func (s *AuthKeysSuite) TestFinalizeAuthorizedKeysDefault(c *gc.C) { writeFile(c, filepath.Join(s.dotssh, "id_rsa.pub"), "meep") attrs := map[string]interface{}{} err := common.FinalizeAuthorizedKeys(testing.Context(c), attrs) c.Assert(err, jc.ErrorIsNil) c.Assert(attrs, jc.DeepEquals, map[string]interface{}{"authorized-keys": "meep\n"}) }
func (c *addModelCommand) getConfigValues(ctx *cmd.Context) (map[string]interface{}, error) { configValues, err := c.Config.ReadAttrs(ctx) if err != nil { return nil, errors.Annotate(err, "unable to parse config") } coercedValues, err := common.ConformYAML(configValues) if err != nil { return nil, errors.Annotatef(err, "unable to parse config") } attrs, ok := coercedValues.(map[string]interface{}) if !ok { return nil, errors.New("params must contain a YAML map with string keys") } if err := common.FinalizeAuthorizedKeys(ctx, attrs); err != nil { if errors.Cause(err) != common.ErrNoAuthorizedKeys { return nil, errors.Trace(err) } } return attrs, nil }
// Run connects to the environment specified on the command line and bootstraps // a juju in that environment if none already exists. If there is as yet no environments.yaml file, // the user is informed how to create one. func (c *bootstrapCommand) Run(ctx *cmd.Context) (resultErr error) { if err := c.parseConstraints(ctx); err != nil { return err } if c.BootstrapImage != "" { if c.BootstrapSeries == "" { return errors.Errorf("--bootstrap-image must be used with --bootstrap-series") } cons, err := constraints.Merge(c.Constraints, c.BootstrapConstraints) if err != nil { return errors.Trace(err) } if !cons.HasArch() { return errors.Errorf("--bootstrap-image must be used with --bootstrap-constraints, specifying architecture") } } if c.interactive { if err := c.runInteractive(ctx); err != nil { return errors.Trace(err) } // now run normal bootstrap using info gained above. } if c.showClouds { return printClouds(ctx, c.ClientStore()) } if c.showRegionsForCloud != "" { return printCloudRegions(ctx, c.showRegionsForCloud) } bootstrapFuncs := getBootstrapFuncs() // Get the cloud definition identified by c.Cloud. If c.Cloud does not // identify a cloud in clouds.yaml, but is the name of a provider, and // that provider implements environs.CloudRegionDetector, we'll // synthesise a Cloud structure with the detected regions and no auth- // types. cloud, err := jujucloud.CloudByName(c.Cloud) if errors.IsNotFound(err) { ctx.Verbosef("cloud %q not found, trying as a provider name", c.Cloud) provider, err := environs.Provider(c.Cloud) if errors.IsNotFound(err) { return errors.NewNotFound(nil, fmt.Sprintf("unknown cloud %q, please try %q", c.Cloud, "juju update-clouds")) } else if err != nil { return errors.Trace(err) } detector, ok := bootstrapFuncs.CloudRegionDetector(provider) if !ok { ctx.Verbosef( "provider %q does not support detecting regions", c.Cloud, ) return errors.NewNotFound(nil, fmt.Sprintf("unknown cloud %q, please try %q", c.Cloud, "juju update-clouds")) } var cloudEndpoint string regions, err := detector.DetectRegions() if errors.IsNotFound(err) { // It's not an error to have no regions. If the // provider does not support regions, then we // reinterpret the supplied region name as the // cloud's endpoint. This enables the user to // supply, for example, maas/<IP> or manual/<IP>. if c.Region != "" { ctx.Verbosef("interpreting %q as the cloud endpoint", c.Region) cloudEndpoint = c.Region c.Region = "" } } else if err != nil { return errors.Annotatef(err, "detecting regions for %q cloud provider", c.Cloud, ) } schemas := provider.CredentialSchemas() authTypes := make([]jujucloud.AuthType, 0, len(schemas)) for authType := range schemas { authTypes = append(authTypes, authType) } // Since we are iterating over a map, lets sort the authTypes so // they are always in a consistent order. sort.Sort(jujucloud.AuthTypes(authTypes)) cloud = &jujucloud.Cloud{ Type: c.Cloud, AuthTypes: authTypes, Endpoint: cloudEndpoint, Regions: regions, } } else if err != nil { return errors.Trace(err) } if err := checkProviderType(cloud.Type); errors.IsNotFound(err) { // This error will get handled later. } else if err != nil { return