func newUndertakerAPI(st State, resources *common.Resources, authorizer common.Authorizer) (*UndertakerAPI, error) { if !authorizer.AuthMachineAgent() || !authorizer.AuthModelManager() { return nil, common.ErrPerm } model, err := st.Model() if err != nil { return nil, errors.Trace(err) } getCanModifyModel := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { if st.IsController() { return true } // Only the agent's model can be modified. modelTag, ok := tag.(names.ModelTag) if !ok { return false } return modelTag.Id() == model.UUID() }, nil } return &UndertakerAPI{ st: st, resources: resources, StatusSetter: common.NewStatusSetter(st, getCanModifyModel), }, nil }
// NewFacade creates a new authorized Facade. func NewFacade(backend Backend, res *common.Resources, auth common.Authorizer) (*Facade, error) { if !auth.AuthModelManager() { return nil, common.ErrPerm } return &Facade{ backend: backend, resources: res, }, nil }
func newUndertakerAPI(st State, resources *common.Resources, authorizer common.Authorizer) (*UndertakerAPI, error) { if !authorizer.AuthMachineAgent() || !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &UndertakerAPI{ st: st, resources: resources, }, nil }
// NewResumerAPI creates a new instance of the Resumer API. func NewResumerAPI(st *state.State, _ *common.Resources, authorizer common.Authorizer) (*ResumerAPI, error) { if !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &ResumerAPI{ st: getState(st), auth: authorizer, }, nil }
// NewFacade returns a singular-controller API facade, backed by the supplied // state, so long as the authorizer represents a controller machine. func NewFacade(backend Backend, auth common.Authorizer) (*Facade, error) { if !auth.AuthModelManager() { return nil, common.ErrPerm } return &Facade{ auth: auth, model: backend.ModelTag(), claimer: backend.SingularClaimer(), }, nil }
func NewDiscoverSpacesAPIWithBacking(st networkingcommon.NetworkBacking, resources *common.Resources, authorizer common.Authorizer) (*DiscoverSpacesAPI, error) { if !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &DiscoverSpacesAPI{ st: st, authorizer: authorizer, resources: resources, }, nil }
// NewInstancePollerAPI creates a new server-side InstancePoller API // facade. func NewInstancePollerAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*InstancePollerAPI, error) { if !authorizer.AuthModelManager() { // InstancePoller must run as environment manager. return nil, common.ErrPerm } accessMachine := common.AuthFuncForTagKind(names.MachineTagKind) sti := getState(st) // Life() is supported for machines. lifeGetter := common.NewLifeGetter( sti, accessMachine, ) // ModelConfig() and WatchForModelConfigChanges() are allowed // with unrestriced access. modelWatcher := common.NewModelWatcher( sti, resources, authorizer, ) // WatchModelMachines() is allowed with unrestricted access. machinesWatcher := common.NewModelMachinesWatcher( sti, resources, authorizer, ) // InstanceId() is supported for machines. instanceIdGetter := common.NewInstanceIdGetter( sti, accessMachine, ) // Status() is supported for machines. statusGetter := common.NewStatusGetter( sti, accessMachine, ) return &InstancePollerAPI{ LifeGetter: lifeGetter, ModelWatcher: modelWatcher, ModelMachinesWatcher: machinesWatcher, InstanceIdGetter: instanceIdGetter, StatusGetter: statusGetter, st: sti, resources: resources, authorizer: authorizer, accessMachine: accessMachine, }, nil }
// NewCharmRevisionUpdaterAPI creates a new server-side charmrevisionupdater API end point. func NewCharmRevisionUpdaterAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*CharmRevisionUpdaterAPI, error) { if !authorizer.AuthMachineAgent() && !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &CharmRevisionUpdaterAPI{ state: st, resources: resources, authorizer: authorizer}, nil }
// NewHighAvailabilityAPI creates a new server-side highavailability API end point. func NewHighAvailabilityAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*HighAvailabilityAPI, error) { // Only clients and environment managers can access the high availability service. if !authorizer.AuthClient() && !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &HighAvailabilityAPI{ state: st, resources: resources, authorizer: authorizer, }, nil }
