func newUndertakerAPI(st State, resources facade.Resources, authorizer facade.Authorizer) (*UndertakerAPI, error) {
if !authorizer.AuthMachineAgent() || !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
model, err := st.Model()
if err != nil {
return nil, errors.Trace(err)
}
getCanModifyModel := func() (common.AuthFunc, error) {
return func(tag names.Tag) bool {
if st.IsController() {
return true
}
// Only the agent's model can be modified.
modelTag, ok := tag.(names.ModelTag)
if !ok {
return false
}
return modelTag.Id() == model.UUID()
}, nil
}
return &UndertakerAPI{
st: st,
resources: resources,
StatusSetter: common.NewStatusSetter(st, getCanModifyModel),
}, nil
}
// NewMetricsManagerAPI creates a new API endpoint for calling metrics manager functions.
func NewMetricsManagerAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
clock clock.Clock,
) (*MetricsManagerAPI, error) {
if !(authorizer.AuthMachineAgent() && authorizer.AuthModelManager()) {
return nil, common.ErrPerm
}
// Allow access only to the current environment.
accessEnviron := func() (common.AuthFunc, error) {
return func(tag names.Tag) bool {
if tag == nil {
return false
}
return tag == st.ModelTag()
}, nil
}
return &MetricsManagerAPI{
state: st,
accessEnviron: accessEnviron,
clock: clock,
}, nil
}
// NewUpgraderAPI creates a new server-side UpgraderAPI facade.
func NewUpgraderAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*UpgraderAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getCanReadWrite := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
env, err := st.Model()
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(env.UUID(), st)
configGetter := stateenvirons.EnvironConfigGetter{st}
return &UpgraderAPI{
ToolsGetter: common.NewToolsGetter(st, configGetter, st, urlGetter, getCanReadWrite),
ToolsSetter: common.NewToolsSetter(st, getCanReadWrite),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}
// NewClient creates a new instance of the Client Facade.
func NewClient(
st Backend,
modelConfigAPI *modelconfig.ModelConfigAPI,
resources facade.Resources,
authorizer facade.Authorizer,
statusSetter *common.StatusSetter,
toolsFinder *common.ToolsFinder,
newEnviron func() (environs.Environ, error),
blockChecker *common.BlockChecker,
) (*Client, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
client := &Client{
modelConfigAPI,
&API{
stateAccessor: st,
auth: authorizer,
resources: resources,
statusSetter: statusSetter,
toolsFinder: toolsFinder,
},
newEnviron,
blockChecker,
}
return client, nil
}
// NewLogForwardingAPI creates a new server-side logger API end point.
func NewLogForwardingAPI(st LogForwardingState, auth facade.Authorizer) (*LogForwardingAPI, error) {
if !auth.AuthMachineAgent() { // the controller's machine agent
return nil, common.ErrPerm
}
api := &LogForwardingAPI{
state: st,
}
return api, nil
}
// NewFacade creates a new authorized Facade.
func NewFacade(backend Backend, res facade.Resources, auth facade.Authorizer) (*Facade, error) {
if !auth.AuthModelManager() {
return nil, common.ErrPerm
}
return &Facade{
backend: backend,
resources: res,
}, nil
}
// New creates a Facade backed by backend and resources. If auth
// doesn't identity the client as a machine agent or a unit agent,
// it will return common.ErrPerm.
func New(backend Backend, resources facade.Resources, auth facade.Authorizer) (*Facade, error) {
if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &Facade{
backend: backend,
resources: resources,
}, nil
}
// NewInstancePollerAPI creates a new server-side InstancePoller API
// facade.
func NewInstancePollerAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
clock clock.Clock,
) (*InstancePollerAPI, error) {
if !authorizer.AuthModelManager() {
// InstancePoller must run as environment manager.
return nil, common.ErrPerm
}
accessMachine := common.AuthFuncForTagKind(names.MachineTagKind)
sti := getState(st)
// Life() is supported for machines.
lifeGetter := common.NewLifeGetter(
sti,
accessMachine,
)
// ModelConfig() and WatchForModelConfigChanges() are allowed
// with unrestriced access.
modelWatcher := common.NewModelWatcher(
sti,
resources,
authorizer,
)
// WatchModelMachines() is allowed with unrestricted access.
