github.com/cloudbase/juju-core@v0.0.0-20140504232958-a7271ac7912f/state/apiserver/keyupdater/authorisedkeys_test.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package keyupdater_test
     5  
     6  import (
     7  	gc "launchpad.net/gocheck"
     8  
     9  	jujutesting "launchpad.net/juju-core/juju/testing"
    10  	"launchpad.net/juju-core/state"
    11  	"launchpad.net/juju-core/state/api/params"
    12  	"launchpad.net/juju-core/state/apiserver/common"
    13  	"launchpad.net/juju-core/state/apiserver/keyupdater"
    14  	apiservertesting "launchpad.net/juju-core/state/apiserver/testing"
    15  	statetesting "launchpad.net/juju-core/state/testing"
    16  )
    17  
    18  type authorisedKeysSuite struct {
    19  	jujutesting.JujuConnSuite
    20  
    21  	// These are raw State objects. Use them for setup and assertions, but
    22  	// should never be touched by the API calls themselves
    23  	rawMachine       *state.Machine
    24  	unrelatedMachine *state.Machine
    25  	keyupdater       *keyupdater.KeyUpdaterAPI
    26  	resources        *common.Resources
    27  	authoriser       apiservertesting.FakeAuthorizer
    28  }
    29  
    30  var _ = gc.Suite(&authorisedKeysSuite{})
    31  
    32  func (s *authorisedKeysSuite) SetUpTest(c *gc.C) {
    33  	s.JujuConnSuite.SetUpTest(c)
    34  	s.resources = common.NewResources()
    35  	s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() })
    36  
    37  	// Create machines to work with
    38  	var err error
    39  	s.rawMachine, err = s.State.AddMachine("quantal", state.JobHostUnits)
    40  	c.Assert(err, gc.IsNil)
    41  	s.unrelatedMachine, err = s.State.AddMachine("quantal", state.JobHostUnits)
    42  	c.Assert(err, gc.IsNil)
    43  
    44  	// The default auth is as a state server
    45  	s.authoriser = apiservertesting.FakeAuthorizer{
    46  		Tag:          s.rawMachine.Tag(),
    47  		LoggedIn:     true,
    48  		MachineAgent: true,
    49  	}
    50  	s.keyupdater, err = keyupdater.NewKeyUpdaterAPI(s.State, s.resources, s.authoriser)
    51  	c.Assert(err, gc.IsNil)
    52  }
    53  
    54  func (s *authorisedKeysSuite) TestNewKeyUpdaterAPIAcceptsStateServer(c *gc.C) {
    55  	endPoint, err := keyupdater.NewKeyUpdaterAPI(s.State, s.resources, s.authoriser)
    56  	c.Assert(err, gc.IsNil)
    57  	c.Assert(endPoint, gc.NotNil)
    58  }
    59  
    60  func (s *authorisedKeysSuite) TestNewKeyUpdaterAPIRefusesNonMachineAgent(c *gc.C) {
    61  	anAuthoriser := s.authoriser
    62  	anAuthoriser.MachineAgent = false
    63  	endPoint, err := keyupdater.NewKeyUpdaterAPI(s.State, s.resources, anAuthoriser)
    64  	c.Assert(endPoint, gc.IsNil)
    65  	c.Assert(err, gc.ErrorMatches, "permission denied")
    66  }
    67  
    68  func (s *authorisedKeysSuite) TestWatchAuthorisedKeysNothing(c *gc.C) {
    69  	// Not an error to watch nothing
    70  	results, err := s.keyupdater.WatchAuthorisedKeys(params.Entities{})
    71  	c.Assert(err, gc.IsNil)
    72  	c.Assert(results.Results, gc.HasLen, 0)
    73  }
    74  
    75  func (s *authorisedKeysSuite) setAuthorizedKeys(c *gc.C, keys string) {
    76  	err := statetesting.UpdateConfig(s.State, map[string]interface{}{"authorized-keys": keys})
    77  	c.Assert(err, gc.IsNil)
    78  	envConfig, err := s.State.EnvironConfig()
    79  	c.Assert(err, gc.IsNil)
    80  	c.Assert(envConfig.AuthorizedKeys(), gc.Equals, keys)
    81  }
    82  
    83  func (s *authorisedKeysSuite) TestWatchAuthorisedKeys(c *gc.C) {
    84  	args := params.Entities{
    85  		Entities: []params.Entity{
    86  			{Tag: s.rawMachine.Tag()},
    87  			{Tag: s.unrelatedMachine.Tag()},
    88  			{Tag: "machine-42"},
    89  		},
    90  	}
    91  	results, err := s.keyupdater.WatchAuthorisedKeys(args)
    92  	c.Assert(err, gc.IsNil)
    93  	c.Assert(results, gc.DeepEquals, params.NotifyWatchResults{
    94  		Results: []params.NotifyWatchResult{
    95  			{NotifyWatcherId: "1"},
    96  			{Error: apiservertesting.ErrUnauthorized},
    97  			{Error: apiservertesting.ErrUnauthorized},
    98  		},
    99  	})
   100  	c.Assert(results.Results[0].NotifyWatcherId, gc.Not(gc.Equals), "")
   101  	c.Assert(results.Results[0].Error, gc.IsNil)
   102  	resource := s.resources.Get(results.Results[0].NotifyWatcherId)
   103  	c.Assert(resource, gc.NotNil)
   104  
   105  	w := resource.(state.NotifyWatcher)
   106  	wc := statetesting.NewNotifyWatcherC(c, s.State, w)
   107  	wc.AssertNoChange()
   108  
   109  	s.setAuthorizedKeys(c, "key1\nkey2")
   110  
   111  	wc.AssertOneChange()
   112  	statetesting.AssertStop(c, w)
   113  	wc.AssertClosed()
   114  }
   115  
   116  func (s *authorisedKeysSuite) TestAuthorisedKeysForNoone(c *gc.C) {
   117  	// Not an error to request nothing, dumb, but not an error.
   118  	results, err := s.keyupdater.AuthorisedKeys(params.Entities{})
   119  	c.Assert(err, gc.IsNil)
   120  	c.Assert(results.Results, gc.HasLen, 0)
   121  }
   122  
   123  func (s *authorisedKeysSuite) TestAuthorisedKeys(c *gc.C) {
   124  	s.setAuthorizedKeys(c, "key1\nkey2")
   125  
   126  	args := params.Entities{
   127  		Entities: []params.Entity{
   128  			{Tag: s.rawMachine.Tag()},
   129  			{Tag: s.unrelatedMachine.Tag()},
   130  			{Tag: "machine-42"},
   131  		},
   132  	}
   133  	results, err := s.keyupdater.AuthorisedKeys(args)
   134  	c.Assert(err, gc.IsNil)
   135  	c.Assert(results, gc.DeepEquals, params.StringsResults{
   136  		Results: []params.StringsResult{
   137  			{Result: []string{"key1", "key2"}},
   138  			{Error: apiservertesting.ErrUnauthorized},
   139  			{Error: apiservertesting.ErrUnauthorized},
   140  		},
   141  	})
   142  }