func (s *loginSuite) TestLoginRateLimited(c *gc.C) {
info, cleanup := s.setupMachineAndServer(c)
defer cleanup()
delayChan, cleanup := apiserver.DelayLogins()
defer cleanup()
// Start enough concurrent Login requests so that we max out our
// LoginRateLimit
errResults, wg := startNLogins(c, apiserver.LoginRateLimit, info)
// All of them should have started, none of them should have succeeded
// (or failed) yet
select {
case err := <-errResults:
c.Fatalf("we should not have gotten any logins yet: %v", err)
case <-time.After(coretesting.ShortWait):
}
// We now have a bunch of pending Login requests, the next login
// request should be immediately bounced
_, err := api.Open(info, fastDialOpts)
c.Check(err, gc.ErrorMatches, "try again")
c.Check(err, jc.Satisfies, params.IsCodeTryAgain)
// Let one request through, we should see that it succeeds without
// error, and then be able to start a new request, but it will block
delayChan <- struct{}{}
select {
case err := <-errResults:
c.Check(err, gc.IsNil)
case <-time.After(coretesting.LongWait):
c.Fatalf("timed out expecting one login to succeed")
}
chOne := make(chan error, 1)
wg.Add(1)
go func() {
st, err := api.Open(info, fastDialOpts)
chOne <- err
if err == nil {
st.Close()
}
wg.Done()
}()
select {
case err := <-chOne:
c.Fatalf("the open request should not have completed: %v", err)
case <-time.After(coretesting.ShortWait):
}
// Let all the logins finish. We started with LoginRateLimit, let one
// proceed, but the issued another one, so there should be
// LoginRateLimit logins pending.
for i := 0; i < apiserver.LoginRateLimit; i++ {
delayChan <- struct{}{}
}
wg.Wait()
close(errResults)
for err := range errResults {
c.Check(err, gc.IsNil)
}
}
func (s *serverSuite) TestOpenAsMachineErrors(c *gc.C) {
assertNotProvisioned := func(err error) {
c.Assert(err, gc.NotNil)
c.Assert(err, jc.Satisfies, params.IsCodeNotProvisioned)
c.Assert(err, gc.ErrorMatches, `machine \d+ is not provisioned`)
}
stm, err := s.State.AddMachine("quantal", state.JobHostUnits)
c.Assert(err, gc.IsNil)
err = stm.SetProvisioned("foo", "fake_nonce", nil)
c.Assert(err, gc.IsNil)
password, err := utils.RandomPassword()
c.Assert(err, gc.IsNil)
err = stm.SetPassword(password)
c.Assert(err, gc.IsNil)
// This does almost exactly the same as OpenAPIAsMachine but checks
// for failures instead.
_, info, err := s.APIConn.Environ.StateInfo()
info.Tag = stm.Tag()
info.Password = password
info.Nonce = "invalid-nonce"
st, err := api.Open(info, fastDialOpts)
assertNotProvisioned(err)
c.Assert(st, gc.IsNil)
// Try with empty nonce as well.
info.Nonce = ""
st, err = api.Open(info, fastDialOpts)
assertNotProvisioned(err)
c.Assert(st, gc.IsNil)
// Finally, with the correct one succeeds.
info.Nonce = "fake_nonce"
st, err = api.Open(info, fastDialOpts)
c.Assert(err, gc.IsNil)
c.Assert(st, gc.NotNil)
st.Close()
// Now add another machine, intentionally unprovisioned.
stm1, err := s.State.AddMachine("quantal", state.JobHostUnits)
c.Assert(err, gc.IsNil)
err = stm1.SetPassword(password)
c.Assert(err, gc.IsNil)
// Try connecting, it will fail.
info.Tag = stm1.Tag()
info.Nonce = ""
st, err = api.Open(info, fastDialOpts)
assertNotProvisioned(err)
c.Assert(st, gc.IsNil)
}
func (s *loginSuite) TestBadLogin(c *gc.C) {
// Start our own server so we can control when the first login
// happens. Otherwise in JujuConnSuite.SetUpTest api.Open is
// called with user-admin permissions automatically.
info, cleanup := s.setupServer(c)
defer cleanup()
for i, t := range badLoginTests {
c.Logf("test %d; entity %q; password %q", i, t.tag, t.password)
// Note that Open does not log in if the tag and password
// are empty. This allows us to test operations on the connection
// before calling Login, which we could not do if Open
// always logged in.
info.Tag = ""
info.Password = ""
func() {
st, err := api.Open(info, fastDialOpts)
c.Assert(err, gc.IsNil)
defer st.Close()
_, err = st.Machiner().Machine("0")
c.Assert(err, gc.ErrorMatches, `unknown object type "Machiner"`)
// Since these are user login tests, the nonce is empty.
