func newUndertakerAPI(st State, resources facade.Resources, authorizer facade.Authorizer) (*UndertakerAPI, error) { if !authorizer.AuthMachineAgent() || !authorizer.AuthModelManager() { return nil, common.ErrPerm } model, err := st.Model() if err != nil { return nil, errors.Trace(err) } getCanModifyModel := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { if st.IsController() { return true } // Only the agent's model can be modified. modelTag, ok := tag.(names.ModelTag) if !ok { return false } return modelTag.Id() == model.UUID() }, nil } return &UndertakerAPI{ st: st, resources: resources, StatusSetter: common.NewStatusSetter(st, getCanModifyModel), }, nil }
// NewMetricsManagerAPI creates a new API endpoint for calling metrics manager functions. func NewMetricsManagerAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, clock clock.Clock, ) (*MetricsManagerAPI, error) { if !(authorizer.AuthMachineAgent() && authorizer.AuthModelManager()) { return nil, common.ErrPerm } // Allow access only to the current environment. accessEnviron := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { if tag == nil { return false } return tag == st.ModelTag() }, nil } return &MetricsManagerAPI{ state: st, accessEnviron: accessEnviron, clock: clock, }, nil }
// NewUpgraderAPI creates a new server-side UpgraderAPI facade. func NewUpgraderAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*UpgraderAPI, error) { if !authorizer.AuthMachineAgent() { return nil, common.ErrPerm } getCanReadWrite := func() (common.AuthFunc, error) { return authorizer.AuthOwner, nil } env, err := st.Model() if err != nil { return nil, err } urlGetter := common.NewToolsURLGetter(env.UUID(), st) configGetter := stateenvirons.EnvironConfigGetter{st} return &UpgraderAPI{ ToolsGetter: common.NewToolsGetter(st, configGetter, st, urlGetter, getCanReadWrite), ToolsSetter: common.NewToolsSetter(st, getCanReadWrite), st: st, resources: resources, authorizer: authorizer, }, nil }
// NewClient creates a new instance of the Client Facade. func NewClient( st Backend, modelConfigAPI *modelconfig.ModelConfigAPI, resources facade.Resources, authorizer facade.Authorizer, statusSetter *common.StatusSetter, toolsFinder *common.ToolsFinder, newEnviron func() (environs.Environ, error), blockChecker *common.BlockChecker, ) (*Client, error) { if !authorizer.AuthClient() { return nil, common.ErrPerm } client := &Client{ modelConfigAPI, &API{ stateAccessor: st, auth: authorizer, resources: resources, statusSetter: statusSetter, toolsFinder: toolsFinder, }, newEnviron, blockChecker, } return client, nil }
// NewLogForwardingAPI creates a new server-side logger API end point. func NewLogForwardingAPI(st LogForwardingState, auth facade.Authorizer) (*LogForwardingAPI, error) { if !auth.AuthMachineAgent() { // the controller's machine agent return nil, common.ErrPerm } api := &LogForwardingAPI{ state: st, } return api, nil }
// NewFacade creates a new authorized Facade. func NewFacade(backend Backend, res facade.Resources, auth facade.Authorizer) (*Facade, error) { if !auth.AuthModelManager() { return nil, common.ErrPerm } return &Facade{ backend: backend, resources: res, }, nil }
// New creates a Facade backed by backend and resources. If auth // doesn't identity the client as a machine agent or a unit agent, // it will return common.ErrPerm. func New(backend Backend, resources facade.Resources, auth facade.Authorizer) (*Facade, error) { if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() { return nil, common.ErrPerm } return &Facade{ backend: backend, resources: resources, }, nil }
// NewInstancePollerAPI creates a new server-side InstancePoller API // facade. func NewInstancePollerAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, clock clock.Clock, ) (*InstancePollerAPI, error) { if !authorizer.AuthModelManager() { // InstancePoller must run as environment manager. return nil, common.ErrPerm } accessMachine := common.AuthFuncForTagKind(names.MachineTagKind) sti := getState(st) // Life() is supported for machines. lifeGetter := common.NewLifeGetter( sti, accessMachine, ) // ModelConfig() and WatchForModelConfigChanges() are allowed // with unrestriced access. modelWatcher := common.NewModelWatcher( sti, resources, authorizer, ) // WatchModelMachines() is allowed with unrestricted access. machinesWatcher := common.NewModelMachinesWatcher( sti, resources, authorizer, ) // InstanceId() is supported for machines. instanceIdGetter := common.NewInstanceIdGetter( sti, accessMachine, ) // Status() is supported for machines. statusGetter := common.NewStatusGetter( sti, accessMachine, ) return &InstancePollerAPI{ LifeGetter: lifeGetter, ModelWatcher: modelWatcher, ModelMachinesWatcher: machinesWatcher, InstanceIdGetter: instanceIdGetter, StatusGetter: statusGetter, st: sti, resources: resources, authorizer: authorizer, accessMachine: accessMachine, clock: clock, }, nil }
