func (s *credentialsSuite) TestFinalizeCredentialUserPass(c *gc.C) {
in := cloud.NewCredential("userpass", map[string]string{
"application-id": "application",
"application-password": "******",
"subscription-id": "subscription",
"tenant-id": "tenant",
})
ctx := coretesting.Context(c)
out, err := s.provider.FinalizeCredential(ctx, environs.FinalizeCredentialParams{Credential: in})
c.Assert(err, jc.ErrorIsNil)
c.Assert(out, gc.NotNil)
c.Assert(out.AuthType(), gc.Equals, cloud.AuthType("service-principal-secret"))
c.Assert(out.Attributes(), jc.DeepEquals, map[string]string{
"application-id": "application",
"application-password": "******",
"subscription-id": "subscription",
})
stderr := coretesting.Stderr(ctx)
c.Assert(stderr, gc.Equals, `
WARNING: The "userpass" auth-type is deprecated, and will be removed soon.
Please update the credential in ~/.local/share/juju/credentials.yaml,
changing auth-type to "service-principal-secret", and dropping the tenant-id field.
`[1:])
}
func (s *controllerSuite) makeCloudSpec(c *gc.C, pSpec *params.CloudSpec) environs.CloudSpec {
c.Assert(pSpec, gc.NotNil)
var credential *cloud.Credential
if pSpec.Credential != nil {
credentialValue := cloud.NewCredential(
cloud.AuthType(pSpec.Credential.AuthType),
pSpec.Credential.Attributes,
)
credential = &credentialValue
}
spec := environs.CloudSpec{
Type: pSpec.Type,
Name: pSpec.Name,
Region: pSpec.Region,
Endpoint: pSpec.Endpoint,
IdentityEndpoint: pSpec.IdentityEndpoint,
StorageEndpoint: pSpec.StorageEndpoint,
Credential: credential,
}
c.Assert(spec.Validate(), jc.ErrorIsNil)
return spec
}
func (c *addCredentialCommand) promptAuthType(out io.Writer, in io.Reader, authTypes []jujucloud.AuthType) (jujucloud.AuthType, error) {
if len(authTypes) == 1 {
fmt.Fprintf(out, "Using auth-type %q.\n", authTypes[0])
return authTypes[0], nil
}
authType := ""
choices := make([]string, len(authTypes))
for i, a := range authTypes {
choices[i] = string(a)
if i == 0 {
choices[i] += "*"
}
}
for {
fmt.Fprintf(out, "Auth Types\n%s\n\nSelect auth-type: ",
strings.Join(choices, "\n"))
input, err := readLine(in)
if err != nil {
return "", errors.Trace(err)
}
authType = strings.ToLower(strings.TrimSpace(input))
if authType == "" {
authType = string(authTypes[0])
}
isValid := false
for _, a := range authTypes {
if string(a) == authType {
isValid = true
break
}
}
if isValid {
break
}
fmt.Fprintf(out, "Invalid auth type %q.\n", authType)
}
return jujucloud.AuthType(authType), nil
}
func cloudFromParams(p params.Cloud) jujucloud.Cloud {
authTypes := make([]jujucloud.AuthType, len(p.AuthTypes))
for i, authType := range p.AuthTypes {
authTypes[i] = jujucloud.AuthType(authType)
}
regions := make([]jujucloud.Region, len(p.Regions))
for i, region := range p.Regions {
regions[i] = jujucloud.Region{
Name: region.Name,
Endpoint: region.Endpoint,
IdentityEndpoint: region.IdentityEndpoint,
StorageEndpoint: region.StorageEndpoint,
}
}
return jujucloud.Cloud{
Type: p.Type,
AuthTypes: authTypes,
Endpoint: p.Endpoint,
IdentityEndpoint: p.IdentityEndpoint,
StorageEndpoint: p.StorageEndpoint,
Regions: regions,
}
}
func (s *credentialsSuite) TestFinalizeCredentialInteractive(c *gc.C) {
in := cloud.NewCredential("interactive", map[string]string{"subscription-id": "subscription"})
ctx := coretesting.Context(c)
out, err := s.provider.FinalizeCredential(ctx, environs.FinalizeCredentialParams{
Credential: in,
CloudEndpoint: "https://arm.invalid",
CloudIdentityEndpoint: "https://graph.invalid",
})
c.Assert(err, jc.ErrorIsNil)
c.Assert(out, gc.NotNil)
c.Assert(out.AuthType(), gc.Equals, cloud.AuthType("service-principal-secret"))
c.Assert(out.Attributes(), jc.DeepEquals, map[string]string{
"application-id": "appid",
"application-password": "******",
"subscription-id": "subscription",
})
s.interactiveCreateServicePrincipalCreator.CheckCallNames(c, "InteractiveCreateServicePrincipal")
args := s.interactiveCreateServicePrincipalCreator.Calls()[0].Args
c.Assert(args[3], gc.Equals, "https://arm.invalid")
c.Assert(args[4], gc.Equals, "https://graph.invalid")
c.Assert(args[5], gc.Equals, "subscription")
}
// UpdateCredentials updates a set of cloud credentials.
func (api *CloudAPI) UpdateCredentials(args params.UpdateCloudCredentials) (params.ErrorResults, error) {
results := params.ErrorResults{
Results: make([]params.ErrorResult, len(args.Credentials)),
}
authFunc, err := api.getCredentialsAuthFunc()
if err != nil {
return results, err
}
for i, arg := range args.Credentials {
tag, err := names.ParseCloudCredentialTag(arg.Tag)
if err != nil {
results.Results[i].Error = common.ServerError(err)
continue
}
// NOTE(axw) if we add ACLs for cloud credentials, we'll need
// to change this auth check.
if !authFunc(tag.Owner()) {
results.Results[i].Error = common.ServerError(common.ErrPerm)
continue
}
in := cloud.NewCredential(
cloud.AuthType(arg.Credential.AuthType),
arg.Credential.Attributes,
)
if err := api.backend.UpdateCloudCredential(tag, in); err != nil {
if errors.IsNotFound(err) {
err = errors.Errorf(
"cannot update credential %q: controller does not manage cloud %q",
tag.Name(), tag.Cloud().Id())
}
results.Results[i].Error = common.ServerError(err)
continue
}
}
return results, nil
}
func (c cloudCredentialDoc) toCredential() cloud.Credential {
out := cloud.NewCredential(cloud.AuthType(c.AuthType), c.Attributes)
out.Revoked = c.Revoked
out.Label = c.Name
return out
}