forked from juju/juju
-
Notifications
You must be signed in to change notification settings - Fork 0
/
restrict_anonymous.go
40 lines (34 loc) · 1.08 KB
/
restrict_anonymous.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
// Copyright 2017 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package apiserver
import (
"fmt"
"github.com/juju/collections/set"
"github.com/juju/errors"
)
// The anonymousFacadeNames are the root names that can be accessed
// using an anonymous login. Any facade added here needs to perform
// its own authentication and authorisation if required.
var anonymousFacadeNames = set.NewStrings(
"CrossController",
"CrossModelRelations",
"CrossModelSecrets",
"NotifyWatcher",
"OfferStatusWatcher",
"RelationStatusWatcher",
"RelationUnitsWatcher",
"RemoteRelationWatcher",
"SecretsRevisionWatcher",
"StringsWatcher",
)
func anonymousFacadesOnly(facadeName, _ string) error {
if !IsAnonymousFacade(facadeName) {
return errors.NewNotSupported(nil, fmt.Sprintf("facade %q not supported for anonymous API connections", facadeName))
}
return nil
}
// IsAnonymousFacade reports whether the given facade name can be accessed
// using an anonymous connection.
func IsAnonymousFacade(facadeName string) bool {
return anonymousFacadeNames.Contains(facadeName)
}