// NewFacade returns a singular-controller API facade, backed by the supplied // state, so long as the authorizer represents a controller machine. func NewFacade(backend Backend, auth facade.Authorizer) (*Facade, error) { if !auth.AuthModelManager() { return nil, common.ErrPerm } return &Facade{ auth: auth, model: backend.ModelTag(), claimer: backend.SingularClaimer(), }, nil }
func NewDiscoverSpacesAPIWithBacking(st networkingcommon.NetworkBacking, resources facade.Resources, authorizer facade.Authorizer) (*DiscoverSpacesAPI, error) { if !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &DiscoverSpacesAPI{ st: st, authorizer: authorizer, resources: resources, }, nil }
// NewAPIWithBacking creates a new server-side API facade with the given Backing. func NewAPIWithBacking(st Backend, resources facade.Resources, authorizer facade.Authorizer) (*ProxyUpdaterAPI, error) { if !(authorizer.AuthMachineAgent() || authorizer.AuthUnitAgent()) { return &ProxyUpdaterAPI{}, common.ErrPerm } return &ProxyUpdaterAPI{ backend: st, resources: resources, authorizer: authorizer, }, nil }
// NewLoggerAPI creates a new server-side logger API end point. func NewLoggerAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*LoggerAPI, error) { if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() { return nil, common.ErrPerm } return &LoggerAPI{state: st, resources: resources, authorizer: authorizer}, nil }
// newAPIWithBacking creates a new server-side Spaces API facade with // the given Backing. func newAPIWithBacking(backing networkingcommon.NetworkBacking, resources facade.Resources, authorizer facade.Authorizer) (API, error) { // Only clients can access the Spaces facade. if !authorizer.AuthClient() { return nil, common.ErrPerm } return &spacesAPI{ backing: backing, resources: resources, authorizer: authorizer, }, nil }
// NewCharmRevisionUpdaterAPI creates a new server-side charmrevisionupdater API end point. func NewCharmRevisionUpdaterAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*CharmRevisionUpdaterAPI, error) { if !authorizer.AuthMachineAgent() && !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &CharmRevisionUpdaterAPI{ state: st, resources: resources, authorizer: authorizer}, nil }
// NewModelConfigAPI creates a new instance of the ModelConfig Facade. func NewModelConfigAPI(backend Backend, authorizer facade.Authorizer) (*ModelConfigAPI, error) { if !authorizer.AuthClient() { return nil, common.ErrPerm } client := &ModelConfigAPI{ backend: backend, auth: authorizer, check: common.NewBlockChecker(backend), } return client, nil }
// NewHighAvailabilityAPI creates a new server-side highavailability API end point. func NewHighAvailabilityAPI(st *state.State, resources facade.Resources, authorizer facade.Authorizer) (*HighAvailabilityAPI, error) { // Only clients and environment managers can access the high availability service. if !authorizer.AuthClient() && !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &HighAvailabilityAPI{ state: st, resources: resources, authorizer: authorizer, }, nil }
// NewImageManagerAPI creates a new server-side imagemanager API end point. func NewImageManagerAPI(st *state.State, resources facade.Resources, authorizer facade.Authorizer) (*ImageManagerAPI, error) { // Only clients can access the image manager service. if !authorizer.AuthClient() { return nil, common.ErrPerm } return &ImageManagerAPI{ state: getState(st), resources: resources, authorizer: authorizer, check: common.NewBlockChecker(st), }, nil }
func checkAuth(authorizer facade.Authorizer, st *state.State) error { if !authorizer.AuthClient() { return errors.Trace(common.ErrPerm) } if isAdmin, err := authorizer.HasPermission(permission.SuperuserAccess, st.ControllerTag()); err != nil { return errors.Trace(err) } else if !isAdmin { // The entire facade is only accessible to controller administrators. return errors.Trace(common.ErrPerm) } return nil }