// NewCleanerAPI creates a new instance of the Cleaner API. func NewCleanerAPI( st *state.State, res *common.Resources, authorizer common.Authorizer, ) (*CleanerAPI, error) { if !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &CleanerAPI{ st: getState(st), resources: res, }, nil }
// createAPI returns a new image metadata API facade. func createAPI( st metadataAcess, resources *common.Resources, authorizer common.Authorizer, ) (*API, error) { if !authorizer.AuthClient() && !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &API{ metadata: st, authorizer: authorizer, }, nil }
// NewAPI creates a new API server endpoint for the model migration // master worker. func NewAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*API, error) { if !authorizer.AuthModelManager() { return nil, common.ErrPerm } return &API{ backend: getBackend(st), authorizer: authorizer, resources: resources, }, nil }
func NewFacade(backend Backend, resources *common.Resources, authorizer common.Authorizer) (*Facade, error) { if !authorizer.AuthModelManager() { return nil, common.ErrPerm } expect := names.NewModelTag(backend.ModelUUID()) getCanAccess := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { return tag == expect }, nil } life := common.NewLifeGetter(backend, getCanAccess) watch := common.NewAgentEntityWatcher(backend, resources, getCanAccess) return &Facade{ LifeGetter: life, AgentEntityWatcher: watch, }, nil }
// NewAddresserAPI creates a new server-side Addresser API facade. func NewAddresserAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*AddresserAPI, error) { isModelManager := authorizer.AuthModelManager() if !isModelManager { // Addresser must run as model manager. return nil, common.ErrPerm } sti := getState(st) return &AddresserAPI{ st: sti, resources: resources, authorizer: authorizer, }, nil }
// NewKeyManagerAPI creates a new server-side keyupdater API end point. func NewKeyManagerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*KeyManagerAPI, error) { // Only clients and environment managers can access the key manager service. if !authorizer.AuthClient() && !authorizer.AuthModelManager() { return nil, common.ErrPerm } env, err := st.Model() if err != nil { return nil, errors.Trace(err) } // For gccgo interface comparisons, we need a Tag. owner := names.Tag(env.Owner()) // TODO(wallyworld) - replace stub with real canRead function // For now, only admins can read authorised ssh keys. canRead := func(user string) bool { // Are we a machine agent operating as the system identity? if user == config.JujuSystemKey { _, ismachinetag := authorizer.GetAuthTag().(names.MachineTag) return ismachinetag } return authorizer.GetAuthTag() == owner } // TODO(wallyworld) - replace stub with real canWrite function // For now, only admins can write authorised ssh keys for users. // Machine agents can write the juju-system-key. canWrite := func(user string) bool { // Are we a machine agent writing the Juju system key. if user == config.JujuSystemKey { _, ismachinetag := authorizer.GetAuthTag().(names.MachineTag) return ismachinetag } // No point looking to see if the user exists as we are not // yet storing keys on the user. return authorizer.GetAuthTag() == owner } return &KeyManagerAPI{ state: st, resources: resources, authorizer: authorizer, canRead: canRead, canWrite: canWrite, check: common.NewBlockChecker(st), }, nil }
func newMigrationMasterWatcher( st *state.State, resources *common.Resources, auth common.Authorizer, id string, ) (interface{}, error) { if !auth.AuthModelManager() { return nil, common.ErrPerm } w, ok := resources.Get(id).(state.NotifyWatcher) if !ok { return nil, common.ErrUnknownWatcher } return &srvMigrationMasterWatcher{ watcher: w, id: id, resources: resources, st: migrationGetter(st), }, nil }
// NewMetricsManagerAPI creates a new API endpoint for calling metrics manager functions. func NewMetricsManagerAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*MetricsManagerAPI, error) { if !(authorizer.AuthMachineAgent() && authorizer.AuthModelManager()) { return nil, common.ErrPerm } // Allow access only to the current environment. accessEnviron := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { if tag == nil { return false } return tag == st.ModelTag() }, nil } return &MetricsManagerAPI{ state: st, accessEnviron: accessEnviron, }, nil }
