func (s *CloudSpecSuite) SetUpTest(c *gc.C) { s.IsolationSuite.SetUpTest(c) s.Stub.ResetCalls() s.authFunc = func(tag names.Tag) bool { s.AddCall("Auth", tag) return tag == coretesting.ModelTag } s.api = cloudspec.NewCloudSpec(func(tag names.ModelTag) (environs.CloudSpec, error) { s.AddCall("CloudSpec", tag) return s.result, s.NextErr() }, func() (common.AuthFunc, error) { s.AddCall("GetAuthFunc") return s.authFunc, s.NextErr() }) credential := cloud.NewCredential( "auth-type", map[string]string{"k": "v"}, ) s.result = environs.CloudSpec{ "type", "name", "region", "endpoint", "identity-endpoint", "storage-endpoint", &credential, } }
// NewControllerAPI creates a new api server endpoint for managing // environments. func NewControllerAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*ControllerAPI, error) { if !authorizer.AuthClient() { return nil, errors.Trace(common.ErrPerm) } // Since we know this is a user tag (because AuthClient is true), // we just do the type assertion to the UserTag. apiUser, _ := authorizer.GetAuthTag().(names.UserTag) environConfigGetter := stateenvirons.EnvironConfigGetter{st} return &ControllerAPI{ ControllerConfigAPI: common.NewControllerConfig(st), CloudSpecAPI: cloudspec.NewCloudSpec(environConfigGetter.CloudSpec, common.AuthFuncForTag(st.ModelTag())), state: st, authorizer: authorizer, apiUser: apiUser, resources: resources, }, nil }
// NewFirewallerAPI creates a new server-side FirewallerAPI facade. func NewFirewallerAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*FirewallerAPI, error) { if !authorizer.AuthModelManager() { // Firewaller must run as environment manager. return nil, common.ErrPerm } // Set up the various authorization checkers. accessEnviron := common.AuthFuncForTagKind(names.ModelTagKind) accessUnit := common.AuthFuncForTagKind(names.UnitTagKind) accessService := common.AuthFuncForTagKind(names.ApplicationTagKind) accessMachine := common.AuthFuncForTagKind(names.MachineTagKind) accessUnitOrService := common.AuthEither(accessUnit, accessService) accessUnitServiceOrMachine := common.AuthEither(accessUnitOrService, accessMachine) // Life() is supported for units, services or machines. lifeGetter := common.NewLifeGetter( st, accessUnitServiceOrMachine, ) // ModelConfig() and WatchForModelConfigChanges() are allowed // with unrestriced access. modelWatcher := common.NewModelWatcher( st, resources, authorizer, ) // Watch() is supported for applications only. entityWatcher := common.NewAgentEntityWatcher( st, resources, accessService, ) // WatchUnits() is supported for machines. unitsWatcher := common.NewUnitsWatcher(st, resources, accessMachine, ) // WatchModelMachines() is allowed with unrestricted access. machinesWatcher := common.NewModelMachinesWatcher( st, resources, authorizer, ) // InstanceId() is supported for machines. instanceIdGetter := common.NewInstanceIdGetter( st, accessMachine, ) environConfigGetter := stateenvirons.EnvironConfigGetter{st} cloudSpecAPI := cloudspec.NewCloudSpec(environConfigGetter.CloudSpec, common.AuthFuncForTag(st.ModelTag())) return &FirewallerAPI{ LifeGetter: lifeGetter, ModelWatcher: modelWatcher, AgentEntityWatcher: entityWatcher, UnitsWatcher: unitsWatcher, ModelMachinesWatcher: machinesWatcher, InstanceIdGetter: instanceIdGetter, CloudSpecAPI: cloudSpecAPI, st: st, resources: resources, authorizer: authorizer, accessUnit: accessUnit, accessService: accessService, accessMachine: accessMachine, accessEnviron: accessEnviron, }, nil }