func (s *credentialsSuite) TestFinalizeCredentialUserPass(c *gc.C) { in := cloud.NewCredential("userpass", map[string]string{ "application-id": "application", "application-password": "******", "subscription-id": "subscription", "tenant-id": "tenant", }) ctx := coretesting.Context(c) out, err := s.provider.FinalizeCredential(ctx, environs.FinalizeCredentialParams{Credential: in}) c.Assert(err, jc.ErrorIsNil) c.Assert(out, gc.NotNil) c.Assert(out.AuthType(), gc.Equals, cloud.AuthType("service-principal-secret")) c.Assert(out.Attributes(), jc.DeepEquals, map[string]string{ "application-id": "application", "application-password": "******", "subscription-id": "subscription", }) stderr := coretesting.Stderr(ctx) c.Assert(stderr, gc.Equals, ` WARNING: The "userpass" auth-type is deprecated, and will be removed soon. Please update the credential in ~/.local/share/juju/credentials.yaml, changing auth-type to "service-principal-secret", and dropping the tenant-id field. `[1:]) }
func (s *controllerSuite) makeCloudSpec(c *gc.C, pSpec *params.CloudSpec) environs.CloudSpec { c.Assert(pSpec, gc.NotNil) var credential *cloud.Credential if pSpec.Credential != nil { credentialValue := cloud.NewCredential( cloud.AuthType(pSpec.Credential.AuthType), pSpec.Credential.Attributes, ) credential = &credentialValue } spec := environs.CloudSpec{ Type: pSpec.Type, Name: pSpec.Name, Region: pSpec.Region, Endpoint: pSpec.Endpoint, IdentityEndpoint: pSpec.IdentityEndpoint, StorageEndpoint: pSpec.StorageEndpoint, Credential: credential, } c.Assert(spec.Validate(), jc.ErrorIsNil) return spec }
func (c *addCredentialCommand) promptAuthType(out io.Writer, in io.Reader, authTypes []jujucloud.AuthType) (jujucloud.AuthType, error) { if len(authTypes) == 1 { fmt.Fprintf(out, "Using auth-type %q.\n", authTypes[0]) return authTypes[0], nil } authType := "" choices := make([]string, len(authTypes)) for i, a := range authTypes { choices[i] = string(a) if i == 0 { choices[i] += "*" } } for { fmt.Fprintf(out, "Auth Types\n%s\n\nSelect auth-type: ", strings.Join(choices, "\n")) input, err := readLine(in) if err != nil { return "", errors.Trace(err) } authType = strings.ToLower(strings.TrimSpace(input)) if authType == "" { authType = string(authTypes[0]) } isValid := false for _, a := range authTypes { if string(a) == authType { isValid = true break } } if isValid { break } fmt.Fprintf(out, "Invalid auth type %q.\n", authType) } return jujucloud.AuthType(authType), nil }
func cloudFromParams(p params.Cloud) jujucloud.Cloud { authTypes := make([]jujucloud.AuthType, len(p.AuthTypes)) for i, authType := range p.AuthTypes { authTypes[i] = jujucloud.AuthType(authType) } regions := make([]jujucloud.Region, len(p.Regions)) for i, region := range p.Regions { regions[i] = jujucloud.Region{ Name: region.Name, Endpoint: region.Endpoint, IdentityEndpoint: region.IdentityEndpoint, StorageEndpoint: region.StorageEndpoint, } } return jujucloud.Cloud{ Type: p.Type, AuthTypes: authTypes, Endpoint: p.Endpoint, IdentityEndpoint: p.IdentityEndpoint, StorageEndpoint: p.StorageEndpoint, Regions: regions, } }
func (s *credentialsSuite) TestFinalizeCredentialInteractive(c *gc.C) { in := cloud.NewCredential("interactive", map[string]string{"subscription-id": "subscription"}) ctx := coretesting.Context(c) out, err := s.provider.FinalizeCredential(ctx, environs.FinalizeCredentialParams{ Credential: in, CloudEndpoint: "https://arm.invalid", CloudIdentityEndpoint: "https://graph.invalid", }) c.Assert(err, jc.ErrorIsNil) c.Assert(out, gc.NotNil) c.Assert(out.AuthType(), gc.Equals, cloud.AuthType("service-principal-secret")) c.Assert(out.Attributes(), jc.DeepEquals, map[string]string{ "application-id": "appid", "application-password": "******", "subscription-id": "subscription", }) s.interactiveCreateServicePrincipalCreator.CheckCallNames(c, "InteractiveCreateServicePrincipal") args := s.interactiveCreateServicePrincipalCreator.Calls()[0].Args c.Assert(args[3], gc.Equals, "https://arm.invalid") c.Assert(args[4], gc.Equals, "https://graph.invalid") c.Assert(args[5], gc.Equals, "subscription") }
// UpdateCredentials updates a set of cloud credentials. func (api *CloudAPI) UpdateCredentials(args params.UpdateCloudCredentials) (params.ErrorResults, error) { results := params.ErrorResults{ Results: make([]params.ErrorResult, len(args.Credentials)), } authFunc, err := api.getCredentialsAuthFunc() if err != nil { return results, err } for i, arg := range args.Credentials { tag, err := names.ParseCloudCredentialTag(arg.Tag) if err != nil { results.Results[i].Error = common.ServerError(err) continue } // NOTE(axw) if we add ACLs for cloud credentials, we'll need // to change this auth check. if !authFunc(tag.Owner()) { results.Results[i].Error = common.ServerError(common.ErrPerm) continue } in := cloud.NewCredential( cloud.AuthType(arg.Credential.AuthType), arg.Credential.Attributes, ) if err := api.backend.UpdateCloudCredential(tag, in); err != nil { if errors.IsNotFound(err) { err = errors.Errorf( "cannot update credential %q: controller does not manage cloud %q", tag.Name(), tag.Cloud().Id()) } results.Results[i].Error = common.ServerError(err) continue } } return results, nil }
func (c cloudCredentialDoc) toCredential() cloud.Credential { out := cloud.NewCredential(cloud.AuthType(c.AuthType), c.Attributes) out.Revoked = c.Revoked out.Label = c.Name return out }