// NewLoggerAPI creates a new server-side logger API end point.
func NewLoggerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*LoggerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &LoggerAPI{state: st, resources: resources, authorizer: authorizer}, nil
}
// NewAPI returns an object implementing an agent API
// with the given authorizer representing the currently logged in client.
func NewAPI(st *state.State, resources *common.Resources, auth common.Authorizer) (*API, error) {
// Agents are defined to be any user that's not a client user.
if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() {
return nil, common.ErrPerm
}
getCanChange := func() (common.AuthFunc, error) {
return auth.AuthOwner, nil
}
return &API{
PasswordChanger: common.NewPasswordChanger(st, getCanChange),
st: st,
auth: auth,
}, nil
}
// NewRsyslogAPI creates a new instance of the Rsyslog API.
func NewRsyslogAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*RsyslogAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
// Can always watch for environ changes.
getCanWatch := common.AuthAlways(true)
// Does not get the secrets.
getCanReadSecrets := common.AuthAlways(false)
return &RsyslogAPI{
EnvironWatcher: common.NewEnvironWatcher(st, resources, getCanWatch, getCanReadSecrets),
st: st,
authorizer: authorizer,
resources: resources,
canModify: authorizer.AuthEnvironManager(),
StateAddresser: common.NewStateAddresser(st),
}, nil
}
// NewUnitUpgraderAPI creates a new server-side UnitUpgraderAPI facade.
func NewUnitUpgraderAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*UnitUpgraderAPI, error) {
if !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
getCanWrite := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &UnitUpgraderAPI{
ToolsSetter: common.NewToolsSetter(st, getCanWrite),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}
// NewUniterAPI creates a new instance of the Uniter API.
func NewUniterAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*UniterAPI, error) {
if !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
accessUnit := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
accessService := func() (common.AuthFunc, error) {
unit, ok := authorizer.GetAuthEntity().(*state.Unit)
if !ok {
panic("authenticated entity is not a unit")
}
return func(tag string) bool {
return tag == names.NewServiceTag(unit.ServiceName()).String()
}, nil
}
accessUnitOrService := common.AuthEither(accessUnit, accessService)
// Uniter can always watch for environ changes.
getCanWatch := common.AuthAlways(true)
// Uniter can not get the secrets.
getCanReadSecrets := common.AuthAlways(false)
return &UniterAPI{
LifeGetter: common.NewLifeGetter(st, accessUnitOrService),
StatusSetter: common.NewStatusSetter(st, accessUnit),
DeadEnsurer: common.NewDeadEnsurer(st, accessUnit),
AgentEntityWatcher: common.NewAgentEntityWatcher(st, resources, accessUnitOrService),
APIAddresser: common.NewAPIAddresser(st, resources),
EnvironWatcher: common.NewEnvironWatcher(st, resources, getCanWatch, getCanReadSecrets),
st: st,
auth: authorizer,
resources: resources,
accessUnit: accessUnit,
accessService: accessService,
}, nil
}
func isAgent(auth common.Authorizer) bool {
return auth.AuthMachineAgent() || auth.AuthUnitAgent()
}