err = st.Login(t.tag, t.password, "")
c.Assert(err, gc.ErrorMatches, t.err)
c.Assert(params.ErrCode(err), gc.Equals, t.code)
_, err = st.Machiner().Machine("0")
c.Assert(err, gc.ErrorMatches, `unknown object type "Machiner"`)
}()
}
}
func startNLogins(c *gc.C, n int, info *api.Info) (chan error, *sync.WaitGroup) {
errResults := make(chan error, 100)
var doneWG sync.WaitGroup
var startedWG sync.WaitGroup
c.Logf("starting %d concurrent logins to %v", n, info.Addrs)
for i := 0; i < n; i++ {
i := i
c.Logf("starting login request %d", i)
startedWG.Add(1)
doneWG.Add(1)
go func() {
c.Logf("started login %d", i)
startedWG.Done()
st, err := api.Open(info, fastDialOpts)
errResults <- err
if err == nil {
st.Close()
}
doneWG.Done()
c.Logf("finished login %d: %v", i, err)
}()
}
startedWG.Wait()
return errResults, &doneWG
}
func (s *stateSuite) TestClientNoNeedToPing(c *gc.C) {
s.PatchValue(apiserver.MaxClientPingInterval, time.Duration(0))
st, err := api.Open(s.APIInfo(c), api.DefaultDialOpts())
c.Assert(err, gc.IsNil)
time.Sleep(coretesting.ShortWait)
err = st.Ping()
c.Assert(err, gc.IsNil)
}
// TODO(jam): 2013-09-02 http://pad.lv/1219661
// This test has been failing regularly on the Bot. Until someone fixes it so
// it doesn't crash, it isn't worth having as we can't tell when someone
// actually breaks something.
func (s *MachineSuite) TestManageEnvironServesAPI(c *gc.C) {
c.Skip("does not pass reliably on the bot (http://pad.lv/1219661")
s.assertJobWithState(c, state.JobManageEnviron, func(conf agent.Config, agentState *state.State) {
st, err := api.Open(conf.APIInfo(), fastDialOpts)
c.Assert(err, gc.IsNil)
defer st.Close()
m, err := st.Machiner().Machine(conf.Tag())
c.Assert(err, gc.IsNil)
c.Assert(m.Life(), gc.Equals, params.Alive)
})
}
func (s *apiclientSuite) TestOpenMultiple(c *gc.C) {
// Create a socket that proxies to the API server.
info := s.APIInfo(c)
serverAddr := info.Addrs[0]
server, err := net.Dial("tcp", serverAddr)
c.Assert(err, gc.IsNil)
defer server.Close()
listener, err := net.Listen("tcp", "127.0.0.1:0")
c.Assert(err, gc.IsNil)
defer listener.Close()
go func() {
for {
client, err := listener.Accept()
if err != nil {
return
}
go io.Copy(client, server)
go io.Copy(server, client)
}
}()
// Check that we can use the proxy to connect.
proxyAddr := listener.Addr().String()
info.Addrs = []string{proxyAddr}
st, err := api.Open(info, api.DialOpts{})
c.Assert(err, gc.IsNil)
defer st.Close()
c.Assert(st.Addr(), gc.Equals, proxyAddr)
// Now break Addrs[0], and ensure that Addrs[1]
// is successfully connected to.
info.Addrs = []string{proxyAddr, serverAddr}
listener.Close()
st, err = api.Open(info, api.DialOpts{})
c.Assert(err, gc.IsNil)
defer st.Close()
c.Assert(st.Addr(), gc.Equals, serverAddr)
}
func (s *serverSuite) TestStop(c *gc.C) {
// Start our own instance of the server so we have
// a handle on it to stop it.
srv, err := apiserver.NewServer(
s.State, "localhost:0",
[]byte(coretesting.ServerCert), []byte(coretesting.ServerKey),
"", "")
c.Assert(err, gc.IsNil)
defer srv.Stop()
stm, err := s.State.AddMachine("quantal", state.JobHostUnits)
c.Assert(err, gc.IsNil)
err = stm.SetProvisioned("foo", "fake_nonce", nil)
c.Assert(err, gc.IsNil)
password, err := utils.RandomPassword()
c.Assert(err, gc.IsNil)
err = stm.SetPassword(password)
c.Assert(err, gc.IsNil)
// Note we can't use openAs because we're not connecting to
// s.APIConn.
apiInfo := &api.Info{
Tag: stm.Tag(),
Password: password,
Nonce: "fake_nonce",
Addrs: []string{srv.Addr()},
CACert: coretesting.CACert,
}
st, err := api.Open(apiInfo, fastDialOpts)
c.Assert(err, gc.IsNil)
defer st.Close()
_, err = st.Machiner().Machine(stm.Tag())
c.Assert(err, gc.IsNil)
err = srv.Stop()
c.Assert(err, gc.IsNil)
_, err = st.Machiner().Machine(stm.Tag())
// The client has not necessarily seen the server shutdown yet,
// so there are two possible errors.
