func (s *controllerSuite) TestGetControllerAccessPermissions(c *gc.C) {
// Set up the user making the call.
user := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
anAuthoriser := apiservertesting.FakeAuthorizer{
Tag: user.Tag(),
}
endpoint, err := controller.NewControllerAPI(s.State, s.resources, anAuthoriser)
c.Assert(err, jc.ErrorIsNil)
args := params.ModifyControllerAccessRequest{
Changes: []params.ModifyControllerAccess{{
UserTag: user.Tag().String(),
Action: params.GrantControllerAccess,
Access: "superuser",
}}}
result, err := s.controller.ModifyControllerAccess(args)
c.Assert(err, jc.ErrorIsNil)
c.Assert(result.OneError(), jc.ErrorIsNil)
// We ask for permissions for a different user as well as ourselves.
differentUser := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
req := params.Entities{
Entities: []params.Entity{{Tag: user.Tag().String()}, {Tag: differentUser.Tag().String()}},
}
results, err := endpoint.GetControllerAccess(req)
c.Assert(err, jc.ErrorIsNil)
c.Assert(results.Results, gc.HasLen, 2)
c.Assert(*results.Results[0].Result, jc.DeepEquals, params.UserAccess{
Access: "superuser",
UserTag: user.Tag().String(),
})
c.Assert(*results.Results[1].Error, gc.DeepEquals, params.Error{
Message: "permission denied", Code: "unauthorized access",
})
}
func (s *destroyControllerSuite) SetUpTest(c *gc.C) {
s.JujuConnSuite.SetUpTest(c)
s.BlockHelper = commontesting.NewBlockHelper(s.APIState)
s.AddCleanup(func(*gc.C) { s.BlockHelper.Close() })
resources := common.NewResources()
s.AddCleanup(func(_ *gc.C) { resources.StopAll() })
authoriser := apiservertesting.FakeAuthorizer{
Tag: s.AdminUserTag(c),
}
controller, err := controller.NewControllerAPI(s.State, resources, authoriser)
c.Assert(err, jc.ErrorIsNil)
s.controller = controller
s.otherEnvOwner = names.NewUserTag("jess@dummy")
s.otherState = factory.NewFactory(s.State).MakeModel(c, &factory.ModelParams{
Name: "dummytoo",
Owner: s.otherEnvOwner,
Prepare: true,
ConfigAttrs: testing.Attrs{
"state-server": false,
},
})
s.AddCleanup(func(c *gc.C) { s.otherState.Close() })
s.otherModelUUID = s.otherState.ModelUUID()
}
func (s *controllerSuite) TestNewAPIRefusesNonClient(c *gc.C) {
anAuthoriser := apiservertesting.FakeAuthorizer{
Tag: names.NewUnitTag("mysql/0"),
}
endPoint, err := controller.NewControllerAPI(s.State, s.resources, anAuthoriser)
c.Assert(endPoint, gc.IsNil)
c.Assert(err, gc.ErrorMatches, "permission denied")
}
func (s *controllerSuite) TestNewAPIRefusesNonAdmins(c *gc.C) {
user := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
anAuthoriser := apiservertesting.FakeAuthorizer{
Tag: user.Tag(),
}
endPoint, err := controller.NewControllerAPI(s.State, s.resources, anAuthoriser)
c.Assert(endPoint, gc.IsNil)
c.Assert(err, gc.ErrorMatches, "permission denied")
}
func (s *controllerSuite) TestModelConfigFromNonStateServer(c *gc.C) {
st := s.Factory.MakeModel(c, &factory.ModelParams{
Name: "test"})
defer st.Close()
authorizer := &apiservertesting.FakeAuthorizer{Tag: s.AdminUserTag(c)}
controller, err := controller.NewControllerAPI(st, common.NewResources(), authorizer)
c.Assert(err, jc.ErrorIsNil)
env, err := controller.ModelConfig()
c.Assert(err, jc.ErrorIsNil)
c.Assert(env.Config["name"], gc.Equals, "dummymodel")
}
func (s *controllerSuite) TestModelConfigFromNonController(c *gc.C) {
st := s.Factory.MakeModel(c, &factory.ModelParams{
Name: "test"})
defer st.Close()
authorizer := &apiservertesting.FakeAuthorizer{
Tag: s.Owner,
AdminTag: s.Owner,
}
controller, err := controller.NewControllerAPI(st, common.NewResources(), authorizer)
c.Assert(err, jc.ErrorIsNil)
cfg, err := controller.ModelConfig()
c.Assert(err, jc.ErrorIsNil)
c.Assert(cfg.Config["name"], jc.DeepEquals, params.ConfigValue{Value: "controller"})
}
func (s *controllerSuite) SetUpTest(c *gc.C) {
s.JujuConnSuite.SetUpTest(c)
s.resources = common.NewResources()
s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() })
s.authorizer = apiservertesting.FakeAuthorizer{
Tag: s.AdminUserTag(c),
}
controller, err := controller.NewControllerAPI(s.State, s.resources, s.authorizer)
c.Assert(err, jc.ErrorIsNil)
s.controller = controller
loggo.GetLogger("juju.apiserver.controller").SetLogLevel(loggo.TRACE)
}
func (s *modelStatusSuite) TestModelStatusNonAuth(c *gc.C) {
// Set up the user making the call.
user := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
anAuthoriser := apiservertesting.FakeAuthorizer{
Tag: user.Tag(),
}
endpoint, err := controller.NewControllerAPI(s.State, s.resources, anAuthoriser)
c.Assert(err, jc.ErrorIsNil)
controllerModelTag := s.State.ModelTag().String()
req := params.Entities{
Entities: []params.Entity{{Tag: controllerModelTag}},
}
_, err = endpoint.ModelStatus(req)
c.Assert(err, gc.ErrorMatches, "permission denied")
}
func (s *controllerSuite) TestControllerConfigFromNonController(c *gc.C) {
st := s.Factory.MakeModel(c, &factory.ModelParams{
Name: "test"})
defer st.Close()
authorizer := &apiservertesting.FakeAuthorizer{Tag: s.Owner}
controller, err := controller.NewControllerAPI(st, common.NewResources(), authorizer)
c.Assert(err, jc.ErrorIsNil)
cfg, err := controller.ControllerConfig()
c.Assert(err, jc.ErrorIsNil)
cfgFromDB, err := s.State.ControllerConfig()
c.Assert(err, jc.ErrorIsNil)
c.Assert(cfg.Config["controller-uuid"], gc.Equals, cfgFromDB.ControllerUUID())
c.Assert(cfg.Config["state-port"], gc.Equals, cfgFromDB.StatePort())
c.Assert(cfg.Config["api-port"], gc.Equals, cfgFromDB.APIPort())
}
func (s *modelStatusSuite) TestModelStatusOwnerAllowed(c *gc.C) {
// Set up the user making the call.
owner := s.Factory.MakeUser(c, nil)
anAuthoriser := apiservertesting.FakeAuthorizer{
Tag: owner.Tag(),
}
st := s.Factory.MakeModel(c, &factory.ModelParams{Owner: owner.Tag()})
defer st.Close()
endpoint, err := controller.NewControllerAPI(s.State, s.resources, anAuthoriser)
c.Assert(err, jc.ErrorIsNil)
req := params.Entities{
Entities: []params.Entity{{Tag: st.ModelTag().String()}},
}
_, err = endpoint.ModelStatus(req)
c.Assert(err, jc.ErrorIsNil)
}
func (s *modelStatusSuite) SetUpTest(c *gc.C) {
// Initial config needs to be set before the StateSuite SetUpTest.
s.InitialConfig = testing.CustomModelConfig(c, testing.Attrs{
"name": "controller",
})
s.StateSuite.SetUpTest(c)
s.resources = common.NewResources()
s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() })
s.authorizer = apiservertesting.FakeAuthorizer{
Tag: s.Owner,
AdminTag: s.Owner,
}
controller, err := controller.NewControllerAPI(s.State, s.resources, s.authorizer)
c.Assert(err, jc.ErrorIsNil)
s.controller = controller
loggo.GetLogger("juju.apiserver.controller").SetLogLevel(loggo.TRACE)
}