func (s *CloudCredentialsSuite) TestUpdateCloudCredentialsExisting(c *gc.C) {
err := s.State.AddCloud("stratus", cloud.Cloud{
Type: "low",
AuthTypes: cloud.AuthTypes{cloud.AccessKeyAuthType, cloud.UserPassAuthType},
})
c.Assert(err, jc.ErrorIsNil)
cred := cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
"foo": "foo val",
"bar": "bar val",
})
tag := names.NewCloudCredentialTag("stratus/bob@local/foobar")
err = s.State.UpdateCloudCredential(tag, cred)
c.Assert(err, jc.ErrorIsNil)
cred = cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
"user": "******",
"password": "******",
})
cred.Revoked = true
err = s.State.UpdateCloudCredential(tag, cred)
c.Assert(err, jc.ErrorIsNil)
// The retrieved credentials have labels although cloud.NewCredential
// doesn't have them, so add it to the expected value.
cred.Label = "foobar"
out, err := s.State.CloudCredential(tag)
c.Assert(err, jc.ErrorIsNil)
c.Assert(out, jc.DeepEquals, cred)
}
func (s *updateCredentialSuite) TestUpdate(c *gc.C) {
store := &jujuclienttesting.MemStore{
Controllers: map[string]jujuclient.ControllerDetails{
"controller": {},
},
CurrentControllerName: "controller",
Accounts: map[string]jujuclient.AccountDetails{
"controller": {
User: "******",
},
},
Credentials: map[string]jujucloud.CloudCredential{
"aws": {
AuthCredentials: map[string]jujucloud.Credential{
"my-credential": jujucloud.NewCredential(jujucloud.AccessKeyAuthType, nil),
"another-credential": jujucloud.NewCredential(jujucloud.UserPassAuthType, nil),
},
},
},
}
fake := &fakeUpdateCredentialAPI{}
cmd := cloud.NewUpdateCredentialCommandForTest(store, fake)
ctx, err := testing.RunCommand(c, cmd, "aws", "my-credential")
c.Assert(err, jc.ErrorIsNil)
output := testing.Stderr(ctx)
output = strings.Replace(output, "\n", "", -1)
c.Assert(output, gc.Equals, `Updated credential "my-credential" for user "admin@local" on cloud "aws".`)
c.Assert(fake.creds, jc.DeepEquals, map[names.CloudCredentialTag]jujucloud.Credential{
names.NewCloudCredentialTag("aws/admin@local/my-credential"): jujucloud.NewCredential(jujucloud.AccessKeyAuthType, nil),
})
}
func (s *credentialsSuite) SetUpTest(c *gc.C) {
s.FakeJujuXDGDataHomeSuite.SetUpTest(c)
s.cloud = cloud.Cloud{
Type: "fake",
Regions: []cloud.Region{
{Name: "first-region"},
{Name: "second-region"},
},
}
dir := c.MkDir()
keyFile := filepath.Join(dir, "keyfile")
err := ioutil.WriteFile(keyFile, []byte("value"), 0600)
c.Assert(err, jc.ErrorIsNil)
s.store = jujuclienttesting.NewMemStore()
s.store.Credentials["cloud"] = cloud.CloudCredential{
DefaultRegion: "second-region",
AuthCredentials: map[string]cloud.Credential{
"interactive": cloud.NewCredential("interactive", map[string]string{
"username": "******",
}),
"secrets": cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
"username": "******",
"password": "******",
"key-file": keyFile,
}),
},
}
}
func (s *CredentialsSuite) SetUpTest(c *gc.C) {
s.FakeJujuXDGDataHomeSuite.SetUpTest(c)
s.store = jujuclient.NewFileCredentialStore()
s.cloudName = "testcloud"
s.credentials = cloud.CloudCredential{
DefaultCredential: "peter",
DefaultRegion: "east",
AuthCredentials: map[string]cloud.Credential{
"peter": cloud.NewCredential(cloud.AccessKeyAuthType, nil),
"paul": cloud.NewCredential(cloud.AccessKeyAuthType, nil),
},
}
}
// FinalizeCredential is part of the environs.ProviderCredentials interface.
