func NewService(p ServiceParams) *Service {
checker := checkers.New(p.CaveatChecker)
return &Service{
p: p,
caveatChecker: checker,
}
}
// newAuthHTTPService returns a new HTTP service that serves requests from the given handler.
// The entities map holds an entry for each known entity holding a map from action to ACL.
// The checker is used to check first party caveats and may be nil.
func newAuthHTTPService(handler AuthHTTPHandler, idm auth.IdentityClient, acls ACLGetter, caveatChecker checkers.Checker) *httptest.Server {
if caveatChecker == nil {
caveatChecker = checkers.New()
}
store := newMacaroonStore()
service := auth.NewService(auth.ServiceParams{
CaveatChecker: caveatChecker,
UserChecker: &aclUserChecker{acls},
IdentityClient: idm,
MacaroonStore: store,
})
return httptest.NewServer(checkHTTPAuth(service, store, handler))
}
"gopkg.in/macaroon.v2-unstable"
"github.com/rogpeppe/misc/auth"
"gopkg.in/macaroon-bakery.v2-unstable/bakery"
"gopkg.in/macaroon-bakery.v2-unstable/bakery/checkers"
"gopkg.in/macaroon-bakery.v2-unstable/bakerytest"
"gopkg.in/macaroon-bakery.v2-unstable/httpbakery"
)
var logger = loggo.GetLogger("bakery.auth_test")
const Everyone = "everyone"
var allCheckers = checkers.New(
checkers.TimeBefore,
checkers.Declared,
checkers.OperationChecker,
)
// TODO move idmclient to latest bakery version so we can avoid
// double dependencies above.
type authSuite struct {
jujutesting.LoggingSuite
}
var _ = gc.Suite(&authSuite{})
// AuthHTTPHandler represents an HTTP handler that can be queried
// for authorization information.
type AuthHTTPHandler interface {
