示例#1
0
func (s *CloudCredentialsSuite) TestUpdateCloudCredentialsExisting(c *gc.C) {
	err := s.State.AddCloud("stratus", cloud.Cloud{
		Type:      "low",
		AuthTypes: cloud.AuthTypes{cloud.AccessKeyAuthType, cloud.UserPassAuthType},
	})
	c.Assert(err, jc.ErrorIsNil)

	cred := cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
		"foo": "foo val",
		"bar": "bar val",
	})
	tag := names.NewCloudCredentialTag("stratus/bob@local/foobar")
	err = s.State.UpdateCloudCredential(tag, cred)
	c.Assert(err, jc.ErrorIsNil)

	cred = cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
		"user":     "******",
		"password": "******",
	})
	cred.Revoked = true
	err = s.State.UpdateCloudCredential(tag, cred)
	c.Assert(err, jc.ErrorIsNil)

	// The retrieved credentials have labels although cloud.NewCredential
	// doesn't have them, so add it to the expected value.
	cred.Label = "foobar"

	out, err := s.State.CloudCredential(tag)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(out, jc.DeepEquals, cred)
}
示例#2
0
func (s *updateCredentialSuite) TestUpdate(c *gc.C) {
	store := &jujuclienttesting.MemStore{
		Controllers: map[string]jujuclient.ControllerDetails{
			"controller": {},
		},
		CurrentControllerName: "controller",
		Accounts: map[string]jujuclient.AccountDetails{
			"controller": {
				User: "******",
			},
		},
		Credentials: map[string]jujucloud.CloudCredential{
			"aws": {
				AuthCredentials: map[string]jujucloud.Credential{
					"my-credential":      jujucloud.NewCredential(jujucloud.AccessKeyAuthType, nil),
					"another-credential": jujucloud.NewCredential(jujucloud.UserPassAuthType, nil),
				},
			},
		},
	}
	fake := &fakeUpdateCredentialAPI{}
	cmd := cloud.NewUpdateCredentialCommandForTest(store, fake)
	ctx, err := testing.RunCommand(c, cmd, "aws", "my-credential")
	c.Assert(err, jc.ErrorIsNil)
	output := testing.Stderr(ctx)
	output = strings.Replace(output, "\n", "", -1)
	c.Assert(output, gc.Equals, `Updated credential "my-credential" for user "admin@local" on cloud "aws".`)
	c.Assert(fake.creds, jc.DeepEquals, map[names.CloudCredentialTag]jujucloud.Credential{
		names.NewCloudCredentialTag("aws/admin@local/my-credential"): jujucloud.NewCredential(jujucloud.AccessKeyAuthType, nil),
	})
}
示例#3
0
func (s *credentialsSuite) SetUpTest(c *gc.C) {
	s.FakeJujuXDGDataHomeSuite.SetUpTest(c)
	s.cloud = cloud.Cloud{
		Type: "fake",
		Regions: []cloud.Region{
			{Name: "first-region"},
			{Name: "second-region"},
		},
	}

	dir := c.MkDir()
	keyFile := filepath.Join(dir, "keyfile")
	err := ioutil.WriteFile(keyFile, []byte("value"), 0600)
	c.Assert(err, jc.ErrorIsNil)

	s.store = jujuclienttesting.NewMemStore()
	s.store.Credentials["cloud"] = cloud.CloudCredential{
		DefaultRegion: "second-region",
		AuthCredentials: map[string]cloud.Credential{
			"interactive": cloud.NewCredential("interactive", map[string]string{
				"username": "******",
			}),
			"secrets": cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
				"username": "******",
				"password": "******",
				"key-file": keyFile,
			}),
		},
	}
}
示例#4
0
func (s *CredentialsSuite) SetUpTest(c *gc.C) {
	s.FakeJujuXDGDataHomeSuite.SetUpTest(c)
	s.store = jujuclient.NewFileCredentialStore()
	s.cloudName = "testcloud"
	s.credentials = cloud.CloudCredential{
		DefaultCredential: "peter",
		DefaultRegion:     "east",
		AuthCredentials: map[string]cloud.Credential{
			"peter": cloud.NewCredential(cloud.AccessKeyAuthType, nil),
			"paul":  cloud.NewCredential(cloud.AccessKeyAuthType, nil),
		},
	}
}
示例#5
0
// FinalizeCredential is part of the environs.ProviderCredentials interface.
func (c environProviderCredentials) FinalizeCredential(
	ctx environs.FinalizeCredentialContext,
	args environs.FinalizeCredentialParams,
) (*cloud.Credential, error) {
	switch authType := args.Credential.AuthType(); authType {
	case cloud.UserPassAuthType:
		fmt.Fprintf(ctx.GetStderr(), `
WARNING: The %q auth-type is deprecated, and will be removed soon.

