Ejemplo n.º 1
0
func (s *userManagerSuite) SetUpTest(c *gc.C) {
	s.JujuConnSuite.SetUpTest(c)

	s.createLocalLoginMacaroon = func(tag names.UserTag) (*macaroon.Macaroon, error) {
		return nil, errors.NotSupportedf("CreateLocalLoginMacaroon")
	}
	s.resources = common.NewResources()
	s.resources.RegisterNamed("createLocalLoginMacaroon", common.ValueResource{
		func(tag names.UserTag) (*macaroon.Macaroon, error) {
			return s.createLocalLoginMacaroon(tag)
		},
	})

	adminTag := s.AdminUserTag(c)
	s.adminName = adminTag.Name()
	s.authorizer = apiservertesting.FakeAuthorizer{
		Tag: adminTag,
	}
	var err error
	s.usermanager, err = usermanager.NewUserManagerAPI(s.State, s.resources, s.authorizer)
	c.Assert(err, jc.ErrorIsNil)

	s.BlockHelper = commontesting.NewBlockHelper(s.APIState)
	s.AddCleanup(func(*gc.C) { s.BlockHelper.Close() })
}
Ejemplo n.º 2
0
func (s *userManagerSuite) TestNewUserManagerAPIRefusesNonClient(c *gc.C) {
	anAuthoriser := s.authorizer
	anAuthoriser.Tag = names.NewMachineTag("1")
	endPoint, err := usermanager.NewUserManagerAPI(s.State, nil, anAuthoriser)
	c.Assert(endPoint, gc.IsNil)
	c.Assert(err, gc.ErrorMatches, "permission denied")
}
Ejemplo n.º 3
0
func (s *userManagerSuite) TestSetPasswordForOther(c *gc.C) {
	alex := s.Factory.MakeUser(c, &factory.UserParams{Name: "alex"})
	barb := s.Factory.MakeUser(c, &factory.UserParams{Name: "barb"})
	usermanager, err := usermanager.NewUserManagerAPI(
		s.State, nil, apiservertesting.FakeAuthorizer{Tag: alex.Tag()})
	c.Assert(err, jc.ErrorIsNil)

	args := params.EntityPasswords{
		Changes: []params.EntityPassword{{
			Tag:      barb.Tag().String(),
			Password: "******",
		}}}
	results, err := usermanager.SetPassword(args)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(results.Results, gc.HasLen, 1)
	c.Assert(results.Results[0], gc.DeepEquals, params.ErrorResult{
		Error: &params.Error{
			Message: "permission denied",
			Code:    params.CodeUnauthorized,
		}})

	err = barb.Refresh()
	c.Assert(err, jc.ErrorIsNil)

	c.Assert(barb.PasswordValid("new-password"), jc.IsFalse)
}
Ejemplo n.º 4
0
func (s *userManagerSuite) TestRemoveUserSelfAsNormalUser(c *gc.C) {
	// Create a user to delete.
	jjam := s.Factory.MakeUser(c, &factory.UserParams{
		Name:        "jimmyjam",
		NoModelUser: true,
	})
	usermanager, err := usermanager.NewUserManagerAPI(
		s.State, s.resources, apiservertesting.FakeAuthorizer{
			Tag: jjam.Tag(),
		})
	c.Assert(err, jc.ErrorIsNil)

	// Make sure the user exists.
	ui, err := s.usermanager.UserInfo(params.UserInfoRequest{
		Entities: []params.Entity{{Tag: jjam.Tag().String()}},
	})
	c.Assert(err, jc.ErrorIsNil)
	c.Check(ui.Results, gc.HasLen, 1)
	c.Assert(ui.Results[0].Result.Username, gc.DeepEquals, jjam.Name())

	// Remove the user as the user
	_, err = usermanager.RemoveUser(params.Entities{
		Entities: []params.Entity{{Tag: jjam.Tag().String()}}})
	c.Assert(err, gc.ErrorMatches, "permission denied")

	// Check if deleted.
	err = jjam.Refresh()
	c.Assert(err, jc.ErrorIsNil)
}
Ejemplo n.º 5
0
func (s *userManagerSuite) TestCannotSetPasswordWhenNotAUser(c *gc.C) {
	machine1, err := s.State.AddMachine("quantal", state.JobManageEnviron)
	c.Assert(err, gc.IsNil)
	s.authorizer = apiservertesting.FakeAuthorizer{
		Tag: machine1.Tag(),
	}
	_, err = usermanager.NewUserManagerAPI(s.State, nil, s.authorizer)
	c.Assert(err, gc.ErrorMatches, "permission denied")
}
Ejemplo n.º 6
0
func (s *userManagerSuite) SetUpTest(c *gc.C) {
	s.JujuConnSuite.SetUpTest(c)

	user, err := s.State.User("admin")
	c.Assert(err, gc.IsNil)
	s.authorizer = apiservertesting.FakeAuthorizer{
		Tag: user.Tag(),
	}
	s.usermanager, err = usermanager.NewUserManagerAPI(s.State, nil, s.authorizer)
	c.Assert(err, gc.IsNil)
}
Ejemplo n.º 7
0
func (s *userManagerSuite) SetUpTest(c *gc.C) {
	s.JujuConnSuite.SetUpTest(c)

	adminTag := s.AdminUserTag(c)
	s.adminName = adminTag.Name()
	s.authorizer = apiservertesting.FakeAuthorizer{
		Tag: adminTag,
	}
	var err error
	s.usermanager, err = usermanager.NewUserManagerAPI(s.State, nil, s.authorizer)
	c.Assert(err, gc.IsNil)
}
Ejemplo n.º 8
0
func (s *userManagerSuite) TestAgentUnauthorized(c *gc.C) {

	machine1, err := s.State.AddMachine("quantal", state.JobManageEnviron)
	c.Assert(err, gc.IsNil)

