Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge 2.6 Into Develop #10367

Merged
merged 29 commits into from
Jun 22, 2019
Merged

Merge 2.6 Into Develop #10367

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
fb3ded8
Tie the watcher lifecycle to the catacomb
SimonRichardson Jun 18, 2019
f60a226
Merge pull request #10341 from SimonRichardson/1833155-watcher-leak
jujubot Jun 19, 2019
bc4821b
Improve error checks to cater for 'not found' provider errors that do…
anastasiamac Jun 20, 2019
93a5dbe
add provider level IsNotFound-equivalent methods to providers that ar…
anastasiamac Jun 20, 2019
3d6378c
add provider level IsNotFound-equivalent methods to providers that ar…
anastasiamac Jun 20, 2019
0b44fac
Rename commit command to branch. Enhance renamed branch command to
hmlanigan Jun 18, 2019
9d0975f
Add Created, CreatedBy, and CompletedBy to a Branch in the model cache,
hmlanigan Jun 20, 2019
12d2082
Merge pull request #10359 from hmlanigan/createdtomodelcache
jujubot Jun 20, 2019
208f334
Merge pull request #10346 from hmlanigan/branch
jujubot Jun 20, 2019
4023a75
diversify handling of operational compute errors.
anastasiamac Jun 20, 2019
b1d584c
Use waiterror.
anastasiamac Jun 20, 2019
9a1a7a2
Only inspect errors after all attempts to run an operation have been …
anastasiamac Jun 20, 2019
ef3098c
adjust tests
anastasiamac Jun 21, 2019
16155dd
adjust tests
anastasiamac Jun 21, 2019
25ab285
Merge pull request #10354 from anastasiamac/provider-not-found-errors-25
jujubot Jun 21, 2019
5fd7824
Merge branch '2.5' into merge-25-26-2106
anastasiamac Jun 21, 2019
501494a
Merge branch '2.5' into merge-25-26-2106
anastasiamac Jun 21, 2019
a6d900b
Merge pull request #10362 from anastasiamac/merge-25-26-2106
jujubot Jun 21, 2019
c2391c8
Fixes case where watcher for unit not tracking any branch starts trac…
manadart Jun 21, 2019
56d6c10
Merge pull request #10364 from manadart/2.6-config-watch-branch-deter…
jujubot Jun 21, 2019
d9d191f
Relocates uniter access control method generation to a new module for…
manadart Jun 20, 2019
ee944e0
Moves event matchers from the modelcache_test package to core/cache/c…
manadart Jun 21, 2019
b78e03e
Adds new testing infrastructure for filling a cache with objects from…
manadart Jun 21, 2019
b345347
Internalises events notification channel in testing cache controller.
manadart Jun 21, 2019
32e0618
Makes cachetest event matchers into function declarations instead of …
manadart Jun 21, 2019
f402984
Adds copyright header to new cachetest matchers module.
manadart Jun 21, 2019
7671273
Merge pull request #10366 from manadart/2.6-cache-testing-infrastructure
jujubot Jun 21, 2019
fec148b
Merge branch 'upstream/2.6' into 2.6-into-develop
manadart Jun 21, 2019
e89fa76
Removes call to deprecated WantsVote method in cachetest package.
manadart Jun 21, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Relocates uniter access control method generation to a new module for… 
… clarity.
  • Loading branch information
@manadart
manadart committed Jun 21, 2019
commit d9d191ffde1145c758174a4bfc2463bf8586b908
129 changes: 129 additions & 0 deletions apiserver/facades/agent/uniter/access.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,129 @@
// Copyright 2019 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.

package uniter

import (
"github.com/juju/errors"
"github.com/juju/juju/apiserver/facades/client/application"
"gopkg.in/juju/names.v2"

"github.com/juju/juju/apiserver/common"
"github.com/juju/juju/apiserver/facade"
"github.com/juju/juju/state"
)

// unitAccessor creates a accessUnit function for accessing a unit
func unitAccessor(authorizer facade.Authorizer, st *state.State) common.GetAuthFunc {
return func() (common.AuthFunc, error) {
switch tag := authorizer.GetAuthTag().(type) {
case names.ApplicationTag:
// If called by an application agent, any of the units
// belonging to that application can be accessed.
app, err := st.Application(tag.Name)
if err != nil {
return nil, errors.Trace(err)
}
allUnits, err := app.AllUnits()
if err != nil {
return nil, errors.Trace(err)
}
return func(tag names.Tag) bool {
for _, u := range allUnits {
if u.Tag() == tag {
return true
}
}
return false
}, nil
case names.UnitTag:
return func(tag names.Tag) bool {
return authorizer.AuthOwner(tag)
}, nil
default:
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag)
}
}
}

func applicationAccessor(authorizer facade.Authorizer, st *state.State) common.GetAuthFunc {
return func() (common.AuthFunc, error) {
switch tag := authorizer.GetAuthTag().(type) {
case names.ApplicationTag:
return func(applicationTag names.Tag) bool {
return tag == applicationTag
}, nil
case names.UnitTag:
entity, err := st.Unit(tag.Id())
if err != nil {
return nil, errors.Trace(err)
}
applicationName := entity.ApplicationName()
applicationTag := names.NewApplicationTag(applicationName)
return func(tag names.Tag) bool {
return tag == applicationTag
}, nil
default:
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag)
}
}
}

