// OpenState tries to open the state using the given Conf. If
// passwordChanged is returned as true, c.StateInfo.Password has been
// changed, and the caller should write the configuration
// and set the entity's password accordingly (in that order).
func (c *Conf) OpenState() (st *state.State, passwordChanged bool, err error) {
info := *c.StateInfo
if info.Password != "" {
st, err := state.Open(&info)
if err == nil {
return st, false, nil
}
if err != state.ErrUnauthorized {
return nil, false, err
}
// Access isn't authorized even though we have a password
// This can happen if we crash after saving the
// password but before changing it, so we'll try again
// with the old password.
}
info.Password = c.OldPassword
st, err = state.Open(&info)
if err != nil {
return nil, false, err
}
// We've succeeded in connecting with the old password, so
// we can now change it to something more private.
password, err := trivial.RandomPassword()
if err != nil {
st.Close()
return nil, false, err
}
c.StateInfo.Password = password
return st, true, nil
}
func (trivialSuite) TestRandomPassword(c *C) {
p, err := trivial.RandomPassword()
c.Assert(err, IsNil)
if len(p) < 18 {
c.Errorf("password too short: %q", p)
}
// check we're not adding base64 padding.
c.Assert(p[len(p)-1], Not(Equals), '=')
}
func (s *openSuite) TestOpenStateNoPassword(c *C) {
conf := agent.Conf{
StateInfo: s.StateInfo(c),
}
conf.OldPassword = conf.StateInfo.Password
conf.StateInfo.Password = ""
st, changed, err := conf.OpenState()
c.Assert(err, IsNil)
defer st.Close()
c.Assert(changed, Equals, true)
c.Assert(st, NotNil)
p, err := trivial.RandomPassword()
c.Assert(err, IsNil)
c.Assert(conf.StateInfo.Password, HasLen, len(p))
c.Assert(conf.OldPassword, Equals, s.StateInfo(c).Password)
}
// deploy will deploy the supplied unit with the deployer's manager. It will
// panic if it observes inconsistent internal state.
func (d *Deployer) deploy(unit *state.Unit) error {
unitName := unit.Name()
if d.deployed[unit.Name()] {
panic("must not re-deploy a deployed unit")
}
log.Printf("worker/deployer: deploying unit %q", unit)
initialPassword, err := trivial.RandomPassword()
if err != nil {
return err
}
if err := unit.SetMongoPassword(initialPassword); err != nil {
return err
}
if err := d.mgr.DeployUnit(unitName, initialPassword); err != nil {
return err
}
d.deployed[unitName] = true
return nil
}