// NewUserManagerClient returns a usermanager client for the root api endpoint
// that the environment command returns.
func (c *UserCommandBase) NewUserManagerClient() (*usermanager.Client, error) {
root, err := c.NewAPIRoot()
if err != nil {
return nil, err
}
return usermanager.NewClient(root), nil
}
// NewUserManagerAPIClient returns an API client for the UserManager on the
// current controller using the current credentials.
func (c *ControllerCommandBase) NewUserManagerAPIClient() (*usermanager.Client, error) {
root, err := c.NewAPIRoot()
if err != nil {
return nil, errors.Trace(err)
}
return usermanager.NewClient(root), nil
}
func (s *toolsWithMacaroonsSuite) TestCanPostWithLocalLogin(c *gc.C) {
// Create a new user, and a local login macaroon for it.
user := s.Factory.MakeUser(c, &factory.UserParams{Password: "******"})
conn := s.OpenAPIAs(c, user.Tag(), "hunter2")
defer conn.Close()
mac, err := usermanager.NewClient(conn).CreateLocalLoginMacaroon(user.UserTag())
c.Assert(err, jc.ErrorIsNil)
checkCount := 0
s.DischargerLogin = func() string {
checkCount++
return user.UserTag().Id()
}
do := func(req *http.Request) (*http.Response, error) {
data, err := json.Marshal(macaroon.Slice{mac})
if err != nil {
return nil, err
}
req.Header.Add(httpbakery.MacaroonsHeader, base64.StdEncoding.EncodeToString(data))
return utils.GetNonValidatingHTTPClient().Do(req)
}
// send without using bakeryDo, so we don't pass any macaroon cookies
// along.
resp := s.sendRequest(c, httpRequestParams{
method: "POST",
url: s.toolsURI(c, ""),
tag: user.UserTag().String(),
password: "", // no password forces macaroon usage
do: do,
})
s.assertErrorResponse(c, resp, http.StatusBadRequest, "expected binaryVersion argument")
c.Assert(checkCount, gc.Equals, 0)
}
func (s *stateSuite) TestLoginMacaroonInvalidUser(c *gc.C) {
apistate, tag, _ := s.OpenAPIWithoutLogin(c)
defer apistate.Close()
// Use s.APIState, because we can't get at UserManager without logging in.
mac, err := usermanager.NewClient(s.APIState).CreateLocalLoginMacaroon(tag.(names.UserTag))
c.Assert(err, jc.ErrorIsNil)
err = apistate.Login(names.NewUserTag("bob@local"), "", "", []macaroon.Slice{{mac}})
c.Assert(err, gc.ErrorMatches, "invalid entity name or password \\(unauthorized access\\)")
}
func (s *stateSuite) TestLoginMacaroonInvalidUser(c *gc.C) {
apistate, tag, _ := s.OpenAPIWithoutLogin(c)
defer apistate.Close()
// Use s.APIState, because we can't get at UserManager without logging in.
mac, err := usermanager.NewClient(s.APIState).CreateLocalLoginMacaroon(tag.(names.UserTag))
c.Assert(err, jc.ErrorIsNil)
err = apistate.Login(names.NewUserTag("bob@local"), "", "", []macaroon.Slice{{mac}})
c.Assert(err, gc.ErrorMatches, `verification failed: caveat "declared username admin@local" not satisfied: got username="******", expected "admin@local"`)
}
func (s *stateSuite) TestLoginMacaroon(c *gc.C) {
apistate, tag, _ := s.OpenAPIWithoutLogin(c)
defer apistate.Close()
// Use s.APIState, because we can't get at UserManager without logging in.
mac, err := usermanager.NewClient(s.APIState).CreateLocalLoginMacaroon(tag.(names.UserTag))
c.Assert(err, jc.ErrorIsNil)
err = apistate.Login(tag, "", "", []macaroon.Slice{{mac}})
c.Assert(err, jc.ErrorIsNil)
}
// NewLoginCommand returns a new cmd.Command to handle "juju login".
func NewLoginCommand() cmd.Command {
return modelcmd.WrapController(&loginCommand{
newLoginAPI: func(args juju.NewAPIConnectionParams) (LoginAPI, ConnectionAPI, error) {
api, err := juju.NewAPIConnection(args)
if err != nil {
return nil, nil, errors.Trace(err)
}
return usermanager.NewClient(api), api, nil
},
})
}
func (s *stateSuite) TestLoginSetsControllerAccess(c *gc.C) {
// The default user has admin access.
c.Assert(s.APIState.ControllerAccess(), gc.Equals, "superuser")
manager := usermanager.NewClient(s.OpenControllerAPI(c))
defer manager.Close()
usertag, _, err := manager.AddUser("ro", "ro", "ro-password")
c.Assert(err, jc.ErrorIsNil)
mmanager := modelmanager.NewClient(s.OpenControllerAPI(c))
defer mmanager.Close()
modeltag, ok := s.APIState.ModelTag()
c.Assert(ok, jc.IsTrue)
err = mmanager.GrantModel(usertag.Id(), "read", modeltag.Id())
c.Assert(err, jc.ErrorIsNil)
conn := s.OpenAPIAs(c, usertag, "ro-password")
c.Assert(conn.ControllerAccess(), gc.Equals, "login")
}
func getUserManager(conn api.Connection) (UserManager, error) {
return usermanager.NewClient(conn), nil
}
func (s *usermanagerSuite) SetUpTest(c *gc.C) {
s.JujuConnSuite.SetUpTest(c)
s.usermanager = usermanager.NewClient(s.OpenControllerAPI(c))
c.Assert(s.usermanager, gc.NotNil)
}
func (s *usermanagerSuite) SetUpTest(c *gc.C) {
s.JujuConnSuite.SetUpTest(c)
s.usermanager = usermanager.NewClient(s.APIState)
c.Assert(s.usermanager, gc.NotNil)
}