func machineAccessor(authorizer facade.Authorizer, st *state.State) common.GetAuthFunc {
return func() (common.AuthFunc, error) {
switch tag := authorizer.GetAuthTag().(type) {
// Application agents can't access machines.
case names.ApplicationTag:
return func(tag names.Tag) bool {
return false
}, nil
case names.UnitTag:
entity, err := st.Unit(tag.Id())
if err != nil {
return nil, errors.Trace(err)
}
machineId, err := entity.AssignedMachineId()
if err != nil {
return nil, errors.Trace(err)
}
machineTag := names.NewMachineTag(machineId)
return func(tag names.Tag) bool {
return tag == machineTag
}, nil
default:
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag)
}
}
}

func cloudSpecAccessor(authorizer facade.Authorizer, st *state.State) func() (func() bool, error) {
return func() (func() bool, error) {
var appName string
var err error

switch tag := authorizer.GetAuthTag().(type) {
case names.ApplicationTag:
appName = tag.Id()
case names.UnitTag:
entity, err := st.Unit(tag.Id())
if err != nil {
return nil, errors.Trace(err)
}
appName = entity.ApplicationName()
default:
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag)
}

app, err := st.Application(appName)
if err != nil {
return nil, errors.Trace(err)
}
config, err := app.ApplicationConfig()
if err != nil {
return nil, errors.Trace(err)
}
return func() bool {
return config.GetBool(application.TrustConfigOptionName, false)
}, nil
}
}
111 changes: 4 additions & 107 deletions apiserver/facades/agent/uniter/uniter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ import (
"github.com/juju/juju/apiserver/facade"
leadershipapiserver "github.com/juju/juju/apiserver/facades/agent/leadership"
"github.com/juju/juju/apiserver/facades/agent/meterstatus"
"github.com/juju/juju/apiserver/facades/client/application"
"github.com/juju/juju/apiserver/params"
"github.com/juju/juju/caas"
"github.com/juju/juju/caas/kubernetes/provider"
Expand Down Expand Up @@ -127,39 +126,6 @@ type UniterAPIV4 struct {
UniterAPIV5
}

// unitAccessor creates a accessUnit function for accessing a unit
func unitAccessor(authorizer facade.Authorizer, st *state.State) common.GetAuthFunc {
return func() (common.AuthFunc, error) {
switch tag := authorizer.GetAuthTag().(type) {
case names.ApplicationTag:
// If called by an application agent, any of the units
// belonging to that application can be accessed.
app, err := st.Application(tag.Name)
if err != nil {
return nil, errors.Trace(err)
}
allUnits, err := app.AllUnits()
if err != nil {
return nil, errors.Trace(err)
}
return func(tag names.Tag) bool {
for _, u := range allUnits {
if u.Tag() == tag {
return true
}
}
return false
}, nil
case names.UnitTag:
return func(tag names.Tag) bool {
return authorizer.AuthOwner(tag)
}, nil
default:
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag)
}
}
}

// NewUniterAPI creates a new instance of the core Uniter API.
func NewUniterAPI(context facade.Context) (*UniterAPI, error) {
authorizer := context.Auth()
Expand All @@ -168,84 +134,15 @@ func NewUniterAPI(context facade.Context) (*UniterAPI, error) {
}
st := context.State()
resources := context.Resources()
accessUnit := unitAccessor(authorizer, st)
leadershipChecker, err := context.LeadershipChecker()
if err != nil {
return nil, errors.Trace(err)
}
accessApplication := func() (common.AuthFunc, error) {
switch tag := authorizer.GetAuthTag().(type) {
case names.ApplicationTag:
return func(applicationTag names.Tag) bool {
return tag == applicationTag
}, nil
case names.UnitTag:
entity, err := st.Unit(tag.Id())
if err != nil {
return nil, errors.Trace(err)
}
applicationName := entity.ApplicationName()
applicationTag := names.NewApplicationTag(applicationName)
return func(tag names.Tag) bool {
return tag == applicationTag
}, nil
default:
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag)
}
}
accessMachine := func() (common.AuthFunc, error) {
switch tag := authorizer.GetAuthTag().(type) {
// Application agents can't access machines.
case names.ApplicationTag:
return func(tag names.Tag) bool {
return false
}, nil
case names.UnitTag:
entity, err := st.Unit(tag.Id())
if err != nil {
return nil, errors.Trace(err)
}
machineId, err := entity.AssignedMachineId()
if err != nil {
return nil, errors.Trace(err)
}
machineTag := names.NewMachineTag(machineId)
return func(tag names.Tag) bool {
return tag == machineTag
}, nil
default:
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag)
}
}
accessCloudSpec := func() (func() bool, error) {
var appName string
var err error

switch tag := authorizer.GetAuthTag().(type) {
case names.ApplicationTag:
appName = tag.Id()
case names.UnitTag:
entity, err := st.Unit(tag.Id())
if err != nil {
return nil, errors.Trace(err)
}
appName = entity.ApplicationName()
default:
return nil, errors.Errorf("expected names.UnitTag or names.ApplicationTag, got %T", tag)
}

app, err := st.Application(appName)
if err != nil {
return nil, errors.Trace(err)
}
config, err := app.ApplicationConfig()
if err != nil {
return nil, errors.Trace(err)
}
return func() bool {
return config.GetBool(application.TrustConfigOptionName, false)
}, nil
}
accessUnit := unitAccessor(authorizer, st)
accessApplication := applicationAccessor(authorizer, st)
accessMachine := machineAccessor(authorizer, st)
accessCloudSpec := cloudSpecAccessor(authorizer, st)

m, err := st.Model()
if err != nil {
Expand Down