Example #1
0
// NewUserManagerClient returns a usermanager client for the root api endpoint
// that the environment command returns.
func (c *UserCommandBase) NewUserManagerClient() (*usermanager.Client, error) {
	root, err := c.NewAPIRoot()
	if err != nil {
		return nil, err
	}
	return usermanager.NewClient(root), nil
}
Example #2
0
// NewUserManagerAPIClient returns an API client for the UserManager on the
// current controller using the current credentials.
func (c *ControllerCommandBase) NewUserManagerAPIClient() (*usermanager.Client, error) {
	root, err := c.NewAPIRoot()
	if err != nil {
		return nil, errors.Trace(err)
	}
	return usermanager.NewClient(root), nil
}
Example #3
0
func (s *toolsWithMacaroonsSuite) TestCanPostWithLocalLogin(c *gc.C) {
	// Create a new user, and a local login macaroon for it.
	user := s.Factory.MakeUser(c, &factory.UserParams{Password: "******"})
	conn := s.OpenAPIAs(c, user.Tag(), "hunter2")
	defer conn.Close()
	mac, err := usermanager.NewClient(conn).CreateLocalLoginMacaroon(user.UserTag())
	c.Assert(err, jc.ErrorIsNil)

	checkCount := 0
	s.DischargerLogin = func() string {
		checkCount++
		return user.UserTag().Id()
	}
	do := func(req *http.Request) (*http.Response, error) {
		data, err := json.Marshal(macaroon.Slice{mac})
		if err != nil {
			return nil, err
		}
		req.Header.Add(httpbakery.MacaroonsHeader, base64.StdEncoding.EncodeToString(data))
		return utils.GetNonValidatingHTTPClient().Do(req)
	}
	// send without using bakeryDo, so we don't pass any macaroon cookies
	// along.
	resp := s.sendRequest(c, httpRequestParams{
		method:   "POST",
		url:      s.toolsURI(c, ""),
		tag:      user.UserTag().String(),
		password: "", // no password forces macaroon usage
		do:       do,
	})
	s.assertErrorResponse(c, resp, http.StatusBadRequest, "expected binaryVersion argument")
	c.Assert(checkCount, gc.Equals, 0)
}
Example #4
0
func (s *stateSuite) TestLoginMacaroonInvalidUser(c *gc.C) {
	apistate, tag, _ := s.OpenAPIWithoutLogin(c)
	defer apistate.Close()
	// Use s.APIState, because we can't get at UserManager without logging in.
	mac, err := usermanager.NewClient(s.APIState).CreateLocalLoginMacaroon(tag.(names.UserTag))
	c.Assert(err, jc.ErrorIsNil)
	err = apistate.Login(names.NewUserTag("bob@local"), "", "", []macaroon.Slice{{mac}})
	c.Assert(err, gc.ErrorMatches, "invalid entity name or password \\(unauthorized access\\)")
}
Example #5
0
func (s *stateSuite) TestLoginMacaroonInvalidUser(c *gc.C) {
	apistate, tag, _ := s.OpenAPIWithoutLogin(c)
	defer apistate.Close()
	// Use s.APIState, because we can't get at UserManager without logging in.
	mac, err := usermanager.NewClient(s.APIState).CreateLocalLoginMacaroon(tag.(names.UserTag))
	c.Assert(err, jc.ErrorIsNil)
	err = apistate.Login(names.NewUserTag("bob@local"), "", "", []macaroon.Slice{{mac}})
	c.Assert(err, gc.ErrorMatches, `verification failed: caveat "declared username admin@local" not satisfied: got username="******", expected "admin@local"`)
}
Example #6
0
func (s *stateSuite) TestLoginMacaroon(c *gc.C) {
	apistate, tag, _ := s.OpenAPIWithoutLogin(c)
	defer apistate.Close()
	// Use s.APIState, because we can't get at UserManager without logging in.
	mac, err := usermanager.NewClient(s.APIState).CreateLocalLoginMacaroon(tag.(names.UserTag))
	c.Assert(err, jc.ErrorIsNil)
	err = apistate.Login(tag, "", "", []macaroon.Slice{{mac}})
	c.Assert(err, jc.ErrorIsNil)
}
Example #7
0
File: login.go Project: kat-co/juju
// NewLoginCommand returns a new cmd.Command to handle "juju login".
func NewLoginCommand() cmd.Command {
	return modelcmd.WrapController(&loginCommand{
		newLoginAPI: func(args juju.NewAPIConnectionParams) (LoginAPI, ConnectionAPI, error) {
			api, err := juju.NewAPIConnection(args)
			if err != nil {
				return nil, nil, errors.Trace(err)
			}
			return usermanager.NewClient(api), api, nil
		},
	})
}
Example #8
0
func (s *stateSuite) TestLoginSetsControllerAccess(c *gc.C) {
	// The default user has admin access.
	c.Assert(s.APIState.ControllerAccess(), gc.Equals, "superuser")

	manager := usermanager.NewClient(s.OpenControllerAPI(c))
	defer manager.Close()
	usertag, _, err := manager.AddUser("ro", "ro", "ro-password")
	c.Assert(err, jc.ErrorIsNil)
	mmanager := modelmanager.NewClient(s.OpenControllerAPI(c))
	defer mmanager.Close()
	modeltag, ok := s.APIState.ModelTag()
	c.Assert(ok, jc.IsTrue)
	err = mmanager.GrantModel(usertag.Id(), "read", modeltag.Id())
	c.Assert(err, jc.ErrorIsNil)
	conn := s.OpenAPIAs(c, usertag, "ro-password")
	c.Assert(conn.ControllerAccess(), gc.Equals, "login")
}
Example #9
0
func getUserManager(conn api.Connection) (UserManager, error) {
	return usermanager.NewClient(conn), nil
}
Example #10
0
func (s *usermanagerSuite) SetUpTest(c *gc.C) {
	s.JujuConnSuite.SetUpTest(c)
	s.usermanager = usermanager.NewClient(s.OpenControllerAPI(c))
	c.Assert(s.usermanager, gc.NotNil)
}
Example #11
0
func (s *usermanagerSuite) SetUpTest(c *gc.C) {
	s.JujuConnSuite.SetUpTest(c)
	s.usermanager = usermanager.NewClient(s.APIState)
	c.Assert(s.usermanager, gc.NotNil)
}