// NewLoggerAPI creates a new server-side logger API end point. func NewLoggerAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*LoggerAPI, error) { if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() { return nil, common.ErrPerm } return &LoggerAPI{state: st, resources: resources, authorizer: authorizer}, nil }
// NewCharmRevisionUpdaterAPI creates a new server-side charmrevisionupdater API end point. func NewCharmRevisionUpdaterAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*CharmRevisionUpdaterAPI, error) { if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() { return nil, common.ErrPerm } return &CharmRevisionUpdaterAPI{ state: st, resources: resources, authorizer: authorizer}, nil }
// NewAPI returns an object implementing an agent API // with the given authorizer representing the currently logged in client. func NewAPI(st *state.State, auth common.Authorizer) (*API, error) { // Agents are defined to be any user that's not a client user. if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() { return nil, common.ErrPerm } getCanChange := func() (common.AuthFunc, error) { return auth.AuthOwner, nil } return &API{ PasswordChanger: common.NewPasswordChanger(st, getCanChange), st: st, auth: auth, }, nil }
// NewKeyUpdaterAPI creates a new server-side keyupdater API end point. func NewKeyUpdaterAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*KeyUpdaterAPI, error) { // Only machine agents have access to the keyupdater service. if !authorizer.AuthMachineAgent() { return nil, common.ErrPerm } // No-one else except the machine itself can only read a machine's own credentials. getCanRead := func() (common.AuthFunc, error) { return authorizer.AuthOwner, nil } return &KeyUpdaterAPI{state: st, resources: resources, authorizer: authorizer, getCanRead: getCanRead}, nil }
// NewRsyslogAPI creates a new instance of the Rsyslog API. func NewRsyslogAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*RsyslogAPI, error) { if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() { return nil, common.ErrPerm } // Can always watch for environ changes. getCanWatch := common.AuthAlways(true) // Does not get the secrets. getCanReadSecrets := common.AuthAlways(false) return &RsyslogAPI{ EnvironWatcher: common.NewEnvironWatcher(st, resources, getCanWatch, getCanReadSecrets), st: st, authorizer: authorizer, resources: resources, canModify: authorizer.AuthEnvironManager(), StateAddresser: common.NewStateAddresser(st), }, nil }
// NewUpgraderAPI creates a new client-side UpgraderAPI facade. func NewUpgraderAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*UpgraderAPI, error) { if !authorizer.AuthMachineAgent() { return nil, common.ErrPerm } getCanReadWrite := func() (common.AuthFunc, error) { return authorizer.AuthOwner, nil } return &UpgraderAPI{ ToolsGetter: common.NewToolsGetter(st, getCanReadWrite), ToolsSetter: common.NewToolsSetter(st, getCanReadWrite), st: st, resources: resources, authorizer: authorizer, }, nil }