// NewLoggerAPI creates a new server-side logger API end point.
func NewLoggerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*LoggerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &LoggerAPI{state: st, resources: resources, authorizer: authorizer}, nil
}
// NewCharmRevisionUpdaterAPI creates a new server-side charmrevisionupdater API end point.
func NewCharmRevisionUpdaterAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*CharmRevisionUpdaterAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
return &CharmRevisionUpdaterAPI{
state: st, resources: resources, authorizer: authorizer}, nil
}
// NewAPI returns an object implementing an agent API
// with the given authorizer representing the currently logged in client.
func NewAPI(st *state.State, auth common.Authorizer) (*API, error) {
// Agents are defined to be any user that's not a client user.
if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() {
return nil, common.ErrPerm
}
getCanChange := func() (common.AuthFunc, error) {
return auth.AuthOwner, nil
}
return &API{
PasswordChanger: common.NewPasswordChanger(st, getCanChange),
st: st,
auth: auth,
}, nil
}
// NewKeyUpdaterAPI creates a new server-side keyupdater API end point.
func NewKeyUpdaterAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*KeyUpdaterAPI, error) {
// Only machine agents have access to the keyupdater service.
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
// No-one else except the machine itself can only read a machine's own credentials.
getCanRead := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &KeyUpdaterAPI{state: st, resources: resources, authorizer: authorizer, getCanRead: getCanRead}, nil
}
func NewUserManagerAPI(
st *state.State,
authorizer common.Authorizer,
) (*UserManagerAPI, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
// TODO(mattyw) - replace stub with real canWrite function
getCanWrite := common.AuthAlways(true)
return &UserManagerAPI{
state: st,
authorizer: authorizer,
getCanWrite: getCanWrite},
nil
}
// NewUpgraderAPI creates a new client-side UpgraderAPI facade.
func NewUpgraderAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*UpgraderAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getCanReadWrite := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &UpgraderAPI{
ToolsGetter: common.NewToolsGetter(st, getCanReadWrite),
ToolsSetter: common.NewToolsSetter(st, getCanReadWrite),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}
// NewRsyslogAPI creates a new instance of the Rsyslog API.
func NewRsyslogAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*RsyslogAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
// Can always watch for environ changes.
getCanWatch := common.AuthAlways(true)
// Does not get the secrets.
getCanReadSecrets := common.AuthAlways(false)
return &RsyslogAPI{
EnvironWatcher: common.NewEnvironWatcher(st, resources, getCanWatch, getCanReadSecrets),
st: st,
authorizer: authorizer,
resources: resources,
canModify: authorizer.AuthEnvironManager(),
StateAddresser: common.NewStateAddresser(st),
}, nil
}