Please update the credential in ~/.local/share/juju/credentials.yaml,
changing auth-type to %q, and dropping the tenant-id field.

`[1:],
			authType, clientCredentialsAuthType,
		)
		attrs := args.Credential.Attributes()
		delete(attrs, credAttrTenantId)
		out := cloud.NewCredential(clientCredentialsAuthType, attrs)
		out.Label = args.Credential.Label
		return &out, nil

	case deviceCodeAuthType:
		subscriptionId := args.Credential.Attributes()[credAttrSubscriptionId]
		applicationId, password, err := c.interactiveCreateServicePrincipal(
			ctx.GetStderr(),
			c.sender,
			c.requestInspector,
			args.CloudEndpoint,
			args.CloudIdentityEndpoint,
			subscriptionId,
			clock.WallClock,
			utils.NewUUID,
		)
		if err != nil {
			return nil, errors.Trace(err)
		}
		out := cloud.NewCredential(clientCredentialsAuthType, map[string]string{
			credAttrSubscriptionId: subscriptionId,
			credAttrAppId:          applicationId,
			credAttrAppPassword:    password,
		})
		out.Label = args.Credential.Label
		return &out, nil

	case clientCredentialsAuthType:
		return &args.Credential, nil
	default:
		return nil, errors.NotSupportedf("%q auth-type", authType)
	}
}
示例#6
0
文件: credentials.go 项目: bac/juju
// FinalizeCredential is part of the environs.ProviderCredentials interface.
func (c environProviderCredentials) FinalizeCredential(
	ctx environs.FinalizeCredentialContext,
	args environs.FinalizeCredentialParams,
) (*cloud.Credential, error) {
	switch authType := args.Credential.AuthType(); authType {
	case deviceCodeAuthType:
		subscriptionId := args.Credential.Attributes()[credAttrSubscriptionId]
		applicationId, password, err := c.interactiveCreateServicePrincipal(
			ctx.GetStderr(),
			c.sender,
			c.requestInspector,
			args.CloudEndpoint,
			args.CloudIdentityEndpoint,
			subscriptionId,
			clock.WallClock,
			utils.NewUUID,
		)
		if err != nil {
			return nil, errors.Trace(err)
		}
		out := cloud.NewCredential(clientCredentialsAuthType, map[string]string{
			credAttrSubscriptionId: subscriptionId,
			credAttrAppId:          applicationId,
			credAttrAppPassword:    password,
		})
		out.Label = args.Credential.Label
		return &out, nil

	case clientCredentialsAuthType:
		return &args.Credential, nil
	default:
		return nil, errors.NotSupportedf("%q auth-type", authType)
	}
}
示例#7
0
func (s *addSuite) SetUpTest(c *gc.C) {
	s.FakeJujuXDGDataHomeSuite.SetUpTest(c)
	s.fake = &fakeCreateClient{
		model: params.Model{
			Name:     "test",
			UUID:     "fake-model-uuid",
			OwnerTag: "ignored-for-now",
		},
	}