if err != rpc.ErrShutdown && err != io.ErrUnexpectedEOF {
c.Fatalf("unexpected error from request: %v", err)
}
// Check it can be stopped twice.
err = srv.Stop()
c.Assert(err, gc.IsNil)
}
// openAs connects to the API state as the given entity
// with the default password for that entity.
func (s *baseSuite) openAs(c *gc.C, tag string) *api.State {
_, info, err := s.APIConn.Environ.StateInfo()
c.Assert(err, gc.IsNil)
info.Tag = tag
// Must match defaultPassword()
info.Password = fmt.Sprintf("%s password-1234567890", tag)
// Set this always, so that the login attempts as a machine will
// not fail with ErrNotProvisioned; it's not used otherwise.
info.Nonce = "fake_nonce"
c.Logf("opening state; entity %q; password %q", info.Tag, info.Password)
st, err := api.Open(info, api.DialOpts{})
c.Assert(err, gc.IsNil)
c.Assert(st, gc.NotNil)
return st
}
// openAPIAs opens the API and ensures that the *api.State returned will be
// closed during the test teardown by using a cleanup function.
func (s *JujuConnSuite) openAPIAs(c *gc.C, tag, password, nonce string) *api.State {
_, info, err := s.APIConn.Environ.StateInfo()
c.Assert(err, gc.IsNil)
info.Tag = tag
info.Password = password
info.Nonce = nonce
apiState, err := api.Open(info, api.DialOpts{})
c.Assert(err, gc.IsNil)
c.Assert(apiState, gc.NotNil)
s.AddCleanup(func(c *gc.C) {
err := apiState.Close()
c.Check(err, gc.IsNil)
})
return apiState
}
// NewAPIConn returns a new Conn that uses the
// given environment. The environment must have already
// been bootstrapped.
func NewAPIConn(environ environs.Environ, dialOpts api.DialOpts) (*APIConn, error) {
info, err := environAPIInfo(environ)
if err != nil {
return nil, err
}
st, err := api.Open(info, dialOpts)
// TODO(rog): handle errUnauthorized when the API handles passwords.
if err != nil {
return nil, err
}
return &APIConn{
Environ: environ,
State: st,
}, nil
}
func (s *apiclientSuite) TestOpenMultipleError(c *gc.C) {
listener, err := net.Listen("tcp", "127.0.0.1:0")
c.Assert(err, gc.IsNil)
defer listener.Close()
go func() {
for {
client, err := listener.Accept()
if err != nil {
return
}
client.Close()
}
}()
info := s.APIInfo(c)
addr := listener.Addr().String()
info.Addrs = []string{addr, addr, addr}
_, err = api.Open(info, api.DialOpts{})
c.Assert(err, gc.ErrorMatches, `timed out connecting to "wss://.*/"`)
}
func (s *loginSuite) TestLoginSetsLogIdentifier(c *gc.C) {
info, cleanup := s.setupServer(c)
defer cleanup()
machineInState, err := s.State.AddMachine("quantal", state.JobHostUnits)
c.Assert(err, gc.IsNil)
err = machineInState.SetProvisioned("foo", "fake_nonce", nil)
c.Assert(err, gc.IsNil)
password, err := utils.RandomPassword()
c.Assert(err, gc.IsNil)
err = machineInState.SetPassword(password)
c.Assert(err, gc.IsNil)
c.Assert(machineInState.Tag(), gc.Equals, "machine-0")
tw := &loggo.TestWriter{}
c.Assert(loggo.RegisterWriter("login-tester", tw, loggo.DEBUG), gc.IsNil)
defer loggo.RemoveWriter("login-tester")
info.Tag = machineInState.Tag()
info.Password = password
info.Nonce = "fake_nonce"
apiConn, err := api.Open(info, fastDialOpts)
c.Assert(err, gc.IsNil)
apiMachine, err := apiConn.Machiner().Machine(machineInState.Tag())
c.Assert(err, gc.IsNil)
c.Assert(apiMachine.Tag(), gc.Equals, machineInState.Tag())
apiConn.Close()
c.Assert(tw.Log, jc.LogMatches, []string{
`<- \[[0-9A-F]+\] <unknown> {"RequestId":1,"Type":"Admin","Request":"Login","Params":` +
`{"AuthTag":"machine-0","Password":"******"]*","Nonce":"fake_nonce"}` +
`}`,
// Now that we are logged in, we see the entity's tag
// [0-9.umns] is to handle timestamps that are ns, us, ms, or s
// long, though we expect it to be in the 'ms' range.