func (c environProviderCredentials) FinalizeCredential(
ctx environs.FinalizeCredentialContext,
args environs.FinalizeCredentialParams,
) (*cloud.Credential, error) {
switch authType := args.Credential.AuthType(); authType {
case cloud.UserPassAuthType:
fmt.Fprintf(ctx.GetStderr(), `
WARNING: The %q auth-type is deprecated, and will be removed soon.
Please update the credential in ~/.local/share/juju/credentials.yaml,
changing auth-type to %q, and dropping the tenant-id field.
`[1:],
authType, clientCredentialsAuthType,
)
attrs := args.Credential.Attributes()
delete(attrs, credAttrTenantId)
out := cloud.NewCredential(clientCredentialsAuthType, attrs)
out.Label = args.Credential.Label
return &out, nil
case deviceCodeAuthType:
subscriptionId := args.Credential.Attributes()[credAttrSubscriptionId]
applicationId, password, err := c.interactiveCreateServicePrincipal(
ctx.GetStderr(),
c.sender,
c.requestInspector,
args.CloudEndpoint,
args.CloudIdentityEndpoint,
subscriptionId,
clock.WallClock,
utils.NewUUID,
)
if err != nil {
return nil, errors.Trace(err)
}
out := cloud.NewCredential(clientCredentialsAuthType, map[string]string{
credAttrSubscriptionId: subscriptionId,
credAttrAppId: applicationId,
credAttrAppPassword: password,
})
out.Label = args.Credential.Label
return &out, nil
case clientCredentialsAuthType:
return &args.Credential, nil
default:
return nil, errors.NotSupportedf("%q auth-type", authType)
}
}
// FinalizeCredential is part of the environs.ProviderCredentials interface.
func (c environProviderCredentials) FinalizeCredential(
ctx environs.FinalizeCredentialContext,
args environs.FinalizeCredentialParams,
) (*cloud.Credential, error) {
switch authType := args.Credential.AuthType(); authType {
case deviceCodeAuthType:
subscriptionId := args.Credential.Attributes()[credAttrSubscriptionId]
applicationId, password, err := c.interactiveCreateServicePrincipal(
ctx.GetStderr(),
c.sender,
c.requestInspector,
args.CloudEndpoint,
args.CloudIdentityEndpoint,
subscriptionId,
clock.WallClock,
utils.NewUUID,
)
if err != nil {
return nil, errors.Trace(err)
}
out := cloud.NewCredential(clientCredentialsAuthType, map[string]string{
credAttrSubscriptionId: subscriptionId,
credAttrAppId: applicationId,
credAttrAppPassword: password,
})
out.Label = args.Credential.Label
return &out, nil
case clientCredentialsAuthType:
return &args.Credential, nil
default:
return nil, errors.NotSupportedf("%q auth-type", authType)
}
}
func (s *addSuite) SetUpTest(c *gc.C) {
s.FakeJujuXDGDataHomeSuite.SetUpTest(c)
s.fake = &fakeCreateClient{
model: params.Model{
Name: "test",
UUID: "fake-model-uuid",
OwnerTag: "ignored-for-now",
},
}
// Set up the current controller, and write just enough info
// so we don't try to refresh
controllerName := "local.test-master"
err := modelcmd.WriteCurrentController(controllerName)
c.Assert(err, jc.ErrorIsNil)
s.store = jujuclienttesting.NewMemStore()
s.store.Controllers["local.test-master"] = jujuclient.ControllerDetails{}
s.store.Accounts[controllerName] = &jujuclient.ControllerAccounts{
Accounts: map[string]jujuclient.AccountDetails{
"bob@local": {User: "******"},
},
CurrentAccount: "bob@local",
}
s.store.Credentials["aws"] = cloud.CloudCredential{
AuthCredentials: map[string]cloud.Credential{
"secrets": cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
"access-key": "key",
"secret-key": "sekret",
}),
},
}
}
func (s *CloudCredentialsSuite) TestRemoveCredentials(c *gc.C) {
// Create it.