	// Set up the current controller, and write just enough info
	// so we don't try to refresh
	controllerName := "local.test-master"
	err := modelcmd.WriteCurrentController(controllerName)
	c.Assert(err, jc.ErrorIsNil)

	s.store = jujuclienttesting.NewMemStore()
	s.store.Controllers["local.test-master"] = jujuclient.ControllerDetails{}
	s.store.Accounts[controllerName] = &jujuclient.ControllerAccounts{
		Accounts: map[string]jujuclient.AccountDetails{
			"bob@local": {User: "******"},
		},
		CurrentAccount: "bob@local",
	}
	s.store.Credentials["aws"] = cloud.CloudCredential{
		AuthCredentials: map[string]cloud.Credential{
			"secrets": cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
				"access-key": "key",
				"secret-key": "sekret",
			}),
		},
	}
}
示例#8
0
func (s *CloudCredentialsSuite) TestRemoveCredentials(c *gc.C) {
	// Create it.
	err := s.State.AddCloud("stratus", cloud.Cloud{
		Type:      "low",
		AuthTypes: cloud.AuthTypes{cloud.AccessKeyAuthType, cloud.UserPassAuthType},
	})
	c.Assert(err, jc.ErrorIsNil)

	tag := names.NewCloudCredentialTag("stratus/bob@local/bobcred1")
	cred := cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
		"foo": "foo val",
		"bar": "bar val",
	})
	err = s.State.UpdateCloudCredential(tag, cred)
	c.Assert(err, jc.ErrorIsNil)
	_, err = s.State.CloudCredential(tag)
	c.Assert(err, jc.ErrorIsNil)

	// Remove it.
	err = s.State.RemoveCloudCredential(tag)
	c.Assert(err, jc.ErrorIsNil)

	// Check it.
	_, err = s.State.CloudCredential(tag)
	c.Assert(err, jc.Satisfies, errors.IsNotFound)
}
示例#9
0
func (s *ConfigSuite) TestBootstrapConfig(c *gc.C) {
	for i, test := range bootstrapConfigTests {
		c.Logf("test %d: %s", i, test.info)
		attrs := validAttrs().Merge(test.insert).Delete(test.remove...)
		credentialAttrs := make(map[string]string, len(attrs))
		for k, v := range attrs.Delete("type") {
			credentialAttrs[k] = fmt.Sprintf("%v", v)
		}
		testConfig := newConfig(c, attrs)
		preparedConfig, err := jp.Provider.BootstrapConfig(environs.BootstrapConfigParams{
			Config: testConfig,
			Credentials: cloud.NewCredential(
				cloud.UserPassAuthType,
				credentialAttrs,
			),
		})
		if test.err == "" {
			c.Check(err, jc.ErrorIsNil)
			attrs := preparedConfig.AllAttrs()
			for field, value := range test.expect {
				c.Check(attrs[field], gc.Equals, value)
			}
		} else {
			c.Check(preparedConfig, gc.IsNil)
			c.Check(err, gc.ErrorMatches, test.err)
		}
	}
}
示例#10
0
文件: maas2_test.go 项目: bac/juju
func (suite *maas2Suite) makeEnviron(c *gc.C, controller gomaasapi.Controller) *maasEnviron {
	if controller != nil {
		suite.injectController(controller)
	}
	testAttrs := coretesting.Attrs{}
	for k, v := range maasEnvAttrs {
		testAttrs[k] = v
	}
	testAttrs["agent-version"] = version.Current.String()

	cred := cloud.NewCredential(cloud.OAuth1AuthType, map[string]string{
		"maas-oauth": "a:b:c",
	})
	cloud := environs.CloudSpec{
		Type:       "maas",
		Name:       "maas",
		Endpoint:   "http://any-old-junk.invalid/",
		Credential: &cred,
	}

	attrs := coretesting.FakeConfig().Merge(testAttrs)
	suite.controllerUUID = coretesting.FakeControllerConfig().ControllerUUID()
	cfg, err := config.New(config.NoDefaults, attrs)
	c.Assert(err, jc.ErrorIsNil)
	env, err := NewEnviron(cloud, cfg)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(env, gc.NotNil)
	return env
}
示例#11
0
func (s *addCredentialSuite) assertAddFileCredential(c *gc.C, input, fileKey string) {
	dir := c.MkDir()
	filename := filepath.Join(dir, "jsonfile")
	err := ioutil.WriteFile(filename, []byte{}, 0600)
	c.Assert(err, jc.ErrorIsNil)

