// NewUpgraderAPI creates a new server-side UpgraderAPI facade.
func NewUpgraderAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*UpgraderAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getCanReadWrite := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
env, err := st.Model()
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(env.UUID(), st)
configGetter := stateenvirons.EnvironConfigGetter{st}
return &UpgraderAPI{
ToolsGetter: common.NewToolsGetter(st, configGetter, st, urlGetter, getCanReadWrite),
ToolsSetter: common.NewToolsSetter(st, getCanReadWrite),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}
func (s *toolsSuite) TestTools(c *gc.C) {
getCanRead := func() (common.AuthFunc, error) {
return func(tag names.Tag) bool {
return tag == names.NewMachineTag("0") || tag == names.NewMachineTag("42")
}, nil
}
tg := common.NewToolsGetter(s.State, s.State, s.State, sprintfURLGetter("tools:%s"), getCanRead)
c.Assert(tg, gc.NotNil)
err := s.machine0.SetAgentVersion(current)
c.Assert(err, jc.ErrorIsNil)
args := params.Entities{
Entities: []params.Entity{
{Tag: "machine-0"},
{Tag: "machine-1"},
{Tag: "machine-42"},
}}
result, err := tg.Tools(args)
c.Assert(err, jc.ErrorIsNil)
c.Assert(result.Results, gc.HasLen, 3)
c.Assert(result.Results[0].Error, gc.IsNil)
c.Assert(result.Results[0].Tools, gc.NotNil)
c.Assert(result.Results[0].Tools.Version, gc.DeepEquals, current)
c.Assert(result.Results[0].Tools.URL, gc.Equals, "tools:"+current.String())
c.Assert(result.Results[0].DisableSSLHostnameVerification, jc.IsTrue)
c.Assert(result.Results[1].Error, gc.DeepEquals, apiservertesting.ErrUnauthorized)
c.Assert(result.Results[2].Error, gc.DeepEquals, apiservertesting.NotFoundError("machine 42"))
}
func (s *toolsSuite) TestToolsError(c *gc.C) {
getCanRead := func() (common.AuthFunc, error) {
return nil, fmt.Errorf("splat")
}
tg := common.NewToolsGetter(s.State, s.State, s.State, sprintfURLGetter("%s"), getCanRead)
args := params.Entities{
Entities: []params.Entity{{Tag: "machine-42"}},
}
result, err := tg.Tools(args)
c.Assert(err, gc.ErrorMatches, "splat")
c.Assert(result.Results, gc.HasLen, 1)
}
// NewUpgraderAPI creates a new client-side UpgraderAPI facade.
func NewUpgraderAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*UpgraderAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getCanReadWrite := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &UpgraderAPI{
ToolsGetter: common.NewToolsGetter(st, getCanReadWrite),
ToolsSetter: common.NewToolsSetter(st, getCanReadWrite),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}
// NewProvisionerAPI creates a new server-side ProvisionerAPI facade.
func NewProvisionerAPI(st *state.State, resources facade.Resources, authorizer facade.Authorizer) (*ProvisionerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
isModelManager := authorizer.AuthModelManager()
isMachineAgent := authorizer.AuthMachineAgent()
authEntityTag := authorizer.GetAuthTag()
return func(tag names.Tag) bool {
if isMachineAgent && tag == authEntityTag {
// A machine agent can always access its own machine.
return true
}
switch tag := tag.(type) {
case names.MachineTag:
parentId := state.ParentId(tag.Id())
if parentId == "" {
// All top-level machines are accessible by the
// environment manager.
return isModelManager
}
// All containers with the authenticated machine as a
// parent are accessible by it.
// TODO(dfc) sometimes authEntity tag is nil, which is fine because nil is
// only equal to nil, but it suggests someone is passing an authorizer
// with a nil tag.
return isMachineAgent && names.NewMachineTag(parentId) == authEntityTag
default:
return false
}
}, nil
}
getAuthOwner := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
model, err := st.Model()
if err != nil {
return nil, err
}
configGetter := stateenvirons.EnvironConfigGetter{st}
env, err := environs.GetEnviron(configGetter, environs.New)
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(model.UUID(), st)
storageProviderRegistry := stateenvirons.NewStorageProviderRegistry(env)
return &ProvisionerAPI{
Remover: common.NewRemover(st, false, getAuthFunc),
StatusSetter: common.NewStatusSetter(st, getAuthFunc),
StatusGetter: common.NewStatusGetter(st, getAuthFunc),
DeadEnsurer: common.NewDeadEnsurer(st, getAuthFunc),
PasswordChanger: common.NewPasswordChanger(st, getAuthFunc),
LifeGetter: common.NewLifeGetter(st, getAuthFunc),
StateAddresser: common.NewStateAddresser(st),
APIAddresser: common.NewAPIAddresser(st, resources),
ModelWatcher: common.NewModelWatcher(st, resources, authorizer),
ModelMachinesWatcher: common.NewModelMachinesWatcher(st, resources, authorizer),
ControllerConfigAPI: common.NewControllerConfig(st),
InstanceIdGetter: common.NewInstanceIdGetter(st, getAuthFunc),
ToolsFinder: common.NewToolsFinder(configGetter, st, urlGetter),
ToolsGetter: common.NewToolsGetter(st, configGetter, st, urlGetter, getAuthOwner),
st: st,
resources: resources,
authorizer: authorizer,
configGetter: configGetter,
storageProviderRegistry: storageProviderRegistry,
storagePoolManager: poolmanager.New(state.NewStateSettings(st), storageProviderRegistry),
getAuthFunc: getAuthFunc,
}, nil
}