	// Create a FakeAuthorizer so we can check permissions,
	// set up assuming machine 1 has logged in.
	s.authorizer = apiservertesting.FakeAuthorizer{
		Tag: machine1.Tag(),
	}

	s.usermanager, err = usermanager.NewUserManagerAPI(s.State, nil, s.authorizer)
	c.Assert(err, gc.ErrorMatches, "permission denied")
}
Ejemplo n.º 9
0
func (s *userManagerSuite) SetUpTest(c *gc.C) {
	s.JujuConnSuite.SetUpTest(c)

	adminTag := s.AdminUserTag(c)
	s.adminName = adminTag.Name()
	s.authorizer = apiservertesting.FakeAuthorizer{
		Tag: adminTag,
	}
	var err error
	s.usermanager, err = usermanager.NewUserManagerAPI(s.State, nil, s.authorizer)
	c.Assert(err, jc.ErrorIsNil)

	s.BlockHelper = commontesting.NewBlockHelper(s.APIState)
	s.AddCleanup(func(*gc.C) { s.BlockHelper.Close() })
}
Ejemplo n.º 10
0
func (s *userManagerSuite) TestEnableUserAsNormalUser(c *gc.C) {
	alex := s.Factory.MakeUser(c, &factory.UserParams{Name: "alex"})
	usermanager, err := usermanager.NewUserManagerAPI(
		s.State, nil, apiservertesting.FakeAuthorizer{Tag: alex.Tag()})
	c.Assert(err, jc.ErrorIsNil)

	barb := s.Factory.MakeUser(c, &factory.UserParams{Name: "barb", Disabled: true})

	args := params.Entities{
		[]params.Entity{{barb.Tag().String()}},
	}
	_, err = usermanager.EnableUser(args)
	c.Assert(err, gc.ErrorMatches, "permission denied")

	err = barb.Refresh()
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(barb.IsDisabled(), jc.IsTrue)
}
Ejemplo n.º 11
0
func (s *userManagerSuite) TestAddUserAsNormalUser(c *gc.C) {
	alex := s.Factory.MakeUser(c, &factory.UserParams{Name: "alex"})
	usermanager, err := usermanager.NewUserManagerAPI(
		s.State, nil, apiservertesting.FakeAuthorizer{Tag: alex.Tag()})
	c.Assert(err, jc.ErrorIsNil)

	args := params.AddUsers{
		Users: []params.AddUser{{
			Username:    "******",
			DisplayName: "Foo Bar",
			Password:    "******",
		}}}

	_, err = usermanager.AddUser(args)
	c.Assert(err, gc.ErrorMatches, "permission denied")

	_, err = s.State.User(names.NewLocalUserTag("foobar"))
	c.Assert(err, jc.Satisfies, errors.IsNotFound)
}
Ejemplo n.º 12
0
func (s *userManagerSuite) TestSetPasswordForSelf(c *gc.C) {
	alex := s.Factory.MakeUser(c, &factory.UserParams{Name: "alex"})
	usermanager, err := usermanager.NewUserManagerAPI(
		s.State, nil, apiservertesting.FakeAuthorizer{Tag: alex.Tag()})
	c.Assert(err, jc.ErrorIsNil)

	args := params.EntityPasswords{
		Changes: []params.EntityPassword{{
			Tag:      alex.Tag().String(),
			Password: "******",
		}}}
	results, err := usermanager.SetPassword(args)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(results.Results, gc.HasLen, 1)
	c.Assert(results.Results[0], gc.DeepEquals, params.ErrorResult{Error: nil})

	err = alex.Refresh()
	c.Assert(err, jc.ErrorIsNil)

	c.Assert(alex.PasswordValid("new-password"), jc.IsTrue)
}
Ejemplo n.º 13
0
func (s *userManagerSuite) TestUserInfoNonControllerAdmin(c *gc.C) {
	s.Factory.MakeUser(c, &factory.UserParams{Name: "foobar", DisplayName: "Foo Bar"})
	userAardvark := s.Factory.MakeUser(c, &factory.UserParams{Name: "aardvark", DisplayName: "Aard Vark"})

	authorizer := apiservertesting.FakeAuthorizer{
		Tag: userAardvark.Tag(),
	}
	usermanager, err := usermanager.NewUserManagerAPI(s.State, s.resources, authorizer)
	c.Assert(err, jc.ErrorIsNil)

	args := params.UserInfoRequest{Entities: []params.Entity{
		{Tag: userAardvark.Tag().String()},
		{Tag: names.NewUserTag("foobar").String()},
	}}
	results, err := usermanager.UserInfo(args)
	c.Assert(err, jc.ErrorIsNil)
	// Non admin users can only see themselves.
	c.Assert(results, jc.DeepEquals, params.UserInfoResults{
		Results: []params.UserInfoResult{
			{
				Result: &params.UserInfo{
					Username:       "******",
					DisplayName:    "Aard Vark",
					Access:         "login",
					CreatedBy:      s.adminName,
					DateCreated:    userAardvark.DateCreated(),
					LastConnection: lastLoginPointer(c, userAardvark),
				},
			}, {
				Error: &params.Error{
					Message: "permission denied",
					Code:    params.CodeUnauthorized,
				},
			},
		},
	})
}