	stdin := strings.NewReader(fmt.Sprintf(input, filename))
	addCmd := cloud.NewAddCredentialCommandForTest(s.store, s.cloudByNameFunc)
	err = testing.InitCommand(addCmd, []string{"somecloud"})
	c.Assert(err, jc.ErrorIsNil)
	ctx := testing.ContextForDir(c, dir)
	ctx.Stdin = stdin
	err = addCmd.Run(ctx)
	c.Assert(err, jc.ErrorIsNil)

	c.Assert(s.store.Credentials, jc.DeepEquals, map[string]jujucloud.CloudCredential{
		"somecloud": {
			AuthCredentials: map[string]jujucloud.Credential{
				"fred": jujucloud.NewCredential(s.authTypes[0], map[string]string{
					fileKey: filename,
				}),
			},
		},
	})
}
示例#12
0
func (s *InitializeSuite) TestInitializeWithInvalidCredentialType(c *gc.C) {
	owner := names.NewLocalUserTag("initialize-admin")
	modelCfg := testing.ModelConfig(c)
	controllerCfg := testing.FakeControllerConfig()
	credentialTag := names.NewCloudCredentialTag("dummy/" + owner.Canonical() + "/borken")
	_, err := state.Initialize(state.InitializeParams{
		Clock:            clock.WallClock,
		ControllerConfig: controllerCfg,
		ControllerModelArgs: state.ModelArgs{
			CloudName:               "dummy",
			Owner:                   owner,
			Config:                  modelCfg,
			StorageProviderRegistry: storage.StaticProviderRegistry{},
		},
		CloudName: "dummy",
		Cloud: cloud.Cloud{
			Type: "dummy",
			AuthTypes: []cloud.AuthType{
				cloud.AccessKeyAuthType, cloud.OAuth1AuthType,
			},
		},
		CloudCredentials: map[names.CloudCredentialTag]cloud.Credential{
			credentialTag: cloud.NewCredential(cloud.UserPassAuthType, nil),
		},
		MongoInfo:     statetesting.NewMongoInfo(),
		MongoDialOpts: mongotest.DialOpts(),
	})
	c.Assert(err, gc.ErrorMatches,
		`validating initialization args: validating cloud credentials: credential "dummy/initialize-admin@local/borken" with auth-type "userpass" is not supported \(expected one of \["access-key" "oauth1"\]\)`,
	)
}
示例#13
0
func (s *credentialsSuite) TestMarshalAccessKey(c *gc.C) {
	creds := map[string]cloud.CloudCredential{
		"aws": {
			DefaultCredential: "default-cred",
			DefaultRegion:     "us-west-2",
			AuthCredentials: map[string]cloud.Credential{
				"peter": cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
					"access-key": "key",
					"secret-key": "secret",
				}),
				// TODO(wallyworld) - add anther credential once goyaml.v2 supports inline MapSlice.
				//"paul": &cloud.AccessKeyCredentials{
				//	Key: "paulkey",
				//	Secret: "paulsecret",
				//},
			},
		},
	}
	out, err := cloud.MarshalCredentials(creds)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(string(out), gc.Equals, `
credentials:
  aws:
    default-credential: default-cred
    default-region: us-west-2
    peter:
      auth-type: access-key
      access-key: key
      secret-key: secret
`[1:])
}
示例#14
0
func (s *credentialsSuite) TestMarshalOAuth2(c *gc.C) {
	creds := map[string]cloud.CloudCredential{
		"google": {
			DefaultCredential: "default-cred",
			DefaultRegion:     "West US",
			AuthCredentials: map[string]cloud.Credential{
				"peter": cloud.NewCredential(cloud.OAuth2AuthType, map[string]string{
					"client-id":    "client-id",
					"client-email": "client-email",
					"private-key":  "secret",
				}),
			},
		},
	}
	out, err := cloud.MarshalCredentials(creds)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(string(out), gc.Equals, `
credentials:
  google:
    default-credential: default-cred
    default-region: West US
    peter:
      auth-type: oauth2
      client-email: client-email
      client-id: client-id
      private-key: secret
`[1:])
}
示例#15
0
func (s *credentialsSuite) TestMarshalOAuth1(c *gc.C) {
	creds := map[string]cloud.CloudCredential{
		"maas": {
			DefaultCredential: "default-cred",
			DefaultRegion:     "region-default",
			AuthCredentials: map[string]cloud.Credential{
				"peter": cloud.NewCredential(cloud.OAuth1AuthType, map[string]string{
					"consumer-key":    "consumer-key",
					"consumer-secret": "consumer-secret",
					"access-token":    "access-token",
					"token-secret":    "token-secret",
				}),
			},
		},
	}
	out, err := cloud.MarshalCredentials(creds)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(string(out), gc.Equals, `
credentials:
  maas:
    default-credential: default-cred
    default-region: region-default
    peter:
      auth-type: oauth1
      access-token: access-token
      consumer-key: consumer-key
      consumer-secret: consumer-secret
      token-secret: token-secret
`[1:])
}
示例#16
0
func (s *credentialsSuite) TestMarshalAzureCredntials(c *gc.C) {
	creds := map[string]cloud.CloudCredential{
		"azure": {
			DefaultCredential: "default-cred",
			DefaultRegion:     "Central US",
			AuthCredentials: map[string]cloud.Credential{
				"peter": cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
					"application-id":       "app-id",
					"application-password": "******",
					"subscription-id":      "subscription-id",
					"tenant-id":            "tenant-id",
				}),
			},
		},
	}
	out, err := cloud.MarshalCredentials(creds)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(string(out), gc.Equals, `
credentials:
  azure:
    default-credential: default-cred
    default-region: Central US
    peter:
      auth-type: userpass
      application-id: app-id
      application-password: app-secret
      subscription-id: subscription-id
      tenant-id: tenant-id
`[1:])
}
示例#17
0
func (suite *EnvironProviderSuite) TestUnknownAttrsContainAgentName(c *gc.C) {
	attrs := testing.FakeConfig().Merge(testing.Attrs{
		"type": "maas",
	})
	config, err := config.New(config.NoDefaults, attrs)
	c.Assert(err, jc.ErrorIsNil)

