func (s *keyManagerSuite) TestDeleteKeys(c *gc.C) { key1 := sshtesting.ValidKeyOne.Key + " user@host" key2 := sshtesting.ValidKeyTwo.Key initialKeys := []string{key1, key2, "bad key"} s.setAuthorisedKeys(c, strings.Join(initialKeys, "\n")) args := params.ModifyUserSSHKeys{ User: state.AdminUser, Keys: []string{sshtesting.ValidKeyTwo.Fingerprint, sshtesting.ValidKeyThree.Fingerprint, "invalid-key"}, } results, err := s.keymanager.DeleteKeys(args) c.Assert(err, gc.IsNil) c.Assert(results, gc.DeepEquals, params.ErrorResults{ Results: []params.ErrorResult{ {Error: nil}, {Error: apiservertesting.ServerError("invalid ssh key: " + sshtesting.ValidKeyThree.Fingerprint)}, {Error: apiservertesting.ServerError("invalid ssh key: invalid-key")}, }, }) s.assertEnvironKeys(c, []string{"bad key", key1}) }
func (s *keyManagerSuite) TestAddKeys(c *gc.C) { key1 := sshtesting.ValidKeyOne.Key + " user@host" key2 := sshtesting.ValidKeyTwo.Key initialKeys := []string{key1, key2, "bad key"} s.setAuthorisedKeys(c, strings.Join(initialKeys, "\n")) newKey := sshtesting.ValidKeyThree.Key + " newuser@host" args := params.ModifyUserSSHKeys{ User: state.AdminUser, Keys: []string{key2, newKey, "invalid-key"}, } results, err := s.keymanager.AddKeys(args) c.Assert(err, gc.IsNil) c.Assert(results, gc.DeepEquals, params.ErrorResults{ Results: []params.ErrorResult{ {Error: apiservertesting.ServerError(fmt.Sprintf("duplicate ssh key: %s", key2))}, {Error: nil}, {Error: apiservertesting.ServerError("invalid ssh key: invalid-key")}, }, }) s.assertEnvironKeys(c, append(initialKeys, newKey)) }
// Because at present all user are admins problems could be caused by allowing // users to change other users passwords. For the time being we only allow // the password of the current user to be changed func (s *userManagerSuite) TestSetPasswordOnDifferentUser(c *gc.C) { s.Factory.MakeUser(factory.UserParams{Username: "******"}) args := params.ModifyUsers{ Changes: []params.ModifyUser{{ Username: "******", DisplayName: "Foo Bar", Password: "******", }}} results, err := s.usermanager.SetPassword(args) c.Assert(err, gc.IsNil) c.Assert(results.Results, gc.HasLen, 1) expectedError := apiservertesting.ServerError("Can only change the password of the current user (admin)") c.Assert(results.Results[0], gc.DeepEquals, params.ErrorResult{Error: expectedError}) }
func (s *keyManagerSuite) TestImportKeys(c *gc.C) { s.PatchValue(&keymanager.RunSSHImportId, keymanagertesting.FakeImport) key1 := sshtesting.ValidKeyOne.Key + " user@host" key2 := sshtesting.ValidKeyTwo.Key key3 := sshtesting.ValidKeyThree.Key initialKeys := []string{key1, key2, "bad key"} s.setAuthorisedKeys(c, strings.Join(initialKeys, "\n")) args := params.ModifyUserSSHKeys{ User: state.AdminUser, Keys: []string{"lp:existing", "lp:validuser", "invalid-key"}, } results, err := s.keymanager.ImportKeys(args) c.Assert(err, gc.IsNil) c.Assert(results, gc.DeepEquals, params.ErrorResults{ Results: []params.ErrorResult{ {Error: apiservertesting.ServerError(fmt.Sprintf("duplicate ssh key: %s", key2))}, {Error: nil}, {Error: apiservertesting.ServerError("invalid ssh key id: invalid-key")}, }, }) s.assertEnvironKeys(c, append(initialKeys, key3)) }
