func (*removeSuite) TestRemove(c *gc.C) { st := &fakeState{ entities: map[names.Tag]entityWithError{ u("x/0"): &fakeRemover{life: state.Dying, errEnsureDead: fmt.Errorf("x0 EnsureDead fails")}, u("x/1"): &fakeRemover{life: state.Dying, errRemove: fmt.Errorf("x1 Remove fails")}, u("x/2"): &fakeRemover{life: state.Alive}, u("x/3"): &fakeRemover{life: state.Dying}, u("x/4"): &fakeRemover{life: state.Dead}, u("x/5"): &fakeRemover{fetchError: "x5 error"}, }, } getCanModify := func() (common.AuthFunc, error) { u0 := u("x/0") u1 := u("x/1") u2 := u("x/2") u3 := u("x/3") u5 := u("x/5") return func(tag names.Tag) bool { return tag == u0 || tag == u1 || tag == u2 || tag == u3 || tag == u5 }, nil } r := common.NewRemover(st, true, getCanModify) entities := params.Entities{[]params.Entity{ {"unit-x-0"}, {"unit-x-1"}, {"unit-x-2"}, {"unit-x-3"}, {"unit-x-4"}, {"unit-x-5"}, {"unit-x-6"}, }} result, err := r.Remove(entities) c.Assert(err, gc.IsNil) c.Assert(result, gc.DeepEquals, params.ErrorResults{ Results: []params.ErrorResult{ {¶ms.Error{Message: "x0 EnsureDead fails"}}, {¶ms.Error{Message: "x1 Remove fails"}}, {¶ms.Error{Message: `cannot remove entity "unit-x-2": still alive`}}, {nil}, {apiservertesting.ErrUnauthorized}, {¶ms.Error{Message: "x5 error"}}, {apiservertesting.ErrUnauthorized}, }, }) // Make sure when callEnsureDead is false EnsureDead() doesn't // get called. r = common.NewRemover(st, false, getCanModify) entities = params.Entities{[]params.Entity{{"unit-x-0"}, {"unit-x-1"}}} result, err = r.Remove(entities) c.Assert(err, gc.IsNil) c.Assert(result, gc.DeepEquals, params.ErrorResults{ Results: []params.ErrorResult{ {nil}, {¶ms.Error{Message: "x1 Remove fails"}}, }, }) }
// NewAddresserAPI creates a new server-side Addresser API facade. func NewAddresserAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*AddresserAPI, error) { isEnvironManager := authorizer.AuthEnvironManager() if !isEnvironManager { // Addresser must run as environment manager. return nil, common.ErrPerm } getAuthFunc := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { return isEnvironManager }, nil } sti := getState(st) return &AddresserAPI{ EnvironWatcher: common.NewEnvironWatcher(sti, resources, authorizer), LifeGetter: common.NewLifeGetter(sti, getAuthFunc), Remover: common.NewRemover(sti, false, getAuthFunc), st: sti, resources: resources, authorizer: authorizer, }, nil }
func (*removeSuite) TestRemoveError(c *gc.C) { getCanModify := func() (common.AuthFunc, error) { return nil, fmt.Errorf("pow") } r := common.NewRemover(&fakeState{}, true, getCanModify) _, err := r.Remove(params.Entities{[]params.Entity{{"x0"}}}) c.Assert(err, gc.ErrorMatches, "pow") }
func (*removeSuite) TestRemoveNoArgsNoError(c *gc.C) { getCanModify := func() (common.AuthFunc, error) { return nil, fmt.Errorf("pow") } r := common.NewRemover(&fakeState{}, true, getCanModify) result, err := r.Remove(params.Entities{}) c.Assert(err, gc.IsNil) c.Assert(result.Results, gc.HasLen, 0) }
// NewProvisionerAPI creates a new server-side ProvisionerAPI facade. func NewProvisionerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*ProvisionerAPI, error) { if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() { return nil, common.ErrPerm } getAuthFunc := func() (common.AuthFunc, error) { isEnvironManager := authorizer.AuthEnvironManager() isMachineAgent := authorizer.AuthMachineAgent() authEntityTag := authorizer.GetAuthTag() return func(tag names.Tag) bool { if isMachineAgent && tag == authEntityTag { // A machine agent can always access its own machine. return true } switch tag := tag.(type) { case names.MachineTag: parentId := state.ParentId(tag.Id()) if parentId == "" { // All top-level machines are accessible by the // environment manager. return isEnvironManager } // All containers with the authenticated machine as a // parent are accessible by it. // TODO(dfc) sometimes authEntity tag is nil, which is fine because nil is // only equal to nil, but it suggests someone is passing an authorizer // with a nil tag. return isMachineAgent && names.NewMachineTag(parentId) == authEntityTag default: return false } }, nil } env, err := st.Environment() if err != nil { return nil, err } urlGetter := common.NewToolsURLGetter(env.UUID(), st) return &ProvisionerAPI{ Remover: common.NewRemover(st, false, getAuthFunc), StatusSetter: common.NewStatusSetter(st, getAuthFunc), StatusGetter: common.NewStatusGetter(st, getAuthFunc), DeadEnsurer: common.NewDeadEnsurer(st, getAuthFunc), PasswordChanger: common.NewPasswordChanger(st, getAuthFunc), LifeGetter: common.NewLifeGetter(st, getAuthFunc), StateAddresser: common.NewStateAddresser(st), APIAddresser: common.NewAPIAddresser(st, resources), EnvironWatcher: common.NewEnvironWatcher(st, resources, authorizer), EnvironMachinesWatcher: common.NewEnvironMachinesWatcher(st, resources, authorizer), InstanceIdGetter: common.NewInstanceIdGetter(st, getAuthFunc), ToolsFinder: common.NewToolsFinder(st, st, urlGetter), st: st, resources: resources, authorizer: authorizer, getAuthFunc: getAuthFunc, }, nil }
// NewDeployerAPI creates a new server-side DeployerAPI facade. func NewDeployerAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*DeployerAPI, error) { if !authorizer.AuthMachineAgent() { return nil, common.ErrPerm } getAuthFunc := func() (common.AuthFunc, error) { // Get all units of the machine and cache them. thisMachineTag := authorizer.GetAuthTag() units, err := getAllUnits(st, thisMachineTag) if err != nil { return nil, err } // Then we just check if the unit is already known. return func(tag names.Tag) bool { for _, unit := range units { // TODO (thumper): remove the names.Tag conversion when gccgo // implements concrete-type-to-interface comparison correctly. if names.Tag(names.NewUnitTag(unit)) == tag { return true } } return false }, nil } getCanWatch := func() (common.AuthFunc, error) { return authorizer.AuthOwner, nil } return &DeployerAPI{ Remover: common.NewRemover(st, true, getAuthFunc), PasswordChanger: common.NewPasswordChanger(st, getAuthFunc), LifeGetter: common.NewLifeGetter(st, getAuthFunc), StateAddresser: common.NewStateAddresser(st), APIAddresser: common.NewAPIAddresser(st, resources), UnitsWatcher: common.NewUnitsWatcher(st, resources, getCanWatch), StatusSetter: common.NewStatusSetter(st, getAuthFunc), st: st, resources: resources, authorizer: authorizer, }, nil }