forked from juju/juju
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request juju#10367 from manadart/2.6-into-develop
juju#10367 ## Description of change Merge into develop, bringing forward: - juju#10366 from manadart/2.6-cache-testing-infrastructure - juju#10364 from manadart/2.6-config-watch-branch-determination - juju#10362 from anastasiamac/merge-25-26-2106 - juju#10346 from hmlanigan/branch - juju#10359 from hmlanigan/createdtomodelcache
- Loading branch information
Showing
38 changed files
with
808 additions
and
441 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
// Copyright 2019 Canonical Ltd. | ||
// Licensed under the AGPLv3, see LICENCE file for details. | ||
|
||
package uniter | ||
|
||
import ( | ||
"github.com/juju/errors" | ||
"github.com/juju/juju/apiserver/facades/client/application" | ||
"gopkg.in/juju/names.v2" | ||
|
||
"github.com/juju/juju/apiserver/common" | ||
"github.com/juju/juju/apiserver/facade" | ||
"github.com/juju/juju/state" | ||
) | ||
|
||
// unitAccessor creates a accessUnit function for accessing a unit | ||
func unitAccessor(authorizer facade.Authorizer, st *state.State) common.GetAuthFunc { | ||
return func() (common.AuthFunc, error) { | ||
switch tag := authorizer.GetAuthTag().(type) { | ||
case names.ApplicationTag: | ||
// If called by an application agent, any of the units | ||
// belonging to that application can be accessed. | ||
app, err := st.Application(tag.Name) | ||
if err != nil { | ||
return nil, errors.Trace(err) | ||
} | ||
allUnits, err := app.AllUnits() | ||
if err != nil { | ||
return nil, errors.Trace(err) | ||
} | ||
return func(tag names.Tag) bool { | ||
for _, u := range allUnits { | ||
if u.Tag() == tag { | ||
return true | ||
} | ||
} | ||
return false | ||
}, nil | ||
case names.UnitTag: | ||
return func(tag names.Tag) bool { | ||
return authorizer.AuthOwner(tag) | ||
}, nil | ||
default: | ||
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag) | ||
} | ||
} | ||
} | ||
|
||
func applicationAccessor(authorizer facade.Authorizer, st *state.State) common.GetAuthFunc { | ||
return func() (common.AuthFunc, error) { | ||
switch tag := authorizer.GetAuthTag().(type) { | ||
case names.ApplicationTag: | ||
return func(applicationTag names.Tag) bool { | ||
return tag == applicationTag | ||
}, nil | ||
case names.UnitTag: | ||
entity, err := st.Unit(tag.Id()) | ||
if err != nil { | ||
return nil, errors.Trace(err) | ||
} | ||
applicationName := entity.ApplicationName() | ||
applicationTag := names.NewApplicationTag(applicationName) | ||
return func(tag names.Tag) bool { | ||
return tag == applicationTag | ||
}, nil | ||
default: | ||
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag) | ||
} | ||
} | ||
} | ||
|
||
func machineAccessor(authorizer facade.Authorizer, st *state.State) common.GetAuthFunc { | ||
return func() (common.AuthFunc, error) { | ||
switch tag := authorizer.GetAuthTag().(type) { | ||
// Application agents can't access machines. | ||
case names.ApplicationTag: | ||
return func(tag names.Tag) bool { | ||
return false | ||
}, nil | ||
case names.UnitTag: | ||
entity, err := st.Unit(tag.Id()) | ||
if err != nil { | ||
return nil, errors.Trace(err) | ||
} | ||
machineId, err := entity.AssignedMachineId() | ||
if err != nil { | ||
return nil, errors.Trace(err) | ||
} | ||
machineTag := names.NewMachineTag(machineId) | ||
return func(tag names.Tag) bool { | ||
return tag == machineTag | ||
}, nil | ||
default: | ||
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag) | ||
} | ||
} | ||
} | ||
|
||
func cloudSpecAccessor(authorizer facade.Authorizer, st *state.State) func() (func() bool, error) { | ||
return func() (func() bool, error) { | ||
var appName string | ||
var err error | ||
|
||
switch tag := authorizer.GetAuthTag().(type) { | ||
case names.ApplicationTag: | ||
appName = tag.Id() | ||
case names.UnitTag: | ||
entity, err := st.Unit(tag.Id()) | ||
if err != nil { | ||
return nil, errors.Trace(err) | ||
} | ||
appName = entity.ApplicationName() | ||
default: | ||
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag) | ||
} | ||
|
||
app, err := st.Application(appName) | ||
if err != nil { | ||
return nil, errors.Trace(err) | ||
} | ||
config, err := app.ApplicationConfig() | ||
if err != nil { | ||
return nil, errors.Trace(err) | ||
} | ||
return func() bool { | ||
return config.GetBool(application.TrustConfigOptionName, false) | ||
}, nil | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.