err := s.State.AddCloud("stratus", cloud.Cloud{
Type: "low",
AuthTypes: cloud.AuthTypes{cloud.AccessKeyAuthType, cloud.UserPassAuthType},
})
c.Assert(err, jc.ErrorIsNil)
tag := names.NewCloudCredentialTag("stratus/bob@local/bobcred1")
cred := cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
"foo": "foo val",
"bar": "bar val",
})
err = s.State.UpdateCloudCredential(tag, cred)
c.Assert(err, jc.ErrorIsNil)
_, err = s.State.CloudCredential(tag)
c.Assert(err, jc.ErrorIsNil)
// Remove it.
err = s.State.RemoveCloudCredential(tag)
c.Assert(err, jc.ErrorIsNil)
// Check it.
_, err = s.State.CloudCredential(tag)
c.Assert(err, jc.Satisfies, errors.IsNotFound)
}
func (s *ConfigSuite) TestBootstrapConfig(c *gc.C) {
for i, test := range bootstrapConfigTests {
c.Logf("test %d: %s", i, test.info)
attrs := validAttrs().Merge(test.insert).Delete(test.remove...)
credentialAttrs := make(map[string]string, len(attrs))
for k, v := range attrs.Delete("type") {
credentialAttrs[k] = fmt.Sprintf("%v", v)
}
testConfig := newConfig(c, attrs)
preparedConfig, err := jp.Provider.BootstrapConfig(environs.BootstrapConfigParams{
Config: testConfig,
Credentials: cloud.NewCredential(
cloud.UserPassAuthType,
credentialAttrs,
),
})
if test.err == "" {
c.Check(err, jc.ErrorIsNil)
attrs := preparedConfig.AllAttrs()
for field, value := range test.expect {
c.Check(attrs[field], gc.Equals, value)
}
} else {
c.Check(preparedConfig, gc.IsNil)
c.Check(err, gc.ErrorMatches, test.err)
}
}
}
func (suite *maas2Suite) makeEnviron(c *gc.C, controller gomaasapi.Controller) *maasEnviron {
if controller != nil {
suite.injectController(controller)
}
testAttrs := coretesting.Attrs{}
for k, v := range maasEnvAttrs {
testAttrs[k] = v
}
testAttrs["agent-version"] = version.Current.String()
cred := cloud.NewCredential(cloud.OAuth1AuthType, map[string]string{
"maas-oauth": "a:b:c",
})
cloud := environs.CloudSpec{
Type: "maas",
Name: "maas",
Endpoint: "http://any-old-junk.invalid/",
Credential: &cred,
}
attrs := coretesting.FakeConfig().Merge(testAttrs)
suite.controllerUUID = coretesting.FakeControllerConfig().ControllerUUID()
cfg, err := config.New(config.NoDefaults, attrs)
c.Assert(err, jc.ErrorIsNil)
env, err := NewEnviron(cloud, cfg)
c.Assert(err, jc.ErrorIsNil)
c.Assert(env, gc.NotNil)
return env
}
func (s *addCredentialSuite) assertAddFileCredential(c *gc.C, input, fileKey string) {
dir := c.MkDir()
filename := filepath.Join(dir, "jsonfile")
err := ioutil.WriteFile(filename, []byte{}, 0600)
c.Assert(err, jc.ErrorIsNil)
stdin := strings.NewReader(fmt.Sprintf(input, filename))
addCmd := cloud.NewAddCredentialCommandForTest(s.store, s.cloudByNameFunc)
err = testing.InitCommand(addCmd, []string{"somecloud"})
c.Assert(err, jc.ErrorIsNil)
ctx := testing.ContextForDir(c, dir)
ctx.Stdin = stdin
err = addCmd.Run(ctx)
c.Assert(err, jc.ErrorIsNil)
c.Assert(s.store.Credentials, jc.DeepEquals, map[string]jujucloud.CloudCredential{
"somecloud": {
AuthCredentials: map[string]jujucloud.Credential{
"fred": jujucloud.NewCredential(s.authTypes[0], map[string]string{
