func (s *deployerSuite) SetUpTest(c *gc.C) { s.JujuConnSuite.SetUpTest(c) // The two known machines now contain the following units: // machine 0 (not authorized): mysql/1 (principal1) // machine 1 (authorized): mysql/0 (principal0), logging/0 (subordinate0) var err error s.machine0, err = s.State.AddMachine("quantal", state.JobManageEnviron, state.JobHostUnits) c.Assert(err, jc.ErrorIsNil) s.machine1, err = s.State.AddMachine("quantal", state.JobHostUnits) c.Assert(err, jc.ErrorIsNil) s.service0 = s.AddTestingService(c, "mysql", s.AddTestingCharm(c, "mysql")) s.service1 = s.AddTestingService(c, "logging", s.AddTestingCharm(c, "logging")) eps, err := s.State.InferEndpoints("mysql", "logging") c.Assert(err, jc.ErrorIsNil) rel, err := s.State.AddRelation(eps...) c.Assert(err, jc.ErrorIsNil) s.principal0, err = s.service0.AddUnit() c.Assert(err, jc.ErrorIsNil) err = s.principal0.AssignToMachine(s.machine1) c.Assert(err, jc.ErrorIsNil) s.principal1, err = s.service0.AddUnit() c.Assert(err, jc.ErrorIsNil) err = s.principal1.AssignToMachine(s.machine0) c.Assert(err, jc.ErrorIsNil) relUnit0, err := rel.Unit(s.principal0) c.Assert(err, jc.ErrorIsNil) err = relUnit0.EnterScope(nil) c.Assert(err, jc.ErrorIsNil) s.subordinate0, err = s.State.Unit("logging/0") c.Assert(err, jc.ErrorIsNil) // Create a FakeAuthorizer so we can check permissions, // set up assuming machine 1 has logged in. s.authorizer = apiservertesting.FakeAuthorizer{ Tag: s.machine1.Tag(), } // Create the resource registry separately to track invocations to // Register. s.resources = common.NewResources() s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() }) // Create a deployer API for machine 1. deployer, err := deployer.NewDeployerAPI( s.State, s.resources, s.authorizer, ) c.Assert(err, jc.ErrorIsNil) s.deployer = deployer }
func (s *deployerSuite) TestDeployerFailsWithNonMachineAgentUser(c *gc.C) { anAuthorizer := s.authorizer anAuthorizer.Tag = s.AdminUserTag(c) aDeployer, err := deployer.NewDeployerAPI(s.State, s.resources, anAuthorizer) c.Assert(err, gc.NotNil) c.Assert(aDeployer, gc.IsNil) c.Assert(err, gc.ErrorMatches, "permission denied") }