// NewFirewallerAPI creates a new server-side FirewallerAPI facade. func NewFirewallerAPI( st *state.State, resources *common.Resources, authorizer common.Authorizer, ) (*FirewallerAPI, error) { if !authorizer.AuthModelManager() { // Firewaller must run as environment manager. return nil, common.ErrPerm } // Set up the various authorization checkers. accessEnviron := common.AuthFuncForTagKind(names.ModelTagKind) accessUnit := common.AuthFuncForTagKind(names.UnitTagKind) accessService := common.AuthFuncForTagKind(names.ServiceTagKind) accessMachine := common.AuthFuncForTagKind(names.MachineTagKind) accessUnitOrService := common.AuthEither(accessUnit, accessService) accessUnitServiceOrMachine := common.AuthEither(accessUnitOrService, accessMachine) // Life() is supported for units, services or machines. lifeGetter := common.NewLifeGetter( st, accessUnitServiceOrMachine, ) // ModelConfig() and WatchForModelConfigChanges() are allowed // with unrestriced access. modelWatcher := common.NewModelWatcher( st, resources, authorizer, ) // Watch() is supported for services only. entityWatcher := common.NewAgentEntityWatcher( st, resources, accessService, ) // WatchUnits() is supported for machines. unitsWatcher := common.NewUnitsWatcher(st, resources, accessMachine, ) // WatchModelMachines() is allowed with unrestricted access. machinesWatcher := common.NewModelMachinesWatcher( st, resources, authorizer, ) // InstanceId() is supported for machines. instanceIdGetter := common.NewInstanceIdGetter( st, accessMachine, ) return &FirewallerAPI{ LifeGetter: lifeGetter, ModelWatcher: modelWatcher, AgentEntityWatcher: entityWatcher, UnitsWatcher: unitsWatcher, ModelMachinesWatcher: machinesWatcher, InstanceIdGetter: instanceIdGetter, st: st, resources: resources, authorizer: authorizer, accessUnit: accessUnit, accessService: accessService, accessMachine: accessMachine, accessEnviron: accessEnviron, }, nil }
// NewStorageProvisionerAPI creates a new server-side StorageProvisionerAPI facade. func NewStorageProvisionerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*StorageProvisionerAPI, error) { if !authorizer.AuthMachineAgent() { return nil, common.ErrPerm } canAccessStorageMachine := func(tag names.MachineTag, allowEnvironManager bool) bool { authEntityTag := authorizer.GetAuthTag() if tag == authEntityTag { // Machine agents can access volumes // scoped to their own machine. return true } parentId := state.ParentId(tag.Id()) if parentId == "" { return allowEnvironManager && authorizer.AuthModelManager() } // All containers with the authenticated // machine as a parent are accessible by it. return names.NewMachineTag(parentId) == authEntityTag } getScopeAuthFunc := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { switch tag := tag.(type) { case names.ModelTag: // Environment managers can access all volumes // and filesystems scoped to the environment. isModelManager := authorizer.AuthModelManager() return isModelManager && tag == st.ModelTag() case names.MachineTag: return canAccessStorageMachine(tag, false) default: return false } }, nil } canAccessStorageEntity := func(tag names.Tag, allowMachines bool) bool { switch tag := tag.(type) { case names.VolumeTag: machineTag, ok := names.VolumeMachine(tag) if ok { return canAccessStorageMachine(machineTag, false) } return authorizer.AuthModelManager() case names.FilesystemTag: machineTag, ok := names.FilesystemMachine(tag) if ok { return canAccessStorageMachine(machineTag, false) } return authorizer.AuthModelManager() case names.MachineTag: return allowMachines && canAccessStorageMachine(tag, true) default: return false } } getStorageEntityAuthFunc := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { return canAccessStorageEntity(tag, false) }, nil } getLifeAuthFunc := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { return canAccessStorageEntity(tag, true) }, nil } getAttachmentAuthFunc := func() (func(names.MachineTag, names.Tag) bool, error) { // getAttachmentAuthFunc returns a function that validates // access by the authenticated user to an attachment. return func(machineTag names.MachineTag, attachmentTag names.Tag) bool { // Machine agents can access their own machine, and // machines contained. Environment managers can access // top-level machines. if !canAccessStorageMachine(machineTag, true) { return false } // Environment managers can access model-scoped // volumes and volumes scoped to their own machines. // Other machine agents can access volumes regardless // of their scope. if !authorizer.AuthModelManager() { return true } var machineScope names.MachineTag var hasMachineScope bool switch attachmentTag := attachmentTag.