nil)
user, err := authContext.UpdateUserAuth(user, newDischarges)
c.Check(err, IsNil)
as.state.Lock()
userFromState, err := auth.User(as.state, user.ID)
as.state.Unlock()
c.Check(err, IsNil)
c.Check(userFromState, DeepEquals, user)
c.Check(userFromState.Discharges, DeepEquals, []string{"discharge"})
c.Check(user.StoreDischarges, DeepEquals, newDischarges)
}
// New creates a new Overlord with all its state managers.
func New() (*Overlord, error) {
o := &Overlord{
loopTomb: new(tomb.Tomb),
}
backend := &overlordStateBackend{
path: dirs.SnapStateFile,
ensureBefore: o.ensureBefore,
requestRestart: o.requestRestart,
}
s, err := loadState(backend)
if err != nil {
return nil, err
}
o.stateEng = NewStateEngine(s)
snapMgr, err := snapstate.Manager(s)
if err != nil {
return nil, err
}
o.snapMgr = snapMgr
o.stateEng.AddManager(o.snapMgr)
assertMgr, err := assertstate.Manager(s)
if err != nil {
return nil, err
}
o.assertMgr = assertMgr
o.stateEng.AddManager(o.assertMgr)
ifaceMgr, err := ifacestate.Manager(s, nil)
if err != nil {
return nil, err
}
o.ifaceMgr = ifaceMgr
o.stateEng.AddManager(o.ifaceMgr)
hookMgr, err := hookstate.Manager(s)
if err != nil {
return nil, err
}
o.hookMgr = hookMgr
o.stateEng.AddManager(o.hookMgr)
configMgr, err := configstate.Manager(s, hookMgr)
if err != nil {
return nil, err
}
o.configMgr = configMgr
deviceMgr, err := devicestate.Manager(s)
if err != nil {
return nil, err
}
o.deviceMgr = deviceMgr
o.stateEng.AddManager(o.deviceMgr)
// setting up the store
authContext := auth.NewAuthContext(s, o.deviceMgr)
sto := storeNew(nil, authContext)
s.Lock()
snapstate.ReplaceStore(s, sto)
s.Unlock()
return o, nil
}
func (as *authSuite) TestAuthContextDeviceSessionRequestNilDeviceAssertions(c *C) {
authContext := auth.NewAuthContext(as.state, nil)
_, _, err := authContext.DeviceSessionRequest("NONCE")
c.Check(err, Equals, auth.ErrNoSerial)
}