func (s *upgraderSuite) TestUpgraderAPIRefusesNonMachineAgent(c *gc.C) {
anAuthorizer := s.authorizer
anAuthorizer.UnitAgent = true
anAuthorizer.MachineAgent = false
anUpgrader, err := upgrader.NewUpgraderAPI(s.State, s.resources, anAuthorizer)
c.Check(err, gc.NotNil)
c.Check(anUpgrader, gc.IsNil)
c.Assert(err, gc.ErrorMatches, "permission denied")
}
func (s *upgraderSuite) TestDesiredVersionRefusesWrongAgent(c *gc.C) {
anAuthorizer := s.authorizer
anAuthorizer.Tag = "machine-12354"
anUpgrader, err := upgrader.NewUpgraderAPI(s.State, s.resources, anAuthorizer)
c.Check(err, gc.IsNil)
args := params.Entities{
Entities: []params.Entity{{Tag: s.rawMachine.Tag()}},
}
results, err := anUpgrader.DesiredVersion(args)
// It is not an error to make the request, but the specific item is rejected
c.Assert(err, gc.IsNil)
c.Check(results.Results, gc.HasLen, 1)
toolResult := results.Results[0]
c.Assert(toolResult.Error, gc.DeepEquals, apiservertesting.ErrUnauthorized)
}
func (s *upgraderSuite) TestWatchAPIVersionRefusesWrongAgent(c *gc.C) {
// We are a machine agent, but not the one we are trying to track
anAuthorizer := s.authorizer
anAuthorizer.Tag = "machine-12354"
anUpgrader, err := upgrader.NewUpgraderAPI(s.State, s.resources, anAuthorizer)
c.Check(err, gc.IsNil)
args := params.Entities{
Entities: []params.Entity{{Tag: s.rawMachine.Tag()}},
}
results, err := anUpgrader.WatchAPIVersion(args)
// It is not an error to make the request, but the specific item is rejected
c.Assert(err, gc.IsNil)
c.Check(results.Results, gc.HasLen, 1)
c.Check(results.Results[0].NotifyWatcherId, gc.Equals, "")
c.Assert(results.Results[0].Error, gc.DeepEquals, apiservertesting.ErrUnauthorized)
}
func (s *upgraderSuite) TestSetToolsRefusesWrongAgent(c *gc.C) {
anAuthorizer := s.authorizer
anAuthorizer.Tag = "machine-12354"
anUpgrader, err := upgrader.NewUpgraderAPI(s.State, s.resources, anAuthorizer)
c.Check(err, gc.IsNil)
args := params.EntitiesVersion{
AgentTools: []params.EntityVersion{{
Tag: s.rawMachine.Tag(),
Tools: ¶ms.Version{
Version: version.Current,
},
}},
}
results, err := anUpgrader.SetTools(args)
c.Assert(results.Results, gc.HasLen, 1)
c.Assert(results.Results[0].Error, gc.DeepEquals, apiservertesting.ErrUnauthorized)
}
func (s *upgraderSuite) TestDesiredVersionUnrestrictedForAPIAgents(c *gc.C) {
newVersion := s.bumpDesiredAgentVersion(c)
// Grab a different Upgrader for the apiMachine
authorizer := apiservertesting.FakeAuthorizer{
Tag: s.apiMachine.Tag(),
LoggedIn: true,
MachineAgent: true,
}
upgraderAPI, err := upgrader.NewUpgraderAPI(s.State, s.resources, authorizer)
c.Assert(err, gc.IsNil)
args := params.Entities{Entities: []params.Entity{{Tag: s.apiMachine.Tag()}}}
results, err := upgraderAPI.DesiredVersion(args)
c.Assert(err, gc.IsNil)
c.Check(results.Results, gc.HasLen, 1)
c.Assert(results.Results[0].Error, gc.IsNil)
agentVersion := results.Results[0].Version
c.Assert(agentVersion, gc.NotNil)
c.Check(*agentVersion, gc.DeepEquals, newVersion)
}
// Upgrader returns an object that provides access to the Upgrader API facade.
// The id argument is reserved for future use and must be empty.
func (r *srvRoot) Upgrader(id string) (upgrader.Upgrader, error) {
if id != "" {
// TODO: There is no direct test for this
return nil, common.ErrBadId
}
// The type of upgrader we return depends on who is asking.
// Machines get an UpgraderAPI, units get a UnitUpgraderAPI.
// This is tested in the state/api/upgrader package since there
// are currently no direct srvRoot tests.
tagKind, _, err := names.ParseTag(r.GetAuthTag(), "")
if err != nil {
return nil, common.ErrPerm
}
switch tagKind {
case names.MachineTagKind:
return upgrader.NewUpgraderAPI(r.srv.state, r.resources, r)
case names.UnitTagKind:
return upgrader.NewUnitUpgraderAPI(r.srv.state, r.resources, r, r.srv.dataDir)
}
// Not a machine or unit.
return nil, common.ErrPerm
}
func (s *upgraderSuite) SetUpTest(c *gc.C) {
s.JujuConnSuite.SetUpTest(c)
s.resources = common.NewResources()
// Create a machine to work with
var err error
// The first machine created is the only one allowed to
// JobManageEnviron
s.apiMachine, err = s.State.AddMachine("quantal", state.JobHostUnits,
state.JobManageEnviron)
c.Assert(err, gc.IsNil)
s.rawMachine, err = s.State.AddMachine("quantal", state.JobHostUnits)
c.Assert(err, gc.IsNil)
// The default auth is as the machine agent
s.authorizer = apiservertesting.FakeAuthorizer{
Tag: s.rawMachine.Tag(),
LoggedIn: true,
MachineAgent: true,
}
s.upgrader, err = upgrader.NewUpgraderAPI(s.State, s.resources, s.authorizer)
c.Assert(err, gc.IsNil)
}