github.com/cloud-green/juju@v0.0.0-20151002100041-a00291338d3d/apiserver/authentication/agent.go

github.com/cloud-green/juju@v0.0.0-20151002100041-a00291338d3d/apiserver/authentication/agent.go (about)

     1  // Copyright 2014 Canonical Ltd. All rights reserved.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package authentication
     5  
     6  import (
     7  	"github.com/juju/errors"
     8  
     9  	"github.com/juju/juju/apiserver/common"
    10  	"github.com/juju/juju/state"
    11  )
    12  
    13  // AgentIdentityProvider performs authentication for machine and unit agents.
    14  type AgentAuthenticator struct{}
    15  
    16  var _ EntityAuthenticator = (*AgentAuthenticator)(nil)
    17  
    18  type taggedAuthenticator interface {
    19  	state.Entity
    20  	state.Authenticator
    21  }
    22  
    23  // Authenticate authenticates the provided entity and returns an error on authentication failure.
    24  func (*AgentAuthenticator) Authenticate(entity state.Entity, password, nonce string) error {
    25  	authenticator, ok := entity.(taggedAuthenticator)
    26  	if !ok {
    27  		return common.ErrBadRequest
    28  	}
    29  	if !authenticator.PasswordValid(password) {
    30  		return common.ErrBadCreds
    31  	}
    32  
    33  	// If this is a machine agent connecting, we need to check the
    34  	// nonce matches, otherwise the wrong agent might be trying to
    35  	// connect.
    36  	if machine, ok := authenticator.(*state.Machine); ok {
    37  		if !machine.CheckProvisioned(nonce) {
    38  			return errors.NotProvisionedf("machine %v", machine.Id())
    39  		}
    40  	}
    41  
    42  	return nil
    43  }