`-> \[[0-9A-F]+\] machine-0 [0-9.]+[umn]?s {"RequestId":1,"Response":{"Servers":\[\]}} Admin\[""\].Login`,
`<- \[[0-9A-F]+\] machine-0 {"RequestId":2,"Type":"Machiner","Request":"Life","Params":{"Entities":\[{"Tag":"machine-0"}\]}}`,
`-> \[[0-9A-F]+\] machine-0 [0-9.umns]+ {"RequestId":2,"Response":{"Results":\[{"Life":"alive","Error":null}\]}} Machiner\[""\]\.Life`,
})
}
func (s *stateSuite) TestAPIHostPortsAlwaysIncludesTheConnection(c *gc.C) {
hostportslist := s.APIState.APIHostPorts()
c.Check(hostportslist, gc.HasLen, 1)
serverhostports := hostportslist[0]
c.Check(serverhostports, gc.HasLen, 1)
// the other addresses, but always see this one as well.
info := s.APIInfo(c)
// We intentionally set this to invalid values
badValue := instance.HostPort{instance.Address{
Value: "0.1.2.3",
Type: instance.Ipv4Address,
NetworkName: "",
NetworkScope: instance.NetworkMachineLocal,
}, 1234}
badServer := []instance.HostPort{badValue}
s.State.SetAPIHostPorts([][]instance.HostPort{badServer})
apistate, err := api.Open(info, api.DialOpts{})
c.Assert(err, gc.IsNil)
hostports := apistate.APIHostPorts()
c.Check(hostports, gc.DeepEquals, [][]instance.HostPort{serverhostports, badServer})
}
func (s *stateSuite) TestAPIHostPortsMovesConnectedValueFirst(c *gc.C) {
hostportslist := s.APIState.APIHostPorts()
c.Check(hostportslist, gc.HasLen, 1)
serverhostports := hostportslist[0]
c.Check(serverhostports, gc.HasLen, 1)
goodAddress := serverhostports[0]
// the other addresses, but always see this one as well.
info := s.APIInfo(c)
// We intentionally set this to invalid values
badValue := instance.HostPort{instance.Address{
Value: "0.1.2.3",
Type: instance.Ipv4Address,
NetworkName: "",
NetworkScope: instance.NetworkMachineLocal,
}, 1234}
badServer := []instance.HostPort{badValue}
extraAddress := instance.HostPort{instance.Address{
Value: "0.1.2.4",
Type: instance.Ipv4Address,
NetworkName: "",
NetworkScope: instance.NetworkMachineLocal,
}, 5678}
extraAddress2 := instance.HostPort{instance.Address{
Value: "0.1.2.1",
Type: instance.Ipv4Address,
NetworkName: "",
NetworkScope: instance.NetworkMachineLocal,
}, 9012}
serverExtra := []instance.HostPort{extraAddress, goodAddress, extraAddress2}
current := [][]instance.HostPort{badServer, serverExtra}
s.State.SetAPIHostPorts(current)
apistate, err := api.Open(info, api.DialOpts{})
c.Assert(err, gc.IsNil)
hostports := apistate.APIHostPorts()
// We should have rotate the server we connected to as the first item,
// and the address of that server as the first address
sortedServer := []instance.HostPort{goodAddress, extraAddress, extraAddress2}
expected := [][]instance.HostPort{sortedServer, badServer}
c.Check(hostports, gc.DeepEquals, expected)
}
func (s *loginSuite) TestLoginAsDeactivatedUser(c *gc.C) {
info, cleanup := s.setupServer(c)
defer cleanup()
info.Tag = ""
info.Password = ""
st, err := api.Open(info, fastDialOpts)
c.Assert(err, gc.IsNil)
defer st.Close()
u, err := s.State.AddUser("inactive", "password")
c.Assert(err, gc.IsNil)
err = u.Deactivate()
c.Assert(err, gc.IsNil)
_, err = st.Client().Status([]string{})
c.Assert(err, gc.ErrorMatches, `unknown object type "Client"`)
// Since these are user login tests, the nonce is empty.
err = st.Login("user-inactive", "password", "")
c.Assert(err, gc.ErrorMatches, "invalid entity name or password")
_, err = st.Client().Status([]string{})
c.Assert(err, gc.ErrorMatches, `unknown object type "Client"`)
}
func (s *loginSuite) loginHostPorts(c *gc.C, info *api.Info) (connectedAddr string, hostPorts [][]instance.HostPort) {
st, err := api.Open(info, fastDialOpts)
c.Assert(err, gc.IsNil)
defer st.Close()
return st.Addr(), st.APIHostPorts()
}
func defaultAPIOpen(info *api.Info, opts api.DialOpts) (apiState, error) {
return api.Open(info, opts)
}