fileKey: filename,
}),
},
},
})
}
func (s *InitializeSuite) TestInitializeWithInvalidCredentialType(c *gc.C) {
owner := names.NewLocalUserTag("initialize-admin")
modelCfg := testing.ModelConfig(c)
controllerCfg := testing.FakeControllerConfig()
credentialTag := names.NewCloudCredentialTag("dummy/" + owner.Canonical() + "/borken")
_, err := state.Initialize(state.InitializeParams{
Clock: clock.WallClock,
ControllerConfig: controllerCfg,
ControllerModelArgs: state.ModelArgs{
CloudName: "dummy",
Owner: owner,
Config: modelCfg,
StorageProviderRegistry: storage.StaticProviderRegistry{},
},
CloudName: "dummy",
Cloud: cloud.Cloud{
Type: "dummy",
AuthTypes: []cloud.AuthType{
cloud.AccessKeyAuthType, cloud.OAuth1AuthType,
},
},
CloudCredentials: map[names.CloudCredentialTag]cloud.Credential{
credentialTag: cloud.NewCredential(cloud.UserPassAuthType, nil),
},
MongoInfo: statetesting.NewMongoInfo(),
MongoDialOpts: mongotest.DialOpts(),
})
c.Assert(err, gc.ErrorMatches,
`validating initialization args: validating cloud credentials: credential "dummy/initialize-admin@local/borken" with auth-type "userpass" is not supported \(expected one of \["access-key" "oauth1"\]\)`,
)
}
func (s *credentialsSuite) TestMarshalAccessKey(c *gc.C) {
creds := map[string]cloud.CloudCredential{
"aws": {
DefaultCredential: "default-cred",
DefaultRegion: "us-west-2",
AuthCredentials: map[string]cloud.Credential{
"peter": cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
"access-key": "key",
"secret-key": "secret",
}),
// TODO(wallyworld) - add anther credential once goyaml.v2 supports inline MapSlice.
//"paul": &cloud.AccessKeyCredentials{
// Key: "paulkey",
// Secret: "paulsecret",
//},
},
},
}
out, err := cloud.MarshalCredentials(creds)
c.Assert(err, jc.ErrorIsNil)
c.Assert(string(out), gc.Equals, `
credentials:
aws:
default-credential: default-cred
default-region: us-west-2
peter:
auth-type: access-key
access-key: key
secret-key: secret
`[1:])
}
func (s *credentialsSuite) TestMarshalOAuth2(c *gc.C) {
creds := map[string]cloud.CloudCredential{
"google": {
DefaultCredential: "default-cred",
DefaultRegion: "West US",
AuthCredentials: map[string]cloud.Credential{
"peter": cloud.NewCredential(cloud.OAuth2AuthType, map[string]string{
"client-id": "client-id",
"client-email": "client-email",
"private-key": "secret",
}),
},
},
}
out, err := cloud.MarshalCredentials(creds)
c.Assert(err, jc.ErrorIsNil)
c.Assert(string(out), gc.Equals, `
credentials:
google:
default-credential: default-cred
default-region: West US
peter:
auth-type: oauth2
client-email: client-email
client-id: client-id
private-key: secret
`[1:])
}
func (s *credentialsSuite) TestMarshalOAuth1(c *gc.C) {
creds := map[string]cloud.CloudCredential{
"maas": {
DefaultCredential: "default-cred",
DefaultRegion: "region-default",
AuthCredentials: map[string]cloud.Credential{
"peter": cloud.NewCredential(cloud.OAuth1AuthType, map[string]string{
"consumer-key": "consumer-key",
"consumer-secret": "consumer-secret",
"access-token": "access-token",