	cfg, err := providerInstance.BootstrapConfig(environs.BootstrapConfigParams{
		Config:        config,
		CloudEndpoint: "http://maas.testing.invalid/maas/",
		Credentials: cloud.NewCredential(
			cloud.OAuth1AuthType,
			map[string]string{
				"maas-oauth": "aa:bb:cc",
			},
		),
	})
	c.Assert(err, jc.ErrorIsNil)

	unknownAttrs := cfg.UnknownAttrs()
	c.Assert(unknownAttrs["maas-server"], gc.Equals, "http://maas.testing.invalid/maas/")

	uuid, ok := unknownAttrs["maas-agent-name"]

	c.Assert(ok, jc.IsTrue)
	c.Assert(uuid, jc.Satisfies, utils.IsValidUUIDString)
}
示例#18
0
func (suite *EnvironProviderSuite) TestCredentialsSetup(c *gc.C) {
	attrs := testing.FakeConfig().Merge(testing.Attrs{
		"type": "maas",
	})
	config, err := config.New(config.NoDefaults, attrs)
	c.Assert(err, jc.ErrorIsNil)

	cfg, err := providerInstance.BootstrapConfig(environs.BootstrapConfigParams{
		Config:        config,
		CloudEndpoint: "http://maas.testing.invalid/maas/",
		Credentials: cloud.NewCredential(
			cloud.OAuth1AuthType,
			map[string]string{
				"maas-oauth": "aa:bb:cc",
			},
		),
	})
	c.Assert(err, jc.ErrorIsNil)

	attrs = cfg.UnknownAttrs()
	server, ok := attrs["maas-server"]
	c.Assert(ok, jc.IsTrue)
	c.Assert(server, gc.Equals, "http://maas.testing.invalid/maas/")
	oauth, ok := attrs["maas-oauth"]
	c.Assert(ok, jc.IsTrue)
	c.Assert(oauth, gc.Equals, "aa:bb:cc")
}
示例#19
0
func (s *credentialsSuite) assertGetCredentials(c *gc.C, region string) {
	dir := c.MkDir()
	keyFile := filepath.Join(dir, "keyfile")
	err := ioutil.WriteFile(keyFile, []byte("value"), 0600)
	c.Assert(err, jc.ErrorIsNil)

