func (s *modelManagerSuite) TestNewAPIAcceptsClient(c *gc.C) {
anAuthoriser := s.authoriser
anAuthoriser.Tag = names.NewUserTag("external@remote")
endPoint, err := modelmanager.NewModelManagerAPI(s.State, s.resources, anAuthoriser)
c.Assert(err, jc.ErrorIsNil)
c.Assert(endPoint, gc.NotNil)
}
func (s *modelManagerSuite) TestNewAPIRefusesNonClient(c *gc.C) {
anAuthoriser := s.authoriser
anAuthoriser.Tag = names.NewUnitTag("mysql/0")
endPoint, err := modelmanager.NewModelManagerAPI(s.State, s.resources, anAuthoriser)
c.Assert(endPoint, gc.IsNil)
c.Assert(err, gc.ErrorMatches, "permission denied")
}
func (s *modelInfoSuite) SetUpTest(c *gc.C) {
s.BaseSuite.SetUpTest(c)
s.authorizer = apiservertesting.FakeAuthorizer{
Tag: names.NewUserTag("admin@local"),
}
s.st = &mockState{
uuid: coretesting.ModelTag.Id(),
}
s.st.model = &mockModel{
owner: names.NewUserTag("bob@local"),
cfg: coretesting.ModelConfig(c),
life: state.Dying,
status: status.StatusInfo{
Status: status.StatusDestroying,
Since: &time.Time{},
},
users: []*mockModelUser{{
userName: "******",
access: state.ModelAdminAccess,
}, {
userName: "******",
displayName: "Bob",
access: state.ModelReadAccess,
}, {
userName: "******",
displayName: "Charlotte",
access: state.ModelReadAccess,
}},
}
var err error
s.modelmanager, err = modelmanager.NewModelManagerAPI(s.st, &s.authorizer)
c.Assert(err, jc.ErrorIsNil)
}
func (s *modelManagerStateSuite) TestDestroyOwnModel(c *gc.C) {
// TODO(perrito666) this test is not valid until we have
// proper controller permission since the only users that
// can create models are controller admins.
owner := names.NewUserTag("admin@local")
s.setAPIUser(c, owner)
m, err := s.modelmanager.CreateModel(s.createArgs(c, owner))
c.Assert(err, jc.ErrorIsNil)
st, err := s.State.ForModel(names.NewModelTag(m.UUID))
c.Assert(err, jc.ErrorIsNil)
defer st.Close()
s.modelmanager, err = modelmanager.NewModelManagerAPI(
common.NewModelManagerBackend(st), nil, s.authoriser,
)
c.Assert(err, jc.ErrorIsNil)
results, err := s.modelmanager.DestroyModels(params.Entities{
Entities: []params.Entity{{"model-" + m.UUID}},
})
c.Assert(err, jc.ErrorIsNil)
c.Assert(results.Results, gc.HasLen, 1)
c.Assert(results.Results[0].Error, gc.IsNil)
model, err := st.Model()
c.Assert(err, jc.ErrorIsNil)
c.Assert(model.Life(), gc.Not(gc.Equals), state.Alive)
}
func (s *modelManagerStateSuite) TestAdminDestroysOtherModel(c *gc.C) {
// TODO(perrito666) Both users are admins in this case, this tesst is of dubious
// usefulness until proper controller permissions are in place.