"token-secret": "token-secret",
}),
},
},
}
out, err := cloud.MarshalCredentials(creds)
c.Assert(err, jc.ErrorIsNil)
c.Assert(string(out), gc.Equals, `
credentials:
maas:
default-credential: default-cred
default-region: region-default
peter:
auth-type: oauth1
access-token: access-token
consumer-key: consumer-key
consumer-secret: consumer-secret
token-secret: token-secret
`[1:])
}
func (s *credentialsSuite) TestMarshalAzureCredntials(c *gc.C) {
creds := map[string]cloud.CloudCredential{
"azure": {
DefaultCredential: "default-cred",
DefaultRegion: "Central US",
AuthCredentials: map[string]cloud.Credential{
"peter": cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
"application-id": "app-id",
"application-password": "******",
"subscription-id": "subscription-id",
"tenant-id": "tenant-id",
}),
},
},
}
out, err := cloud.MarshalCredentials(creds)
c.Assert(err, jc.ErrorIsNil)
c.Assert(string(out), gc.Equals, `
credentials:
azure:
default-credential: default-cred
default-region: Central US
peter:
auth-type: userpass
application-id: app-id
application-password: app-secret
subscription-id: subscription-id
tenant-id: tenant-id
`[1:])
}
func (suite *EnvironProviderSuite) TestUnknownAttrsContainAgentName(c *gc.C) {
attrs := testing.FakeConfig().Merge(testing.Attrs{
"type": "maas",
})
config, err := config.New(config.NoDefaults, attrs)
c.Assert(err, jc.ErrorIsNil)
cfg, err := providerInstance.BootstrapConfig(environs.BootstrapConfigParams{
Config: config,
CloudEndpoint: "http://maas.testing.invalid/maas/",
Credentials: cloud.NewCredential(
cloud.OAuth1AuthType,
map[string]string{
"maas-oauth": "aa:bb:cc",
},
),
})
c.Assert(err, jc.ErrorIsNil)
unknownAttrs := cfg.UnknownAttrs()
c.Assert(unknownAttrs["maas-server"], gc.Equals, "http://maas.testing.invalid/maas/")
uuid, ok := unknownAttrs["maas-agent-name"]
c.Assert(ok, jc.IsTrue)
c.Assert(uuid, jc.Satisfies, utils.IsValidUUIDString)
}
func (suite *EnvironProviderSuite) TestCredentialsSetup(c *gc.C) {
attrs := testing.FakeConfig().Merge(testing.Attrs{
"type": "maas",
})
config, err := config.New(config.NoDefaults, attrs)
c.Assert(err, jc.ErrorIsNil)
cfg, err := providerInstance.BootstrapConfig(environs.BootstrapConfigParams{
Config: config,
CloudEndpoint: "http://maas.testing.invalid/maas/",
Credentials: cloud.NewCredential(
cloud.OAuth1AuthType,
map[string]string{
"maas-oauth": "aa:bb:cc",
},
),
})
c.Assert(err, jc.ErrorIsNil)
attrs = cfg.UnknownAttrs()
server, ok := attrs["maas-server"]
c.Assert(ok, jc.IsTrue)
c.Assert(server, gc.Equals, "http://maas.testing.invalid/maas/")
oauth, ok := attrs["maas-oauth"]
c.Assert(ok, jc.IsTrue)
c.Assert(oauth, gc.Equals, "aa:bb:cc")
}
func (s *credentialsSuite) assertGetCredentials(c *gc.C, region string) {
dir := c.MkDir()
keyFile := filepath.Join(dir, "keyfile")
err := ioutil.WriteFile(keyFile, []byte("value"), 0600)
c.Assert(err, jc.ErrorIsNil)
store := jujuclienttesting.NewMemStore()
store.Credentials["cloud"] = cloud.CloudCredential{
DefaultRegion: "default-region",
AuthCredentials: map[string]cloud.Credential{
