github.com/cloudbase/juju-core@v0.0.0-20140504232958-a7271ac7912f/state/apiserver/common/interfaces.go

github.com/cloudbase/juju-core@v0.0.0-20140504232958-a7271ac7912f/state/apiserver/common/interfaces.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package common
     5  
     6  import (
     7  	"launchpad.net/juju-core/state"
     8  )
     9  
    10  // AuthFunc returns whether the given entity is available to some operation.
    11  type AuthFunc func(tag string) bool
    12  
    13  // GetAuthFunc returns an AuthFunc.
    14  type GetAuthFunc func() (AuthFunc, error)
    15  
    16  // Authorizer represents a value that can be asked for authorization
    17  // information on its associated authenticated entity. It is
    18  // implemented by an API server to allow an API implementation to ask
    19  // questions about the client that is currently connected.
    20  type Authorizer interface {
    21  	// AuthMachineAgent returns whether the authenticated entity is a
    22  	// machine agent.
    23  	AuthMachineAgent() bool
    24  
    25  	// AuthUnitAgent returns whether the authenticated entity is a
    26  	// unit agent.
    27  	AuthUnitAgent() bool
    28  
    29  	// AuthOwner returns whether the authenticated entity is the same
    30  	// as the given entity.
    31  	AuthOwner(tag string) bool
    32  
    33  	// AuthEnvironManager returns whether the authenticated entity is
    34  	// a machine running the environment manager job.
    35  	AuthEnvironManager() bool
    36  
    37  	// AuthClient returns whether the authenticated entity
    38  	// is a client user.
    39  	AuthClient() bool
    40  
    41  	// GetAuthTag returns the tag of the authenticated entity.
    42  	GetAuthTag() string
    43  
    44  	// GetAuthEntity returns the authenticated entity.
    45  	GetAuthEntity() state.Entity
    46  }
    47  
    48  // AuthEither returns an AuthFunc generator that returns and AuthFunc
    49  // that accepts any tag authorized by either of its arguments.
    50  func AuthEither(a, b GetAuthFunc) GetAuthFunc {
    51  	return func() (AuthFunc, error) {
    52  		f1, err := a()
    53  		if err != nil {
    54  			return nil, err
    55  		}
    56  		f2, err := b()
    57  		if err != nil {
    58  			return nil, err
    59  		}
    60  		return func(tag string) bool {
    61  			return f1(tag) || f2(tag)
    62  		}, nil
    63  	}
    64  }
    65  
    66  // AuthAlways returns an authentication function that always returns
    67  // the given permission.
    68  func AuthAlways(ok bool) GetAuthFunc {
    69  	return func() (AuthFunc, error) {
    70  		return func(tag string) bool {
    71  			return ok
    72  		}, nil
    73  	}
    74  }