github.com/altoros/juju-vmware@v0.0.0-20150312064031-f19ae857ccca/apiserver/common/interfaces.go

github.com/altoros/juju-vmware@v0.0.0-20150312064031-f19ae857ccca/apiserver/common/interfaces.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package common
     5  
     6  import (
     7  	"github.com/juju/names"
     8  )
     9  
    10  // AuthFunc returns whether the given entity is available to some operation.
    11  type AuthFunc func(tag names.Tag) bool
    12  
    13  // GetAuthFunc returns an AuthFunc.
    14  type GetAuthFunc func() (AuthFunc, error)
    15  
    16  // Authorizer represents a value that can be asked for authorization
    17  // information on its associated authenticated entity. It is
    18  // implemented by an API server to allow an API implementation to ask
    19  // questions about the client that is currently connected.
    20  type Authorizer interface {
    21  	// AuthMachineAgent returns whether the authenticated entity is a
    22  	// machine agent.
    23  	AuthMachineAgent() bool
    24  
    25  	// AuthUnitAgent returns whether the authenticated entity is a
    26  	// unit agent.
    27  	AuthUnitAgent() bool
    28  
    29  	// AuthOwner returns whether the authenticated entity is the same
    30  	// as the given entity.
    31  	AuthOwner(tag names.Tag) bool
    32  
    33  	// AuthEnvironManager returns whether the authenticated entity is
    34  	// a machine running the environment manager job.
    35  	AuthEnvironManager() bool
    36  
    37  	// AuthClient returns whether the authenticated entity
    38  	// is a client user.
    39  	AuthClient() bool
    40  
    41  	// GetAuthTag returns the tag of the authenticated entity.
    42  	GetAuthTag() names.Tag
    43  }
    44  
    45  // AuthEither returns an AuthFunc generator that returns an AuthFunc
    46  // that accepts any tag authorized by either of its arguments.
    47  func AuthEither(a, b GetAuthFunc) GetAuthFunc {
    48  	return func() (AuthFunc, error) {
    49  		f1, err := a()
    50  		if err != nil {
    51  			return nil, err
    52  		}
    53  		f2, err := b()
    54  		if err != nil {
    55  			return nil, err
    56  		}
    57  		return func(tag names.Tag) bool {
    58  			return f1(tag) || f2(tag)
    59  		}, nil
    60  	}
    61  }
    62  
    63  // AuthAlways returns an authentication function that always returns true iff it is passed a valid tag.
    64  func AuthAlways() GetAuthFunc {
    65  	return func() (AuthFunc, error) {
    66  		return func(tag names.Tag) bool {
    67  			return true
    68  		}, nil
    69  	}
    70  }
    71  
    72  // AuthNever returns an authentication function that never returns true.
    73  func AuthNever() GetAuthFunc {
    74  	return func() (AuthFunc, error) {
    75  		return func(tag names.Tag) bool {
    76  			return false
    77  		}, nil
    78  	}
    79  }