// NewCleanerAPI creates a new instance of the Cleaner API. func NewCleanerAPI( st *state.State, res facade.Resources, authorizer facade.Authorizer, ) (*CleanerAPI, error) { if !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &CleanerAPI{ st: getState(st), resources: res, }, nil }
// NewLeadershipService constructs a new LeadershipService. func NewLeadershipService( claimer leadership.Claimer, authorizer facade.Authorizer, ) (LeadershipService, error) { if !authorizer.AuthUnitAgent() { return nil, errors.Unauthorizedf("permission denied") } return &leadershipService{ claimer: claimer, authorizer: authorizer, }, nil }
// NewMetricsDebugAPI creates a new API endpoint for calling metrics debug functions. func NewMetricsDebugAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*MetricsDebugAPI, error) { if !authorizer.AuthClient() { return nil, common.ErrPerm } return &MetricsDebugAPI{ state: st, }, nil }
// NewFacade creates a new server-side machineactions API end point. func NewFacade( backend Backend, resources facade.Resources, authorizer facade.Authorizer, ) (*Facade, error) { if !authorizer.AuthMachineAgent() { return nil, common.ErrPerm } return &Facade{ backend: backend, resources: resources, accessMachine: authorizer.AuthOwner, }, nil }
// NewAPI implements the API used by the machine undertaker worker to // find out what provider-level resources need to be cleaned up when a // machine goes away. func NewAPI(backend Backend, resources facade.Resources, authorizer facade.Authorizer) (*API, error) { if !authorizer.AuthModelManager() { return nil, errors.Trace(common.ErrPerm) } api := &API{ backend: backend, resources: resources, canManageModel: func(modelUUID string) bool { return modelUUID == authorizer.ConnectedModel() }, } return api, nil }
// NewMetricsAdderAPI creates a new API endpoint for adding metrics to state. func NewMetricsAdderAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*MetricsAdderAPI, error) { // TODO(cmars): remove unit agent auth, once worker/metrics/sender manifold // can be righteously relocated to machine agent. if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() { return nil, common.ErrPerm } return &MetricsAdderAPI{ state: st, }, nil }
// NewAPI creates a new API server endpoint for the model migration // master worker. func NewAPI( backend Backend, resources facade.Resources, authorizer facade.Authorizer, ) (*API, error) { if !(authorizer.AuthMachineAgent() || authorizer.AuthUnitAgent()) { return nil, common.ErrPerm } return &API{ backend: backend, authorizer: authorizer, resources: resources, }, nil }
// NewAPI returns a new block API facade. func NewAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*API, error) { if !authorizer.AuthClient() { return nil, common.ErrPerm } return &API{ access: getState(st), authorizer: authorizer, }, nil }
// NewKeyUpdaterAPI creates a new server-side keyupdater API end point. func NewKeyUpdaterAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*KeyUpdaterAPI, error) { // Only machine agents have access to the keyupdater service. if !authorizer.AuthMachineAgent() { return nil, common.ErrPerm } // No-one else except the machine itself can only read a machine's own credentials. getCanRead := func() (common.AuthFunc, error) { return authorizer.AuthOwner, nil } return &KeyUpdaterAPI{state: st, resources: resources, authorizer: authorizer, getCanRead: getCanRead}, nil }
// createAPI returns a new image metadata API facade. func createAPI( st metadataAcess, newEnviron func() (environs.Environ, error), resources facade.Resources, authorizer facade.Authorizer, ) (*API, error) { if !authorizer.AuthClient() && !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &API{ metadata: st, newEnviron: newEnviron, authorizer: authorizer, }, nil }
// NewAPI returns a new application API facade. func NewAPI( backend Backend, authorizer facade.Authorizer, blockChecker BlockChecker, stateCharm func(Charm) *state.Charm, ) (*API, error) { if !authorizer.AuthClient() { return nil, common.ErrPerm } return &API{ backend: backend, authorizer: authorizer, check: blockChecker, stateCharm: stateCharm, }, nil }
// NewRetryStrategyAPI creates a new API endpoint for getting retry strategies. func NewRetryStrategyAPI( st *state.State, resources facade.Resources, authorizer facade.Authorizer, ) (*RetryStrategyAPI, error) { if !authorizer.AuthUnitAgent() { return nil, common.ErrPerm } return &RetryStrategyAPI{ st: st, accessUnit: func() (common.AuthFunc, error) { return authorizer.AuthOwner, nil }, resources: resources, }, nil }