"secrets": cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
"username": "******",
"password": "******",
"key-file": keyFile,
}),
},
}
credential, credentialName, regionName, err := modelcmd.GetCredentials(
store, region, "secrets", "cloud", "fake",
)
c.Assert(err, jc.ErrorIsNil)
expectedRegion := region
if expectedRegion == "" {
expectedRegion = "default-region"
}
c.Assert(regionName, gc.Equals, expectedRegion)
c.Assert(credentialName, gc.Equals, "secrets")
c.Assert(credential.Attributes(), jc.DeepEquals, map[string]string{
"key": "value",
"username": "******",
"password": "******",
})
}
func (s *credentialsSuite) TestFinalizeCredentialUserPass(c *gc.C) {
in := cloud.NewCredential("userpass", map[string]string{
"application-id": "application",
"application-password": "******",
"subscription-id": "subscription",
"tenant-id": "tenant",
})
ctx := coretesting.Context(c)
out, err := s.provider.FinalizeCredential(ctx, environs.FinalizeCredentialParams{Credential: in})
c.Assert(err, jc.ErrorIsNil)
c.Assert(out, gc.NotNil)
c.Assert(out.AuthType(), gc.Equals, cloud.AuthType("service-principal-secret"))
c.Assert(out.Attributes(), jc.DeepEquals, map[string]string{
"application-id": "application",
"application-password": "******",
"subscription-id": "subscription",
})
stderr := coretesting.Stderr(ctx)
c.Assert(stderr, gc.Equals, `
WARNING: The "userpass" auth-type is deprecated, and will be removed soon.
Please update the credential in ~/.local/share/juju/credentials.yaml,
changing auth-type to "service-principal-secret", and dropping the tenant-id field.
`[1:])
}
func (s *ebsVolumeSuite) SetUpSuite(c *gc.C) {
s.BaseSuite.SetUpSuite(c)
s.Tests.SetUpSuite(c)
s.Credential = cloud.NewCredential(
cloud.AccessKeyAuthType,
map[string]string{
"access-key": "x",
"secret-key": "x",
},
)
s.CloudRegion = "test"
// Upload arches that ec2 supports; add to this
// as ec2 coverage expands.
s.UploadArches = []string{arch.AMD64, arch.I386}
s.TestConfig = localConfigAttrs.Merge(testing.Attrs{
"access-key": "x",
"secret-key": "x",
"region": "test",
})
s.restoreEC2Patching = patchEC2ForTesting(c)
s.BaseSuite.PatchValue(&imagemetadata.SimplestreamsImagesPublicKey, sstesting.SignedMetadataPublicKey)
s.BaseSuite.PatchValue(&juju.JujuPublicKey, sstesting.SignedMetadataPublicKey)
imagetesting.PatchOfficialDataSources(&s.BaseSuite.CleanupSuite, "test:")
s.BaseSuite.PatchValue(ec2.DeleteSecurityGroupInsistently, deleteSecurityGroupForTestFunc)
}
func (s *credentialsSuite) TestFinalizeCredentialMandatoryFieldFromFile(c *gc.C) {
cred := cloud.NewCredential(
cloud.UserPassAuthType,
map[string]string{
"key-file": "path",
},
)
schema := cloud.CredentialSchema{{
"key",
cloud.CredentialAttr{
Description: "key credential",
Optional: false,
FileAttr: "key-file",
},
}}
readFile := func(s string) ([]byte, error) {
c.Assert(s, gc.Equals, "path")
return []byte("file-value"), nil
}
newCred, err := cloud.FinalizeCredential(cred, map[cloud.AuthType]cloud.CredentialSchema{
cloud.UserPassAuthType: schema,
}, readFile)