	store := jujuclienttesting.NewMemStore()
	store.Credentials["cloud"] = cloud.CloudCredential{
		DefaultRegion: "default-region",
		AuthCredentials: map[string]cloud.Credential{
			"secrets": cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
				"username": "******",
				"password": "******",
				"key-file": keyFile,
			}),
		},
	}

	credential, credentialName, regionName, err := modelcmd.GetCredentials(
		store, region, "secrets", "cloud", "fake",
	)
	c.Assert(err, jc.ErrorIsNil)
	expectedRegion := region
	if expectedRegion == "" {
		expectedRegion = "default-region"
	}
	c.Assert(regionName, gc.Equals, expectedRegion)
	c.Assert(credentialName, gc.Equals, "secrets")
	c.Assert(credential.Attributes(), jc.DeepEquals, map[string]string{
		"key":      "value",
		"username": "******",
		"password": "******",
	})
}
示例#20
0
func (s *credentialsSuite) TestFinalizeCredentialUserPass(c *gc.C) {
	in := cloud.NewCredential("userpass", map[string]string{
		"application-id":       "application",
		"application-password": "******",
		"subscription-id":      "subscription",
		"tenant-id":            "tenant",
	})
	ctx := coretesting.Context(c)
	out, err := s.provider.FinalizeCredential(ctx, environs.FinalizeCredentialParams{Credential: in})
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(out, gc.NotNil)
	c.Assert(out.AuthType(), gc.Equals, cloud.AuthType("service-principal-secret"))
	c.Assert(out.Attributes(), jc.DeepEquals, map[string]string{
		"application-id":       "application",
		"application-password": "******",
		"subscription-id":      "subscription",
	})
	stderr := coretesting.Stderr(ctx)
	c.Assert(stderr, gc.Equals, `
WARNING: The "userpass" auth-type is deprecated, and will be removed soon.

Please update the credential in ~/.local/share/juju/credentials.yaml,
changing auth-type to "service-principal-secret", and dropping the tenant-id field.

`[1:])
}
示例#21
0
func (s *ebsVolumeSuite) SetUpSuite(c *gc.C) {
	s.BaseSuite.SetUpSuite(c)
	s.Tests.SetUpSuite(c)
	s.Credential = cloud.NewCredential(
		cloud.AccessKeyAuthType,
		map[string]string{
			"access-key": "x",
			"secret-key": "x",
		},
	)
	s.CloudRegion = "test"

