func (s *modelManagerBaseSuite) setAPIUser(c *gc.C, user names.UserTag) { s.authoriser.Tag = user modelmanager, err := modelmanager.NewModelManagerAPI( modelmanager.NewStateBackend(s.State), s.authoriser, ) c.Assert(err, jc.ErrorIsNil) s.modelmanager = modelmanager }
func (s *modelManagerSuite) TestNewAPIRefusesNonClient(c *gc.C) { anAuthoriser := s.authoriser anAuthoriser.Tag = names.NewUnitTag("mysql/0") endPoint, err := modelmanager.NewModelManagerAPI( modelmanager.NewStateBackend(s.State), anAuthoriser, ) c.Assert(endPoint, gc.IsNil) c.Assert(err, gc.ErrorMatches, "permission denied") }
func (s *modelManagerSuite) TestNewAPIAcceptsClient(c *gc.C) { anAuthoriser := s.authoriser anAuthoriser.Tag = names.NewUserTag("external@remote") endPoint, err := modelmanager.NewModelManagerAPI( modelmanager.NewStateBackend(s.State), anAuthoriser, ) c.Assert(err, jc.ErrorIsNil) c.Assert(endPoint, gc.NotNil) }
// AddUser adds a user with a username, and either a password or // a randomly generated secret key which will be returned. func (api *UserManagerAPI) AddUser(args params.AddUsers) (params.AddUserResults, error) { result := params.AddUserResults{ Results: make([]params.AddUserResult, len(args.Users)), } if err := api.check.ChangeAllowed(); err != nil { return result, errors.Trace(err) } if len(args.Users) == 0 { return result, nil } if !api.isAdmin { return result, common.ErrPerm } for i, arg := range args.Users { var user *state.User var err error if arg.Password != "" { user, err = api.state.AddUser(arg.Username, arg.DisplayName, arg.Password, api.apiUser.Id()) } else { user, err = api.state.AddUserWithSecretKey(arg.Username, arg.DisplayName, api.apiUser.Id()) } if err != nil { err = errors.Annotate(err, "failed to create user") result.Results[i].Error = common.ServerError(err) continue } else { result.Results[i] = params.AddUserResult{ Tag: user.Tag().String(), SecretKey: user.SecretKey(), } } if len(arg.SharedModelTags) > 0 { modelAccess, err := modelmanager.FromModelAccessParam(arg.ModelAccess) if err != nil { err = errors.Annotatef(err, "user %q created but models not shared", arg.Username) result.Results[i].Error = common.ServerError(err) continue } userTag := user.Tag().(names.UserTag) for _, modelTagStr := range arg.SharedModelTags { modelTag, err := names.ParseModelTag(modelTagStr) if err != nil { err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr) result.Results[i].Error = common.ServerError(err) break } err = modelmanager.ChangeModelAccess( modelmanager.NewStateBackend(api.state), modelTag, api.apiUser, userTag, params.GrantModelAccess, modelAccess, api.isAdmin) if err != nil { err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr) result.Results[i].Error = common.ServerError(err) break } } } } return result, nil }