c.Assert(err, jc.ErrorIsNil)
c.Assert(newCred.Attributes(), jc.DeepEquals, map[string]string{
"key": "file-value",
})
}
func (s *addCredentialSuite) assertAddUserpassCredential(c *gc.C, input string, expected *jujucloud.Credential) {
s.schema = map[jujucloud.AuthType]jujucloud.CredentialSchema{
jujucloud.UserPassAuthType: {
{
"username", jujucloud.CredentialAttr{Optional: false},
}, {
"password", jujucloud.CredentialAttr{Hidden: true},
},
},
}
stdin := strings.NewReader(input)
_, err := s.run(c, stdin, "somecloud")
c.Assert(err, jc.ErrorIsNil)
var cred jujucloud.Credential
if expected == nil {
cred = jujucloud.NewCredential(jujucloud.UserPassAuthType, map[string]string{
"username": "******",
"password": "******",
})
} else {
cred = *expected
}
c.Assert(s.store.Credentials, jc.DeepEquals, map[string]jujucloud.CloudCredential{
"somecloud": {
AuthCredentials: map[string]jujucloud.Credential{
"fred": cred,
},
},
})
}
func (s *credentialsSuite) TestFinalizeCredentialFilePath(c *gc.C) {
dir := c.MkDir()
filename := filepath.Join(dir, "filename")
err := ioutil.WriteFile(filename, []byte{}, 0600)
c.Assert(err, jc.ErrorIsNil)
cred := cloud.NewCredential(
cloud.JSONFileAuthType,
map[string]string{
"file": filename,
},
)
schema := cloud.CredentialSchema{{
"file", cloud.CredentialAttr{FilePath: true},
}}
readFile := func(path string) ([]byte, error) {
c.Assert(path, gc.Equals, filename)
return []byte("file-contents"), nil
}
newCred, err := cloud.FinalizeCredential(cred, map[cloud.AuthType]cloud.CredentialSchema{
cloud.JSONFileAuthType: schema,
}, readFile)
c.Assert(err, jc.ErrorIsNil)
c.Assert(newCred.Attributes(), jc.DeepEquals, map[string]string{
"file": "file-contents",
})
}
func (s *addCredentialSuite) assertAddCredentialWithOptions(c *gc.C, input string) {
s.authTypes = []jujucloud.AuthType{jujucloud.UserPassAuthType}
s.schema = map[jujucloud.AuthType]jujucloud.CredentialSchema{
jujucloud.UserPassAuthType: {
{
"username", jujucloud.CredentialAttr{Optional: false},
}, {
"algorithm", jujucloud.CredentialAttr{Options: []interface{}{"optionA", "optionB"}},
},
},
}
// Input includes a bad option
stdin := strings.NewReader(input)
_, err := s.run(c, stdin, "somecloud")
c.Assert(err, jc.ErrorIsNil)
c.Assert(s.store.Credentials, jc.DeepEquals, map[string]jujucloud.CloudCredential{
"somecloud": {
AuthCredentials: map[string]jujucloud.Credential{
"fred": jujucloud.NewCredential(jujucloud.UserPassAuthType, map[string]string{
"username": "******",
"algorithm": "optionA",
}),
},
},
})
}
func (s *credentialsSuite) TestMarshalOpenstackUserPass(c *gc.C) {
creds := map[string]cloud.CloudCredential{
"openstack": {
DefaultCredential: "default-cred",
DefaultRegion: "region-a",
AuthCredentials: map[string]cloud.Credential{
"peter": cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
"username": "******",
"password": "******",
"tenant-name": "tenant",
}),
},
},
}
out, err := cloud.MarshalCredentials(creds)
c.Assert(err, jc.ErrorIsNil)
c.Assert(string(out), gc.Equals, `
credentials:
openstack:
default-credential: default-cred