	// Upload arches that ec2 supports; add to this
	// as ec2 coverage expands.
	s.UploadArches = []string{arch.AMD64, arch.I386}
	s.TestConfig = localConfigAttrs.Merge(testing.Attrs{
		"access-key": "x",
		"secret-key": "x",
		"region":     "test",
	})
	s.restoreEC2Patching = patchEC2ForTesting(c)
	s.BaseSuite.PatchValue(&imagemetadata.SimplestreamsImagesPublicKey, sstesting.SignedMetadataPublicKey)
	s.BaseSuite.PatchValue(&juju.JujuPublicKey, sstesting.SignedMetadataPublicKey)
	imagetesting.PatchOfficialDataSources(&s.BaseSuite.CleanupSuite, "test:")
	s.BaseSuite.PatchValue(ec2.DeleteSecurityGroupInsistently, deleteSecurityGroupForTestFunc)
}
示例#22
0
func (s *credentialsSuite) TestFinalizeCredentialMandatoryFieldFromFile(c *gc.C) {
	cred := cloud.NewCredential(
		cloud.UserPassAuthType,
		map[string]string{
			"key-file": "path",
		},
	)
	schema := cloud.CredentialSchema{{
		"key",
		cloud.CredentialAttr{
			Description: "key credential",
			Optional:    false,
			FileAttr:    "key-file",
		},
	}}
	readFile := func(s string) ([]byte, error) {
		c.Assert(s, gc.Equals, "path")
		return []byte("file-value"), nil
	}
	newCred, err := cloud.FinalizeCredential(cred, map[cloud.AuthType]cloud.CredentialSchema{
		cloud.UserPassAuthType: schema,
	}, readFile)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(newCred.Attributes(), jc.DeepEquals, map[string]string{
		"key": "file-value",
	})
}
示例#23
0
func (s *addCredentialSuite) assertAddUserpassCredential(c *gc.C, input string, expected *jujucloud.Credential) {
	s.schema = map[jujucloud.AuthType]jujucloud.CredentialSchema{
		jujucloud.UserPassAuthType: {
			{
				"username", jujucloud.CredentialAttr{Optional: false},
			}, {
				"password", jujucloud.CredentialAttr{Hidden: true},
			},
		},
	}
	stdin := strings.NewReader(input)
	_, err := s.run(c, stdin, "somecloud")
	c.Assert(err, jc.ErrorIsNil)
	var cred jujucloud.Credential
	if expected == nil {
		cred = jujucloud.NewCredential(jujucloud.UserPassAuthType, map[string]string{
			"username": "******",
			"password": "******",
		})
	} else {
		cred = *expected
	}
	c.Assert(s.store.Credentials, jc.DeepEquals, map[string]jujucloud.CloudCredential{
		"somecloud": {
			AuthCredentials: map[string]jujucloud.Credential{
				"fred": cred,
			},
		},
	})
}
示例#24
0
func (s *credentialsSuite) TestFinalizeCredentialFilePath(c *gc.C) {
	dir := c.MkDir()
	filename := filepath.Join(dir, "filename")
	err := ioutil.WriteFile(filename, []byte{}, 0600)
	c.Assert(err, jc.ErrorIsNil)

	cred := cloud.NewCredential(
		cloud.JSONFileAuthType,
		map[string]string{
			"file": filename,
		},
	)
	schema := cloud.CredentialSchema{{
		"file", cloud.CredentialAttr{FilePath: true},
	}}

	readFile := func(path string) ([]byte, error) {
		c.Assert(path, gc.Equals, filename)
		return []byte("file-contents"), nil
	}

	newCred, err := cloud.FinalizeCredential(cred, map[cloud.AuthType]cloud.CredentialSchema{
		cloud.JSONFileAuthType: schema,
	}, readFile)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(newCred.Attributes(), jc.DeepEquals, map[string]string{
		"file": "file-contents",
	})
}
示例#25
0
func (s *addCredentialSuite) assertAddCredentialWithOptions(c *gc.C, input string) {
	s.authTypes = []jujucloud.AuthType{jujucloud.UserPassAuthType}
	s.schema = map[jujucloud.AuthType]jujucloud.CredentialSchema{
		jujucloud.UserPassAuthType: {
			{
				"username", jujucloud.CredentialAttr{Optional: false},
			}, {
				"algorithm", jujucloud.CredentialAttr{Options: []interface{}{"optionA", "optionB"}},
			},
		},
	}
	// Input includes a bad option
	stdin := strings.NewReader(input)
	_, err := s.run(c, stdin, "somecloud")
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(s.store.Credentials, jc.DeepEquals, map[string]jujucloud.CloudCredential{
		"somecloud": {
			AuthCredentials: map[string]jujucloud.Credential{
				"fred": jujucloud.NewCredential(jujucloud.UserPassAuthType, map[string]string{
					"username":  "******",
					"algorithm": "optionA",
				}),
			},
		},
	})
}
示例#26
0
func (s *credentialsSuite) TestMarshalOpenstackUserPass(c *gc.C) {
	creds := map[string]cloud.CloudCredential{
		"openstack": {
			DefaultCredential: "default-cred",
			DefaultRegion:     "region-a",
			AuthCredentials: map[string]cloud.Credential{
				"peter": cloud.NewCredential(cloud.UserPassAuthType, map[string]string{
					"username":    "******",
					"password":    "******",
					"tenant-name": "tenant",
				}),
			},
		},
	}
	out, err := cloud.MarshalCredentials(creds)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(string(out), gc.Equals, `
credentials:
  openstack:
    default-credential: default-cred
    default-region: region-a
    peter:
      auth-type: userpass
      password: secret
      tenant-name: tenant
      username: user
`[1:])
}
示例#27
0
func (s *ConfigSuite) TestPrepareSetsDefaultBlockSource(c *gc.C) {
	s.PatchValue(&verifyCredentials, func(*environ) error { return nil })
	attrs := testing.FakeConfig().Merge(testing.Attrs{
		"type": "ec2",
	})
	config, err := config.New(config.NoDefaults, attrs)
	c.Assert(err, jc.ErrorIsNil)