(type) { case names.VolumeTag: machineScope, hasMachineScope = names.VolumeMachine(attachmentTag) case names.FilesystemTag: machineScope, hasMachineScope = names.FilesystemMachine(attachmentTag) } return !hasMachineScope || machineScope == authorizer.GetAuthTag() }, nil } getMachineAuthFunc := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { if tag, ok := tag.(names.MachineTag); ok { return canAccessStorageMachine(tag, true) } return false }, nil } getBlockDevicesAuthFunc := func() (common.AuthFunc, error) { return func(tag names.Tag) bool { if tag, ok := tag.(names.MachineTag); ok { return canAccessStorageMachine(tag, false) } return false }, nil } stateInterface := getState(st) settings := getSettingsManager(st) return &StorageProvisionerAPI{ LifeGetter: common.NewLifeGetter(stateInterface, getLifeAuthFunc), DeadEnsurer: common.NewDeadEnsurer(stateInterface, getStorageEntityAuthFunc), ModelWatcher: common.NewModelWatcher(stateInterface, resources, authorizer), InstanceIdGetter: common.NewInstanceIdGetter(st, getMachineAuthFunc), StatusSetter: common.NewStatusSetter(st, getStorageEntityAuthFunc), st: stateInterface, settings: settings, resources: resources, authorizer: authorizer, getScopeAuthFunc: getScopeAuthFunc, getStorageEntityAuthFunc: getStorageEntityAuthFunc, getAttachmentAuthFunc: getAttachmentAuthFunc, getMachineAuthFunc: getMachineAuthFunc, getBlockDevicesAuthFunc: getBlockDevicesAuthFunc, }, nil }
// NewProvisionerAPI creates a new server-side ProvisionerAPI facade. func NewProvisionerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*ProvisionerAPI, error) { if !authorizer.AuthMachineAgent() && !authorizer.AuthModelManager() { return nil, common.ErrPerm } getAuthFunc := func() (common.AuthFunc, error) { isModelManager := authorizer.AuthModelManager() isMachineAgent := authorizer.AuthMachineAgent() authEntityTag := authorizer.GetAuthTag() return func(tag names.Tag) bool { if isMachineAgent && tag == authEntityTag { // A machine agent can always access its own machine. return true } switch tag := tag.(type) { case names.MachineTag: parentId := state.ParentId(tag.Id()) if parentId == "" { // All top-level machines are accessible by the // environment manager. return isModelManager } // All containers with the authenticated machine as a // parent are accessible by it. // TODO(dfc) sometimes authEntity tag is nil, which is fine because nil is // only equal to nil, but it suggests someone is passing an authorizer // with a nil tag. return isMachineAgent && names.NewMachineTag(parentId) == authEntityTag default: return false } }, nil } getAuthOwner := func() (common.AuthFunc, error) { return authorizer.AuthOwner, nil } env, err := st.Model() if err != nil { return nil, err } urlGetter := common.NewToolsURLGetter(env.UUID(), st) return &ProvisionerAPI{ Remover: common.NewRemover(st, false, getAuthFunc), StatusSetter: common.NewStatusSetter(st, getAuthFunc), StatusGetter: common.NewStatusGetter(st, getAuthFunc), DeadEnsurer: common.NewDeadEnsurer(st, getAuthFunc), PasswordChanger: common.NewPasswordChanger(st, getAuthFunc), LifeGetter: common.NewLifeGetter(st, getAuthFunc), StateAddresser: common.NewStateAddresser(st), APIAddresser: common.NewAPIAddresser(st, resources), ModelWatcher: common.NewModelWatcher(st, resources, authorizer), ModelMachinesWatcher: common.NewModelMachinesWatcher(st, resources, authorizer), InstanceIdGetter: common.NewInstanceIdGetter(st, getAuthFunc), ToolsFinder: common.NewToolsFinder(st, st, urlGetter), ToolsGetter: common.NewToolsGetter(st, st, st, urlGetter, getAuthOwner), st: st, resources: resources, authorizer: authorizer, getAuthFunc: getAuthFunc, }, nil }