// Since removing a user just deacitvates them you cannot add a user // that has been previously been removed // TODO(mattyw) 2014-03-07 bug #1288745 func (s *userManagerSuite) TestCannotAddRemoveAdd(c *gc.C) { removeArg := params.Entity{ Tag: "foobar", } args := params.ModifyUsers{ Changes: []params.ModifyUser{{ Username: "******", DisplayName: "Foo Bar", Password: "******", }}} removeArgs := params.Entities{Entities: []params.Entity{removeArg}} _, err := s.usermanager.AddUser(args) c.Assert(err, gc.IsNil) _, err = s.usermanager.RemoveUser(removeArgs) c.Assert(err, gc.IsNil) _, err = s.State.User("addremove") result, err := s.usermanager.AddUser(args) expectedError := apiservertesting.ServerError("failed to create user: user already exists") c.Assert(result, gc.DeepEquals, params.ErrorResults{ Results: []params.ErrorResult{ params.ErrorResult{expectedError}}}) }
func (s *uniterSuite) TestReadRemoteSettings(c *gc.C) { rel := s.addRelation(c, "wordpress", "mysql") relUnit, err := rel.Unit(s.wordpressUnit) c.Assert(err, gc.IsNil) settings := map[string]interface{}{ "some": "settings", } err = relUnit.EnterScope(settings) c.Assert(err, gc.IsNil) s.assertInScope(c, relUnit, true) // First test most of the invalid args tests and try to read the // (unset) remote unit settings. args := params.RelationUnitPairs{RelationUnitPairs: []params.RelationUnitPair{ {Relation: "relation-42", LocalUnit: "unit-foo-0", RemoteUnit: "foo"}, {Relation: rel.Tag(), LocalUnit: "unit-wordpress-0", RemoteUnit: "unit-wordpress-0"}, {Relation: rel.Tag(), LocalUnit: "unit-wordpress-0", RemoteUnit: "unit-mysql-0"}, {Relation: "relation-42", LocalUnit: "unit-wordpress-0", RemoteUnit: ""}, {Relation: "relation-foo", LocalUnit: "", RemoteUnit: ""}, {Relation: "service-wordpress", LocalUnit: "unit-foo-0", RemoteUnit: "user-admin"}, {Relation: "foo", LocalUnit: "bar", RemoteUnit: "baz"}, {Relation: rel.Tag(), LocalUnit: "unit-mysql-0", RemoteUnit: "unit-wordpress-0"}, {Relation: rel.Tag(), LocalUnit: "service-wordpress", RemoteUnit: "service-mysql"}, {Relation: rel.Tag(), LocalUnit: "service-mysql", RemoteUnit: "foo"}, {Relation: rel.Tag(), LocalUnit: "user-admin", RemoteUnit: "unit-wordpress-0"}, }} result, err := s.uniter.ReadRemoteSettings(args) // We don't set the remote unit settings on purpose to test the error. expectErr := `cannot read settings for unit "mysql/0" in relation "wordpress:db mysql:server": settings not found` c.Assert(err, gc.IsNil) c.Assert(result, jc.DeepEquals, params.RelationSettingsResults{ Results: []params.RelationSettingsResult{ {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ServerError(expectErr)}, {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ErrUnauthorized}, {Error: apiservertesting.ErrUnauthorized}, }, }) // Now leave the mysqlUnit and re-enter with new settings. relUnit, err = rel.Unit(s.mysqlUnit) c.Assert(err, gc.IsNil) settings = map[string]interface{}{ "other": "things", } err = relUnit.LeaveScope() c.Assert(err, gc.IsNil) s.assertInScope(c, relUnit, false) err = relUnit.EnterScope(settings) c.Assert(err, gc.IsNil) s.assertInScope(c, relUnit, true) // Test the remote unit settings can be read. args = params.RelationUnitPairs{RelationUnitPairs: []params.RelationUnitPair{{ Relation: rel.Tag(), LocalUnit: "unit-wordpress-0", RemoteUnit: "unit-mysql-0", }}} expect := params.RelationSettingsResults{ Results: []params.RelationSettingsResult{ {Settings: params.RelationSettings{ "other": "things", }}, }, } result, err = s.uniter.ReadRemoteSettings(args) c.Assert(err, gc.IsNil) c.Assert(result, gc.DeepEquals, expect) // Now destroy the remote unit, and check its settings can still be read. err = s.mysqlUnit.Destroy() c.Assert(err, gc.IsNil) err = s.mysqlUnit.EnsureDead() c.Assert(err, gc.IsNil) err = s.mysqlUnit.Remove() c.Assert(err, gc.IsNil) result, err = s.uniter.ReadRemoteSettings(args) c.Assert(err, gc.IsNil) c.Assert(result, gc.DeepEquals, expect) }