owner := names.NewUserTag("admin@local")
s.setAPIUser(c, owner)
m, err := s.modelmanager.CreateModel(s.createArgs(c, owner))
c.Assert(err, jc.ErrorIsNil)
st, err := s.State.ForModel(names.NewModelTag(m.UUID))
c.Assert(err, jc.ErrorIsNil)
defer st.Close()
s.modelmanager, err = modelmanager.NewModelManagerAPI(
common.NewModelManagerBackend(st), nil, s.authoriser,
)
c.Assert(err, jc.ErrorIsNil)
other := s.AdminUserTag(c)
s.setAPIUser(c, other)
results, err := s.modelmanager.DestroyModels(params.Entities{
Entities: []params.Entity{{"model-" + m.UUID}},
})
c.Assert(err, jc.ErrorIsNil)
c.Assert(results.Results, gc.HasLen, 1)
c.Assert(results.Results[0].Error, gc.IsNil)
s.setAPIUser(c, owner)
model, err := st.Model()
c.Assert(err, jc.ErrorIsNil)
c.Assert(model.Life(), gc.Not(gc.Equals), state.Alive)
}
func (s *modelManagerBaseSuite) setAPIUser(c *gc.C, user names.UserTag) {
s.authoriser.Tag = user
modelmanager, err := modelmanager.NewModelManagerAPI(
modelmanager.NewStateBackend(s.State), s.authoriser,
)
c.Assert(err, jc.ErrorIsNil)
s.modelmanager = modelmanager
}
func (s *modelManagerStateSuite) TestNewAPIAcceptsClient(c *gc.C) {
anAuthoriser := s.authoriser
anAuthoriser.Tag = names.NewUserTag("external@remote")
endPoint, err := modelmanager.NewModelManagerAPI(
common.NewModelManagerBackend(s.State), nil, anAuthoriser,
)
c.Assert(err, jc.ErrorIsNil)
c.Assert(endPoint, gc.NotNil)
}
func (s *modelManagerStateSuite) setAPIUser(c *gc.C, user names.UserTag) {
s.authoriser.Tag = user
modelmanager, err := modelmanager.NewModelManagerAPI(
common.NewModelManagerBackend(s.State),
stateenvirons.EnvironConfigGetter{s.State},
s.authoriser,
)
c.Assert(err, jc.ErrorIsNil)
s.modelmanager = modelmanager
}
func (s *modelManagerStateSuite) TestDestroyModelErrors(c *gc.C) {
owner := names.NewUserTag("admin@local")
s.setAPIUser(c, owner)
m, err := s.modelmanager.CreateModel(s.createArgs(c, owner))
c.Assert(err, jc.ErrorIsNil)
st, err := s.State.ForModel(names.NewModelTag(m.UUID))
c.Assert(err, jc.ErrorIsNil)
defer st.Close()
s.modelmanager, err = modelmanager.NewModelManagerAPI(
common.NewModelManagerBackend(st), nil, s.authoriser,
)
c.Assert(err, jc.ErrorIsNil)
user := names.NewUserTag("other@remote")
s.setAPIUser(c, user)
results, err := s.modelmanager.DestroyModels(params.Entities{
Entities: []params.Entity{
{"model-" + m.UUID},
{"model-9f484882-2f18-4fd2-967d-db9663db7bea"},
{"machine-42"},
},
})
c.Assert(err, jc.ErrorIsNil)
c.Assert(results.Results, jc.DeepEquals, []params.ErrorResult{{
// we don't have admin access to the model
¶ms.Error{
Message: "permission denied",
Code: params.CodeUnauthorized,
},
}, {
¶ms.Error{
Message: "model not found",
Code: params.CodeNotFound,
},
}, {
¶ms.Error{
Message: `"machine-42" is not a valid model tag`,
},
}})
s.setAPIUser(c, owner)
model, err := st.Model()
c.Assert(err, jc.ErrorIsNil)
c.Assert(model.Life(), gc.Equals, state.Alive)
}
func (s *modelInfoSuite) setAPIUser(c *gc.C, user names.UserTag) {
s.authorizer.Tag = user
modelmanager, err := modelmanager.NewModelManagerAPI(s.st, s.authorizer)
c.Assert(err, jc.ErrorIsNil)
s.modelmanager = modelmanager
}
func (s *modelInfoSuite) SetUpTest(c *gc.C) {
s.BaseSuite.SetUpTest(c)
s.authorizer = apiservertesting.FakeAuthorizer{
Tag: names.NewUserTag("admin@local"),
}
s.st = &mockState{
modelUUID: coretesting.ModelTag.Id(),
controllerUUID: coretesting.ControllerTag.Id(),
cloud: cloud.Cloud{
Type: "dummy",
AuthTypes: []cloud.AuthType{cloud.EmptyAuthType},
},
cfgDefaults: config.ModelDefaultAttributes{
