func (*removeSuite) TestRemove(c *gc.C) {
st := &fakeState{
entities: map[names.Tag]entityWithError{
u("x/0"): &fakeRemover{life: state.Dying, errEnsureDead: fmt.Errorf("x0 EnsureDead fails")},
u("x/1"): &fakeRemover{life: state.Dying, errRemove: fmt.Errorf("x1 Remove fails")},
u("x/2"): &fakeRemover{life: state.Alive},
u("x/3"): &fakeRemover{life: state.Dying},
u("x/4"): &fakeRemover{life: state.Dead},
u("x/5"): &fakeRemover{fetchError: "x5 error"},
},
}
getCanModify := func() (common.AuthFunc, error) {
u0 := u("x/0")
u1 := u("x/1")
u2 := u("x/2")
u3 := u("x/3")
u5 := u("x/5")
return func(tag names.Tag) bool {
return tag == u0 || tag == u1 || tag == u2 || tag == u3 || tag == u5
}, nil
}
r := common.NewRemover(st, true, getCanModify)
entities := params.Entities{[]params.Entity{
{"unit-x-0"}, {"unit-x-1"}, {"unit-x-2"}, {"unit-x-3"}, {"unit-x-4"}, {"unit-x-5"}, {"unit-x-6"},
}}
result, err := r.Remove(entities)
c.Assert(err, gc.IsNil)
c.Assert(result, gc.DeepEquals, params.ErrorResults{
Results: []params.ErrorResult{
{¶ms.Error{Message: "x0 EnsureDead fails"}},
{¶ms.Error{Message: "x1 Remove fails"}},
{¶ms.Error{Message: `cannot remove entity "unit-x-2": still alive`}},
{nil},
{apiservertesting.ErrUnauthorized},
{¶ms.Error{Message: "x5 error"}},
{apiservertesting.ErrUnauthorized},
},
})
// Make sure when callEnsureDead is false EnsureDead() doesn't
// get called.
r = common.NewRemover(st, false, getCanModify)
entities = params.Entities{[]params.Entity{{"unit-x-0"}, {"unit-x-1"}}}
result, err = r.Remove(entities)
c.Assert(err, gc.IsNil)
c.Assert(result, gc.DeepEquals, params.ErrorResults{
Results: []params.ErrorResult{
{nil},
{¶ms.Error{Message: "x1 Remove fails"}},
},
})
}
// NewAddresserAPI creates a new server-side Addresser API facade.
func NewAddresserAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*AddresserAPI, error) {
isEnvironManager := authorizer.AuthEnvironManager()
if !isEnvironManager {
// Addresser must run as environment manager.
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
return func(tag names.Tag) bool {
return isEnvironManager
}, nil
}
sti := getState(st)
return &AddresserAPI{
EnvironWatcher: common.NewEnvironWatcher(sti, resources, authorizer),
LifeGetter: common.NewLifeGetter(sti, getAuthFunc),
Remover: common.NewRemover(sti, false, getAuthFunc),
st: sti,
resources: resources,
authorizer: authorizer,
}, nil
}
func (*removeSuite) TestRemoveError(c *gc.C) {
getCanModify := func() (common.AuthFunc, error) {
return nil, fmt.Errorf("pow")
}
r := common.NewRemover(&fakeState{}, true, getCanModify)
_, err := r.Remove(params.Entities{[]params.Entity{{"x0"}}})
c.Assert(err, gc.ErrorMatches, "pow")
}
func (*removeSuite) TestRemoveNoArgsNoError(c *gc.C) {
getCanModify := func() (common.AuthFunc, error) {
return nil, fmt.Errorf("pow")
}
r := common.NewRemover(&fakeState{}, true, getCanModify)
result, err := r.Remove(params.Entities{})
c.Assert(err, gc.IsNil)
c.Assert(result.Results, gc.HasLen, 0)
}
// NewProvisionerAPI creates a new server-side ProvisionerAPI facade.
func NewProvisionerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*ProvisionerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
isEnvironManager := authorizer.AuthEnvironManager()
isMachineAgent := authorizer.AuthMachineAgent()
authEntityTag := authorizer.GetAuthTag()
return func(tag names.Tag) bool {
if isMachineAgent && tag == authEntityTag {
// A machine agent can always access its own machine.
return true
}
switch tag := tag.(type) {
case names.MachineTag:
parentId := state.ParentId(tag.Id())
if parentId == "" {
// All top-level machines are accessible by the
// environment manager.
return isEnvironManager
}
// All containers with the authenticated machine as a
// parent are accessible by it.
// TODO(dfc) sometimes authEntity tag is nil, which is fine because nil is
// only equal to nil, but it suggests someone is passing an authorizer
// with a nil tag.
return isMachineAgent && names.NewMachineTag(parentId) == authEntityTag
default:
return false
}
}, nil
}
env, err := st.Environment()
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(env.UUID(), st)
return &ProvisionerAPI{
Remover: common.NewRemover(st, false, getAuthFunc),
StatusSetter: common.NewStatusSetter(st, getAuthFunc),
StatusGetter: common.NewStatusGetter(st, getAuthFunc),
DeadEnsurer: common.NewDeadEnsurer(st, getAuthFunc),
PasswordChanger: common.NewPasswordChanger(st, getAuthFunc),
LifeGetter: common.NewLifeGetter(st, getAuthFunc),
StateAddresser: common.NewStateAddresser(st),
APIAddresser: common.NewAPIAddresser(st, resources),
EnvironWatcher: common.NewEnvironWatcher(st, resources, authorizer),
EnvironMachinesWatcher: common.NewEnvironMachinesWatcher(st, resources, authorizer),
InstanceIdGetter: common.NewInstanceIdGetter(st, getAuthFunc),
ToolsFinder: common.NewToolsFinder(st, st, urlGetter),
st: st,
resources: resources,
authorizer: authorizer,
getAuthFunc: getAuthFunc,
}, nil
}
// NewDeployerAPI creates a new server-side DeployerAPI facade.
func NewDeployerAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*DeployerAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
// Get all units of the machine and cache them.
thisMachineTag := authorizer.GetAuthTag()
units, err := getAllUnits(st, thisMachineTag)
if err != nil {
return nil, err
}
// Then we just check if the unit is already known.
return func(tag names.Tag) bool {
for _, unit := range units {
// TODO (thumper): remove the names.Tag conversion when gccgo
// implements concrete-type-to-interface comparison correctly.
if names.Tag(names.NewUnitTag(unit)) == tag {
return true
}
}
return false
}, nil
}
getCanWatch := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &DeployerAPI{
Remover: common.NewRemover(st, true, getAuthFunc),
PasswordChanger: common.NewPasswordChanger(st, getAuthFunc),
LifeGetter: common.NewLifeGetter(st, getAuthFunc),
StateAddresser: common.NewStateAddresser(st),
APIAddresser: common.NewAPIAddresser(st, resources),
UnitsWatcher: common.NewUnitsWatcher(st, resources, getCanWatch),
StatusSetter: common.NewStatusSetter(st, getAuthFunc),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}