machinesWatcher := common.NewModelMachinesWatcher(
sti,
resources,
authorizer,
)
// InstanceId() is supported for machines.
instanceIdGetter := common.NewInstanceIdGetter(
sti,
accessMachine,
)
// Status() is supported for machines.
statusGetter := common.NewStatusGetter(
sti,
accessMachine,
)
return &InstancePollerAPI{
LifeGetter: lifeGetter,
ModelWatcher: modelWatcher,
ModelMachinesWatcher: machinesWatcher,
InstanceIdGetter: instanceIdGetter,
StatusGetter: statusGetter,
st: sti,
resources: resources,
authorizer: authorizer,
accessMachine: accessMachine,
clock: clock,
}, nil
}
// NewFacade returns a singular-controller API facade, backed by the supplied
// state, so long as the authorizer represents a controller machine.
func NewFacade(backend Backend, auth facade.Authorizer) (*Facade, error) {
if !auth.AuthModelManager() {
return nil, common.ErrPerm
}
return &Facade{
auth: auth,
model: backend.ModelTag(),
claimer: backend.SingularClaimer(),
}, nil
}
func NewDiscoverSpacesAPIWithBacking(st networkingcommon.NetworkBacking, resources facade.Resources, authorizer facade.Authorizer) (*DiscoverSpacesAPI, error) {
if !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &DiscoverSpacesAPI{
st: st,
authorizer: authorizer,
resources: resources,
}, nil
}
// NewAPIWithBacking creates a new server-side API facade with the given Backing.
func NewAPIWithBacking(st Backend, resources facade.Resources, authorizer facade.Authorizer) (*ProxyUpdaterAPI, error) {
if !(authorizer.AuthMachineAgent() || authorizer.AuthUnitAgent()) {
return &ProxyUpdaterAPI{}, common.ErrPerm
}
return &ProxyUpdaterAPI{
backend: st,
resources: resources,
authorizer: authorizer,
}, nil
}
// NewLoggerAPI creates a new server-side logger API end point.
func NewLoggerAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*LoggerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &LoggerAPI{state: st, resources: resources, authorizer: authorizer}, nil
}
// newAPIWithBacking creates a new server-side Spaces API facade with
// the given Backing.
func newAPIWithBacking(backing networkingcommon.NetworkBacking, resources facade.Resources, authorizer facade.Authorizer) (API, error) {
// Only clients can access the Spaces facade.
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
return &spacesAPI{
backing: backing,
resources: resources,
authorizer: authorizer,
}, nil
}
// NewCharmRevisionUpdaterAPI creates a new server-side charmrevisionupdater API end point.
func NewCharmRevisionUpdaterAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*CharmRevisionUpdaterAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &CharmRevisionUpdaterAPI{
state: st, resources: resources, authorizer: authorizer}, nil
}
// NewModelConfigAPI creates a new instance of the ModelConfig Facade.
func NewModelConfigAPI(backend Backend, authorizer facade.Authorizer) (*ModelConfigAPI, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
client := &ModelConfigAPI{
backend: backend,
auth: authorizer,
check: common.NewBlockChecker(backend),
}
return client, nil
}
// NewHighAvailabilityAPI creates a new server-side highavailability API end point.
func NewHighAvailabilityAPI(st *state.State, resources facade.Resources, authorizer facade.Authorizer) (*HighAvailabilityAPI, error) {
// Only clients and environment managers can access the high availability service.
if !authorizer.AuthClient() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &HighAvailabilityAPI{
state: st,
resources: resources,
authorizer: authorizer,
}, nil
}
// NewImageManagerAPI creates a new server-side imagemanager API end point.
func NewImageManagerAPI(st *state.State, resources facade.Resources, authorizer facade.Authorizer) (*ImageManagerAPI, error) {
// Only clients can access the image manager service.
