Esempio n. 1
0
func (s *modelManagerBaseSuite) setAPIUser(c *gc.C, user names.UserTag) {
	s.authoriser.Tag = user
	modelmanager, err := modelmanager.NewModelManagerAPI(
		modelmanager.NewStateBackend(s.State), s.authoriser,
	)
	c.Assert(err, jc.ErrorIsNil)
	s.modelmanager = modelmanager
}
Esempio n. 2
0
func (s *modelManagerSuite) TestNewAPIRefusesNonClient(c *gc.C) {
	anAuthoriser := s.authoriser
	anAuthoriser.Tag = names.NewUnitTag("mysql/0")
	endPoint, err := modelmanager.NewModelManagerAPI(
		modelmanager.NewStateBackend(s.State), anAuthoriser,
	)
	c.Assert(endPoint, gc.IsNil)
	c.Assert(err, gc.ErrorMatches, "permission denied")
}
Esempio n. 3
0
func (s *modelManagerSuite) TestNewAPIAcceptsClient(c *gc.C) {
	anAuthoriser := s.authoriser
	anAuthoriser.Tag = names.NewUserTag("external@remote")
	endPoint, err := modelmanager.NewModelManagerAPI(
		modelmanager.NewStateBackend(s.State), anAuthoriser,
	)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(endPoint, gc.NotNil)
}
Esempio n. 4
0
// AddUser adds a user with a username, and either a password or
// a randomly generated secret key which will be returned.
func (api *UserManagerAPI) AddUser(args params.AddUsers) (params.AddUserResults, error) {
	result := params.AddUserResults{
		Results: make([]params.AddUserResult, len(args.Users)),
	}
	if err := api.check.ChangeAllowed(); err != nil {
		return result, errors.Trace(err)
	}

	if len(args.Users) == 0 {
		return result, nil
	}
	if !api.isAdmin {
		return result, common.ErrPerm
	}

	for i, arg := range args.Users {
		var user *state.User
		var err error
		if arg.Password != "" {
			user, err = api.state.AddUser(arg.Username, arg.DisplayName, arg.Password, api.apiUser.Id())
		} else {
			user, err = api.state.AddUserWithSecretKey(arg.Username, arg.DisplayName, api.apiUser.Id())
		}
		if err != nil {
			err = errors.Annotate(err, "failed to create user")
			result.Results[i].Error = common.ServerError(err)
			continue
		} else {
			result.Results[i] = params.AddUserResult{
				Tag:       user.Tag().String(),
				SecretKey: user.SecretKey(),
			}
		}

		if len(arg.SharedModelTags) > 0 {
			modelAccess, err := modelmanager.FromModelAccessParam(arg.ModelAccess)
			if err != nil {
				err = errors.Annotatef(err, "user %q created but models not shared", arg.Username)
				result.Results[i].Error = common.ServerError(err)
				continue
			}
			userTag := user.Tag().(names.UserTag)
			for _, modelTagStr := range arg.SharedModelTags {
				modelTag, err := names.ParseModelTag(modelTagStr)
				if err != nil {
					err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr)
					result.Results[i].Error = common.ServerError(err)
					break
				}
				err = modelmanager.ChangeModelAccess(
					modelmanager.NewStateBackend(api.state), modelTag, api.apiUser,
					userTag, params.GrantModelAccess, modelAccess, api.isAdmin)
				if err != nil {
					err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr)
					result.Results[i].Error = common.ServerError(err)
					break
				}
			}
		}
	}
	return result, nil
}