errors.Trace(err) } provider, err := environs.Provider(cloud.Type) if err != nil { return errors.Trace(err) } // Custom clouds may not have explicitly declared support for any auth- // types, in which case we'll assume that they support everything that // the provider supports. if len(cloud.AuthTypes) == 0 { for authType := range provider.CredentialSchemas() { cloud.AuthTypes = append(cloud.AuthTypes, authType) } } // Get the credentials and region name. store := c.ClientStore() var detectedCredentialName string credential, credentialName, regionName, err := modelcmd.GetCredentials( ctx, store, modelcmd.GetCredentialsParams{ Cloud: *cloud, CloudName: c.Cloud, CloudRegion: c.Region, CredentialName: c.CredentialName, }, ) if errors.Cause(err) == modelcmd.ErrMultipleCredentials { return ambiguousCredentialError } if errors.IsNotFound(err) && c.CredentialName == "" { // No credential was explicitly specified, and no credential // was found in credentials.yaml; have the provider detect // credentials from the environment. ctx.Verbosef("no credentials found, checking environment") detected, err := modelcmd.DetectCredential(c.Cloud, cloud.Type) if errors.Cause(err) == modelcmd.ErrMultipleCredentials { return ambiguousDetectedCredentialError } else if err != nil { return errors.Trace(err) } // We have one credential so extract it from the map. var oneCredential jujucloud.Credential for detectedCredentialName, oneCredential = range detected.AuthCredentials { } credential = &oneCredential regionName = c.Region if regionName == "" { regionName = detected.DefaultRegion } logger.Debugf( "authenticating with region %q and credential %q (%v)", regionName, detectedCredentialName, credential.Label, ) logger.Tracef("credential: %v", credential) } else if err != nil { return errors.Trace(err) } region, err := getRegion(cloud, c.Cloud, regionName) if err != nil { fmt.Fprintf(ctx.GetStderr(), "%s\n\nSpecify an alternative region, or try %q.", err, "juju update-clouds", ) return cmd.ErrSilent } controllerModelUUID, err := utils.NewUUID() if err != nil { return errors.Trace(err) } hostedModelUUID, err := utils.NewUUID() if err != nil { return errors.Trace(err) } controllerUUID, err := utils.NewUUID() if err != nil { return errors.Trace(err) } // Create a model config, and split out any controller // and bootstrap config attributes. modelConfigAttrs := map[string]interface{}{ "type": cloud.Type, "name": bootstrap.ControllerModelName, config.UUIDKey: controllerModelUUID.String(), } userConfigAttrs, err := c.config.ReadAttrs(ctx) if err != nil { return errors.Trace(err) } // The provider may define some custom attributes specific // to the provider. These will be added to the model config. providerAttrs := make(map[string]interface{}) if ps, ok := provider.(config.ConfigSchemaSource); ok { for attr := range ps.ConfigSchema() { if v, ok := userConfigAttrs[attr]; ok { providerAttrs[attr] = v } } fields := schema.FieldMap(ps.ConfigSchema(), ps.ConfigDefaults()) if coercedAttrs, err := fields.Coerce(providerAttrs, nil); err != nil { return errors.Annotatef(err, "invalid attribute value(s) for %v cloud", cloud.Type) } else { providerAttrs = coercedAttrs.(map[string]interface{}) } } logger.Debugf("provider attrs: %v", providerAttrs) for k, v := range userConfigAttrs { modelConfigAttrs[k] = v } // Provider specific attributes are either already specified in model // config (but may have been coerced), or were not present. Either way, // copy them in. for k, v := range providerAttrs { modelConfigAttrs[k] = v } bootstrapConfigAttrs := make(map[string]interface{}) controllerConfigAttrs := make(map[string]interface{}) // Based on the attribute names in clouds.yaml, create // a map of shared config for all models on this cloud. inheritedControllerAttrs := make(map[string]interface{}) for k, v := range cloud.Config { switch { case bootstrap.IsBootstrapAttribute(k): bootstrapConfigAttrs[k] = v continue case controller.ControllerOnlyAttribute(k): controllerConfigAttrs[k] = v continue } inheritedControllerAttrs[k] = v } for k, v := range modelConfigAttrs { switch { case bootstrap.IsBootstrapAttribute(k): bootstrapConfigAttrs[k] = v