default-region: region-a
peter:
auth-type: userpass
password: secret
tenant-name: tenant
username: user
`[1:])
}
func (s *ConfigSuite) TestPrepareSetsDefaultBlockSource(c *gc.C) {
s.PatchValue(&verifyCredentials, func(*environ) error { return nil })
attrs := testing.FakeConfig().Merge(testing.Attrs{
"type": "ec2",
})
config, err := config.New(config.NoDefaults, attrs)
c.Assert(err, jc.ErrorIsNil)
cfg, err := providerInstance.BootstrapConfig(environs.BootstrapConfigParams{
Config: config,
CloudRegion: "test",
Credentials: cloud.NewCredential(
cloud.AccessKeyAuthType,
map[string]string{
"access-key": "x",
"secret-key": "y",
},
),
})
c.Assert(err, jc.ErrorIsNil)
source, ok := cfg.StorageDefaultBlockSource()
c.Assert(ok, jc.IsTrue)
c.Assert(source, gc.Equals, "ebs")
}
func (s *credentialsSuite) TestDetectCredentialsNovarc(c *gc.C) {
if runtime.GOOS != "linux" {
c.Skip("not running linux")
}
home := utils.Home()
dir := c.MkDir()
utils.SetHome(dir)
s.AddCleanup(func(*gc.C) {
utils.SetHome(home)
})
content := `
# Some secrets
export OS_TENANT_NAME=gary
EXPORT OS_USERNAME=bob
export OS_PASSWORD = dobbs
OS_REGION_NAME=region
`[1:]
novarc := filepath.Join(dir, ".novarc")
err := ioutil.WriteFile(novarc, []byte(content), 0600)
credentials, err := s.provider.DetectCredentials()
c.Assert(err, jc.ErrorIsNil)
c.Assert(credentials.DefaultRegion, gc.Equals, "region")
expected := cloud.NewCredential(
cloud.UserPassAuthType, map[string]string{
"username": "******",
"password": "******",
"tenant-name": "gary",
"domain-name": "",
},
)
expected.Label = `openstack region "region" project "gary" user "bob"`
c.Assert(credentials.AuthCredentials["bob"], jc.DeepEquals, expected)
}
func (s *credentialsSuite) TestMarshalOpenstackAccessKey(c *gc.C) {
creds := map[string]cloud.CloudCredential{
"openstack": {
DefaultCredential: "default-cred",
DefaultRegion: "region-a",
AuthCredentials: map[string]cloud.Credential{
"peter": cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
"access-key": "key",
"secret-key": "secret",
"tenant-name": "tenant",
}),
},
},
}
out, err := cloud.MarshalCredentials(creds)
c.Assert(err, jc.ErrorIsNil)
c.Assert(string(out), gc.Equals, `
credentials:
openstack:
default-credential: default-cred
default-region: region-a
peter:
auth-type: access-key
access-key: key
secret-key: secret
tenant-name: tenant
`[1:])
}
func (s *CloudCredentialsSuite) TestWatchCredential(c *gc.C) {
cred := names.NewCloudCredentialTag("dummy/fred/default")
w, wc := s.createCredentialWatcher(c, s.State, cred)
wc.AssertOneChange() // Initial event.
// Create
dummyCred := cloud.NewCredential(cloud.EmptyAuthType, nil)
err := s.State.UpdateCloudCredential(cred, dummyCred)
c.Assert(err, jc.ErrorIsNil)
wc.AssertOneChange()
// Revoke
dummyCred.Revoked = true
err = s.State.UpdateCloudCredential(cred, dummyCred)
c.Assert(err, jc.ErrorIsNil)
wc.AssertOneChange()
// Remove.
err = s.State.RemoveCloudCredential(cred)
c.Assert(err, jc.ErrorIsNil)
wc.AssertOneChange()
statetesting.AssertStop(c, w)
wc.AssertClosed()
}