	cfg, err := providerInstance.BootstrapConfig(environs.BootstrapConfigParams{
		Config:      config,
		CloudRegion: "test",
		Credentials: cloud.NewCredential(
			cloud.AccessKeyAuthType,
			map[string]string{
				"access-key": "x",
				"secret-key": "y",
			},
		),
	})
	c.Assert(err, jc.ErrorIsNil)

	source, ok := cfg.StorageDefaultBlockSource()
	c.Assert(ok, jc.IsTrue)
	c.Assert(source, gc.Equals, "ebs")
}
示例#28
0
func (s *credentialsSuite) TestDetectCredentialsNovarc(c *gc.C) {
	if runtime.GOOS != "linux" {
		c.Skip("not running linux")
	}
	home := utils.Home()
	dir := c.MkDir()
	utils.SetHome(dir)
	s.AddCleanup(func(*gc.C) {
		utils.SetHome(home)
	})

	content := `
# Some secrets
export OS_TENANT_NAME=gary
EXPORT OS_USERNAME=bob
  export  OS_PASSWORD = dobbs
OS_REGION_NAME=region  
`[1:]
	novarc := filepath.Join(dir, ".novarc")
	err := ioutil.WriteFile(novarc, []byte(content), 0600)

	credentials, err := s.provider.DetectCredentials()
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(credentials.DefaultRegion, gc.Equals, "region")
	expected := cloud.NewCredential(
		cloud.UserPassAuthType, map[string]string{
			"username":    "******",
			"password":    "******",
			"tenant-name": "gary",
			"domain-name": "",
		},
	)
	expected.Label = `openstack region "region" project "gary" user "bob"`
	c.Assert(credentials.AuthCredentials["bob"], jc.DeepEquals, expected)
}
示例#29
0
func (s *credentialsSuite) TestMarshalOpenstackAccessKey(c *gc.C) {
	creds := map[string]cloud.CloudCredential{
		"openstack": {
			DefaultCredential: "default-cred",
			DefaultRegion:     "region-a",
			AuthCredentials: map[string]cloud.Credential{
				"peter": cloud.NewCredential(cloud.AccessKeyAuthType, map[string]string{
					"access-key":  "key",
					"secret-key":  "secret",
					"tenant-name": "tenant",
				}),
			},
		},
	}
	out, err := cloud.MarshalCredentials(creds)
	c.Assert(err, jc.ErrorIsNil)
	c.Assert(string(out), gc.Equals, `
credentials:
  openstack:
    default-credential: default-cred
    default-region: region-a
    peter:
      auth-type: access-key
      access-key: key
      secret-key: secret
      tenant-name: tenant
`[1:])
}
示例#30
0
func (s *CloudCredentialsSuite) TestWatchCredential(c *gc.C) {
	cred := names.NewCloudCredentialTag("dummy/fred/default")
	w, wc := s.createCredentialWatcher(c, s.State, cred)
	wc.AssertOneChange() // Initial event.

	// Create
	dummyCred := cloud.NewCredential(cloud.EmptyAuthType, nil)
	err := s.State.UpdateCloudCredential(cred, dummyCred)
	c.Assert(err, jc.ErrorIsNil)
	wc.AssertOneChange()

	// Revoke
	dummyCred.Revoked = true
	err = s.State.UpdateCloudCredential(cred, dummyCred)
	c.Assert(err, jc.ErrorIsNil)
	wc.AssertOneChange()

	// Remove.
	err = s.State.RemoveCloudCredential(cred)
	c.Assert(err, jc.ErrorIsNil)
	wc.AssertOneChange()

	statetesting.AssertStop(c, w)
	wc.AssertClosed()
}