func (s *modelManagerBaseSuite) setAPIUser(c *gc.C, user names.UserTag) {
s.authoriser.Tag = user
modelmanager, err := modelmanager.NewModelManagerAPI(
modelmanager.NewStateBackend(s.State), s.authoriser,
)
c.Assert(err, jc.ErrorIsNil)
s.modelmanager = modelmanager
}
func (s *modelManagerSuite) TestNewAPIRefusesNonClient(c *gc.C) {
anAuthoriser := s.authoriser
anAuthoriser.Tag = names.NewUnitTag("mysql/0")
endPoint, err := modelmanager.NewModelManagerAPI(
modelmanager.NewStateBackend(s.State), anAuthoriser,
)
c.Assert(endPoint, gc.IsNil)
c.Assert(err, gc.ErrorMatches, "permission denied")
}
func (s *modelManagerSuite) TestNewAPIAcceptsClient(c *gc.C) {
anAuthoriser := s.authoriser
anAuthoriser.Tag = names.NewUserTag("external@remote")
endPoint, err := modelmanager.NewModelManagerAPI(
modelmanager.NewStateBackend(s.State), anAuthoriser,
)
c.Assert(err, jc.ErrorIsNil)
c.Assert(endPoint, gc.NotNil)
}
// AddUser adds a user with a username, and either a password or
// a randomly generated secret key which will be returned.
func (api *UserManagerAPI) AddUser(args params.AddUsers) (params.AddUserResults, error) {
result := params.AddUserResults{
Results: make([]params.AddUserResult, len(args.Users)),
}
if err := api.check.ChangeAllowed(); err != nil {
return result, errors.Trace(err)
}
if len(args.Users) == 0 {
return result, nil
}
if !api.isAdmin {
return result, common.ErrPerm
}
for i, arg := range args.Users {
var user *state.User
var err error
if arg.Password != "" {
user, err = api.state.AddUser(arg.Username, arg.DisplayName, arg.Password, api.apiUser.Id())
} else {
user, err = api.state.AddUserWithSecretKey(arg.Username, arg.DisplayName, api.apiUser.Id())
}
if err != nil {
err = errors.Annotate(err, "failed to create user")
result.Results[i].Error = common.ServerError(err)
continue
} else {
result.Results[i] = params.AddUserResult{
Tag: user.Tag().String(),
SecretKey: user.SecretKey(),
}
}
if len(arg.SharedModelTags) > 0 {
modelAccess, err := modelmanager.FromModelAccessParam(arg.ModelAccess)
if err != nil {
err = errors.Annotatef(err, "user %q created but models not shared", arg.Username)
result.Results[i].Error = common.ServerError(err)
continue
}
userTag := user.Tag().(names.UserTag)
for _, modelTagStr := range arg.SharedModelTags {
modelTag, err := names.ParseModelTag(modelTagStr)
if err != nil {
err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr)
result.Results[i].Error = common.ServerError(err)
break
}
err = modelmanager.ChangeModelAccess(
modelmanager.NewStateBackend(api.state), modelTag, api.apiUser,
userTag, params.GrantModelAccess, modelAccess, api.isAdmin)
if err != nil {
err = errors.Annotatef(err, "user %q created but model %q not shared", arg.Username, modelTagStr)
result.Results[i].Error = common.ServerError(err)
break
}
}
}
}
return result, nil
}