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
return &ImageManagerAPI{
state: getState(st),
resources: resources,
authorizer: authorizer,
check: common.NewBlockChecker(st),
}, nil
}
func checkAuth(authorizer facade.Authorizer, st *state.State) error {
if !authorizer.AuthClient() {
return errors.Trace(common.ErrPerm)
}
if isAdmin, err := authorizer.HasPermission(permission.SuperuserAccess, st.ControllerTag()); err != nil {
return errors.Trace(err)
} else if !isAdmin {
// The entire facade is only accessible to controller administrators.
return errors.Trace(common.ErrPerm)
}
return nil
}
// NewCleanerAPI creates a new instance of the Cleaner API.
func NewCleanerAPI(
st *state.State,
res facade.Resources,
authorizer facade.Authorizer,
) (*CleanerAPI, error) {
if !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &CleanerAPI{
st: getState(st),
resources: res,
}, nil
}
// NewLeadershipService constructs a new LeadershipService.
func NewLeadershipService(
claimer leadership.Claimer, authorizer facade.Authorizer,
) (LeadershipService, error) {
if !authorizer.AuthUnitAgent() {
return nil, errors.Unauthorizedf("permission denied")
}
return &leadershipService{
claimer: claimer,
authorizer: authorizer,
}, nil
}
// NewMetricsDebugAPI creates a new API endpoint for calling metrics debug functions.
func NewMetricsDebugAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*MetricsDebugAPI, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
return &MetricsDebugAPI{
state: st,
}, nil
}
// NewFacade creates a new server-side machineactions API end point.
func NewFacade(
backend Backend,
resources facade.Resources,
authorizer facade.Authorizer,
) (*Facade, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
return &Facade{
backend: backend,
resources: resources,
accessMachine: authorizer.AuthOwner,
}, nil
}
// NewAPI implements the API used by the machine undertaker worker to
// find out what provider-level resources need to be cleaned up when a
// machine goes away.
func NewAPI(backend Backend, resources facade.Resources, authorizer facade.Authorizer) (*API, error) {
if !authorizer.AuthModelManager() {
return nil, errors.Trace(common.ErrPerm)
}
api := &API{
backend: backend,
resources: resources,
canManageModel: func(modelUUID string) bool {
return modelUUID == authorizer.ConnectedModel()
},
}
return api, nil
}
// NewMetricsAdderAPI creates a new API endpoint for adding metrics to state.
func NewMetricsAdderAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*MetricsAdderAPI, error) {
// TODO(cmars): remove unit agent auth, once worker/metrics/sender manifold
// can be righteously relocated to machine agent.
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &MetricsAdderAPI{
state: st,
}, nil
}
// NewAPI creates a new API server endpoint for the model migration
// master worker.
func NewAPI(
backend Backend,
resources facade.Resources,
authorizer facade.Authorizer,
) (*API, error) {
if !(authorizer.AuthMachineAgent() || authorizer.AuthUnitAgent()) {
return nil, common.ErrPerm
}
return &API{
backend: backend,
authorizer: authorizer,
resources: resources,
}, nil
}
// NewAPI returns a new block API facade.
func NewAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*API, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
return &API{
access: getState(st),
authorizer: authorizer,
}, nil
}
// NewKeyUpdaterAPI creates a new server-side keyupdater API end point.
func NewKeyUpdaterAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*KeyUpdaterAPI, error) {
// Only machine agents have access to the keyupdater service.
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
// No-one else except the machine itself can only read a machine's own credentials.
getCanRead := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &KeyUpdaterAPI{state: st, resources: resources, authorizer: authorizer, getCanRead: getCanRead}, nil
}
// createAPI returns a new image metadata API facade.
func createAPI(
st metadataAcess,
newEnviron func() (environs.Environ, error),
resources facade.Resources,
authorizer facade.Authorizer,
) (*API, error) {
if !authorizer.AuthClient() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &API{
metadata: st,
newEnviron: newEnviron,
authorizer: authorizer,
}, nil
}
// NewAPI returns a new application API facade.
func NewAPI(
backend Backend,
authorizer facade.Authorizer,
blockChecker BlockChecker,
stateCharm func(Charm) *state.Charm,
) (*API, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
return &API{
backend: backend,
authorizer: authorizer,
check: blockChecker,
stateCharm: stateCharm,
}, nil
}
// NewRetryStrategyAPI creates a new API endpoint for getting retry strategies.
func NewRetryStrategyAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*RetryStrategyAPI, error) {
if !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &RetryStrategyAPI{
st: st,
accessUnit: func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
},
resources: resources,
}, nil
}