"attr": config.AttributeDefaultValues{
Default: "",
Controller: "val",
Regions: []config.RegionDefaultValue{{
Name: "dummy",
Value: "val++"}}},
"attr2": config.AttributeDefaultValues{
Controller: "val3",
Default: "val2",
Regions: []config.RegionDefaultValue{{
Name: "left",
Value: "spam"}}},
},
}
s.st.controllerModel = &mockModel{
owner: names.NewUserTag("admin@local"),
life: state.Alive,
cfg: coretesting.ModelConfig(c),
status: status.StatusInfo{
Status: status.Available,
Since: &time.Time{},
},
users: []*mockModelUser{{
userName: "******",
access: permission.AdminAccess,
}, {
userName: "******",
access: permission.AdminAccess,
}},
}
s.st.model = &mockModel{
owner: names.NewUserTag("bob@local"),
cfg: coretesting.ModelConfig(c),
life: state.Dying,
status: status.StatusInfo{
Status: status.Destroying,
Since: &time.Time{},
},
users: []*mockModelUser{{
userName: "******",
access: permission.AdminAccess,
}, {
userName: "******",
displayName: "Bob",
access: permission.ReadAccess,
}, {
userName: "******",
displayName: "Charlotte",
access: permission.ReadAccess,
}, {
userName: "******",
displayName: "Mary",
access: permission.WriteAccess,
}},
}
s.st.machines = []common.Machine{
&mockMachine{
id: "1",
containerType: "none",
life: state.Alive,
hw: &instance.HardwareCharacteristics{CpuCores: pUint64(1)},
},
&mockMachine{
id: "2",
life: state.Alive,
containerType: "lxc",
},
&mockMachine{
id: "3",
life: state.Dead,
},
}
var err error
s.modelmanager, err = modelmanager.NewModelManagerAPI(s.st, nil, &s.authorizer)
c.Assert(err, jc.ErrorIsNil)
}
func (s *modelManagerSuite) SetUpTest(c *gc.C) {
s.IsolationSuite.SetUpTest(c)
attrs := dummy.SampleConfig()
attrs["agent-version"] = jujuversion.Current.String()
cfg, err := config.New(config.UseDefaults, attrs)
c.Assert(err, jc.ErrorIsNil)
dummyCloud := cloud.Cloud{
Type: "dummy",
AuthTypes: []cloud.AuthType{cloud.EmptyAuthType},
Regions: []cloud.Region{
{Name: "some-region"},
{Name: "qux"},
},
}
s.st = &mockState{
modelUUID: coretesting.ModelTag.Id(),
cloud: dummyCloud,
clouds: map[names.CloudTag]cloud.Cloud{
names.NewCloudTag("some-cloud"): dummyCloud,
},
controllerModel: &mockModel{
owner: names.NewUserTag("admin@local"),
life: state.Alive,
cfg: cfg,
status: status.StatusInfo{
Status: status.Available,
Since: &time.Time{},
},
users: []*mockModelUser{{
userName: "******",
access: permission.AdminAccess,
}, {
userName: "******",
access: permission.WriteAccess,
}},
},
model: &mockModel{
owner: names.NewUserTag("admin@local"),
life: state.Alive,
tag: coretesting.ModelTag,
cfg: cfg,
status: status.StatusInfo{
Status: status.Available,
Since: &time.Time{},
},
users: []*mockModelUser{{
userName: "******",
access: permission.AdminAccess,
}, {
userName: "******",
access: permission.WriteAccess,
}},
},
cred: cloud.NewEmptyCredential(),
cfgDefaults: config.ModelDefaultAttributes{
"attr": config.AttributeDefaultValues{
Default: "",
Controller: "val",
Regions: []config.RegionDefaultValue{{
Name: "dummy",
Value: "val++"}}},
"attr2": config.AttributeDefaultValues{
Controller: "val3",
Default: "val2",
Regions: []config.RegionDefaultValue{{
Name: "left",
Value: "spam"}}},
},
}
s.authoriser = apiservertesting.FakeAuthorizer{
Tag: names.NewUserTag("admin@local"),
}
api, err := modelmanager.NewModelManagerAPI(s.st, nil, s.authoriser)
c.Assert(err, jc.ErrorIsNil)
s.api = api
}
func (s *modelManagerSuite) setAPIUser(c *gc.C, user names.UserTag) {
s.authoriser.Tag = user
mm, err := modelmanager.NewModelManagerAPI(s.st, nil, s.authoriser)
c.Assert(err, jc.ErrorIsNil)
s.api = mm
}