delete(modelConfigAttrs, k) case controller.ControllerOnlyAttribute(k): controllerConfigAttrs[k] = v delete(modelConfigAttrs, k) } } bootstrapConfig, err := bootstrap.NewConfig(bootstrapConfigAttrs) if err != nil { return errors.Annotate(err, "constructing bootstrap config") } controllerConfig, err := controller.NewConfig( controllerUUID.String(), bootstrapConfig.CACert, controllerConfigAttrs, ) if err != nil { return errors.Annotate(err, "constructing controller config") } if err := common.FinalizeAuthorizedKeys(ctx, modelConfigAttrs); err != nil { return errors.Annotate(err, "finalizing authorized-keys") } logger.Debugf("preparing controller with config: %v", modelConfigAttrs) // Read existing current controller so we can clean up on error. var oldCurrentController string oldCurrentController, err = store.CurrentController() if errors.IsNotFound(err) { oldCurrentController = "" } else if err != nil { return errors.Annotate(err, "error reading current controller") } defer func() { if resultErr == nil || errors.IsAlreadyExists(resultErr) { return } if oldCurrentController != "" { if err := store.SetCurrentController(oldCurrentController); err != nil { logger.Errorf( "cannot reset current controller to %q: %v", oldCurrentController, err, ) } } if err := store.RemoveController(c.controllerName); err != nil { logger.Errorf( "cannot destroy newly created controller %q details: %v", c.controllerName, err, ) } }() bootstrapModelConfig := make(map[string]interface{}) for k, v := range inheritedControllerAttrs { bootstrapModelConfig[k] = v } for k, v := range modelConfigAttrs { bootstrapModelConfig[k] = v } // Add in any default attribute values if not already // specified, making the recorded bootstrap config // immutable to changes in Juju. for k, v := range config.ConfigDefaults() { if _, ok := bootstrapModelConfig[k]; !ok { bootstrapModelConfig[k] = v } } environ, err := bootstrapPrepare( modelcmd.BootstrapContext(ctx), store, bootstrap.PrepareParams{ ModelConfig: bootstrapModelConfig, ControllerConfig: controllerConfig, ControllerName: c.controllerName, Cloud: environs.CloudSpec{ Type: cloud.Type, Name: c.Cloud, Region: region.Name, Endpoint: region.Endpoint, IdentityEndpoint: region.IdentityEndpoint, StorageEndpoint: region.StorageEndpoint, Credential: credential, }, CredentialName: credentialName, AdminSecret: bootstrapConfig.AdminSecret, }, ) if err != nil { return errors.Trace(err) } // Set the current model to the initial hosted model. if err := store.UpdateModel(c.controllerName, c.hostedModelName, jujuclient.ModelDetails{ hostedModelUUID.String(), }); err != nil { return errors.Trace(err) } if err := store.SetCurrentModel(c.controllerName, c.hostedModelName); err != nil { return errors.Trace(err) } // Set the current controller so "juju status" can be run while // bootstrapping is underway. if err := store.SetCurrentController(c.controllerName); err != nil { return errors.Trace(err) } cloudRegion := c.Cloud if region.Name != "" { cloudRegion = fmt.Sprintf("%s/%s", cloudRegion, region.Name) } ctx.Infof( "Creating Juju controller %q on %s", c.controllerName, cloudRegion, ) // If we error out for any reason, clean up the environment. defer func() { if resultErr != nil { if c.KeepBrokenEnvironment { ctx.Infof(` bootstrap failed but --keep-broken was specified so resources are not being destroyed. When you have finished diagnosing the problem, remember to clean up the failed controller. See `[1:] + "`juju kill-controller`" + `.`) } else { handleBootstrapError(ctx, resultErr, func() error { return environsDestroy( c.controllerName, environ, store, ) }) } } }() // Block interruption during bootstrap. Providers may also // register for interrupt notification so they can exit early. interrupted := make(chan os.Signal, 1) defer close(interrupted) ctx.InterruptNotify(interrupted) defer ctx.StopInterruptNotify(interrupted) go func() { for _ = range interrupted { ctx.Infof("Interrupt signalled: waiting for bootstrap to exit") } }() // If --metadata-source is specified, override the default tools metadata source so // SyncTools can use it, and also upload any image metadata. var metadataDir string if c.MetadataSource != "" { metadataDir = ctx.AbsPath(c.MetadataSource) } // Merge environ and bootstrap-specific constraints. constraintsValidator, err := environ.ConstraintsValidator() if err != nil { return errors.Trace(err) } bootstrapConstraints, err := constraintsValidator.Merge( c.Constraints, c.BootstrapConstraints, ) if err != nil { return errors.Trace(err) } logger.Infof("combined bootstrap constraints: %v", bootstrapConstraints) hostedModelConfig := map[string]interface{}{ "name": c.hostedModelName, config.UUIDKey: hostedModelUUID.String(), } for k, v := range inheritedControllerAttrs { hostedModelConfig[k] = v } // We copy across any user supplied attributes to the hosted model config. // But only if the attributes have not been removed from the controller // model config as part of preparing the controller model. controllerModelConfigAttrs := environ.Config().AllAttrs() for k, v := range userConfigAttrs { if _, ok := controllerModelConfigAttrs[k]; ok { hostedModelConfig[k] = v } } // Ensure that certain config attributes are not included in the hosted // model config. These attributes may be modified during bootstrap; by // removing them from this map, we ensure the modified values are // inherited. delete(hostedModelConfig, config.AuthorizedKeysKey) delete(hostedModelConfig, config.AgentVersionKey) // Check whether the Juju GUI must be installed in the controller. // Leaving this value empty means no GUI will be installed. var guiDataSourceBaseURL string if !c.noGUI { guiDataSourceBaseURL = common.GUIDataSourceBaseURL() } if credentialName == "" { // credentialName will be empty if the credential was detected. // We must supply a name for the credential in the database, // so choose one. credentialName = detectedCredentialName } err = bootstrapFuncs.Bootstrap(modelcmd.BootstrapContext(ctx), environ, bootstrap.BootstrapParams{ ModelConstraints: c.Constraints, BootstrapConstraints: bootstrapConstraints, BootstrapSeries: c.BootstrapSeries, BootstrapImage: c.BootstrapImage, Placement: c.Placement, BuildAgent: c.BuildAgent, BuildAgentTarball: sync.BuildAgentTarball, AgentVersion: c.AgentVersion, MetadataDir: metadataDir, Cloud: *cloud, CloudName: c.Cloud, CloudRegion: region.Name, CloudCredential: credential, CloudCredentialName: credentialName, ControllerConfig: controllerConfig, ControllerInheritedConfig: inheritedControllerAttrs, RegionInheritedConfig: cloud.RegionConfig, HostedModelConfig: hostedModelConfig, GUIDataSourceBaseURL: guiDataSourceBaseURL, AdminSecret: bootstrapConfig.AdminSecret, CAPrivateKey: bootstrapConfig.CAPrivateKey, DialOpts: environs.BootstrapDialOpts{ Timeout: bootstrapConfig.BootstrapTimeout, RetryDelay: bootstrapConfig.BootstrapRetryDelay, AddressesDelay: bootstrapConfig.BootstrapAddressesDelay, }, }) if err != nil { return errors.Annotate(err, "failed to bootstrap model") } if err := c.SetModelName(modelcmd.JoinModelName(c.controllerName, c.hostedModelName)); err != nil { return errors.Trace(err) } agentVersion := jujuversion.Current if c.AgentVersion != nil { agentVersion = *c.AgentVersion } err = common.SetBootstrapEndpointAddress(c.ClientStore(), c.controllerName, agentVersion, controllerConfig.APIPort(), environ) if err != nil { return errors.Annotate(err, "saving bootstrap endpoint address") } // To avoid race conditions when running scripted bootstraps, wait // for the controller's machine agent to be ready to accept commands // before exiting this bootstrap command. return waitForAgentInitialisation(ctx, &c.ModelCommandBase, c.controllerName, c.hostedModelName) }
func (s *AuthKeysSuite) TestFinalizeAuthorizedKeysNoop(c *gc.C) { attrs := map[string]interface{}{"authorized-keys": "meep"} err := common.FinalizeAuthorizedKeys(testing.Context(c), attrs) c.Assert(err, jc.ErrorIsNil) c.Assert(attrs, jc.DeepEquals, map[string]interface{}{"authorized-keys": "meep"}) }
func (s *AuthKeysSuite) TestFinalizeAuthorizedKeysConflict(c *gc.C) { attrs := map[string]interface{}{"authorized-keys": "foo", "authorized-keys-path": "bar"} err := common.FinalizeAuthorizedKeys(testing.Context(c), attrs) c.Assert(err, gc.ErrorMatches, `"authorized-keys" and "authorized-keys-path" may not both be specified`) }