github.com/cloudbase/juju-core@v0.0.0-20140504232958-a7271ac7912f/state/apiserver/keyupdater/authorisedkeys_test.go (about) 1 // Copyright 2013 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package keyupdater_test 5 6 import ( 7 gc "launchpad.net/gocheck" 8 9 jujutesting "launchpad.net/juju-core/juju/testing" 10 "launchpad.net/juju-core/state" 11 "launchpad.net/juju-core/state/api/params" 12 "launchpad.net/juju-core/state/apiserver/common" 13 "launchpad.net/juju-core/state/apiserver/keyupdater" 14 apiservertesting "launchpad.net/juju-core/state/apiserver/testing" 15 statetesting "launchpad.net/juju-core/state/testing" 16 ) 17 18 type authorisedKeysSuite struct { 19 jujutesting.JujuConnSuite 20 21 // These are raw State objects. Use them for setup and assertions, but 22 // should never be touched by the API calls themselves 23 rawMachine *state.Machine 24 unrelatedMachine *state.Machine 25 keyupdater *keyupdater.KeyUpdaterAPI 26 resources *common.Resources 27 authoriser apiservertesting.FakeAuthorizer 28 } 29 30 var _ = gc.Suite(&authorisedKeysSuite{}) 31 32 func (s *authorisedKeysSuite) SetUpTest(c *gc.C) { 33 s.JujuConnSuite.SetUpTest(c) 34 s.resources = common.NewResources() 35 s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() }) 36 37 // Create machines to work with 38 var err error 39 s.rawMachine, err = s.State.AddMachine("quantal", state.JobHostUnits) 40 c.Assert(err, gc.IsNil) 41 s.unrelatedMachine, err = s.State.AddMachine("quantal", state.JobHostUnits) 42 c.Assert(err, gc.IsNil) 43 44 // The default auth is as a state server 45 s.authoriser = apiservertesting.FakeAuthorizer{ 46 Tag: s.rawMachine.Tag(), 47 LoggedIn: true, 48 MachineAgent: true, 49 } 50 s.keyupdater, err = keyupdater.NewKeyUpdaterAPI(s.State, s.resources, s.authoriser) 51 c.Assert(err, gc.IsNil) 52 } 53 54 func (s *authorisedKeysSuite) TestNewKeyUpdaterAPIAcceptsStateServer(c *gc.C) { 55 endPoint, err := keyupdater.NewKeyUpdaterAPI(s.State, s.resources, s.authoriser) 56 c.Assert(err, gc.IsNil) 57 c.Assert(endPoint, gc.NotNil) 58 } 59 60 func (s *authorisedKeysSuite) TestNewKeyUpdaterAPIRefusesNonMachineAgent(c *gc.C) { 61 anAuthoriser := s.authoriser 62 anAuthoriser.MachineAgent = false 63 endPoint, err := keyupdater.NewKeyUpdaterAPI(s.State, s.resources, anAuthoriser) 64 c.Assert(endPoint, gc.IsNil) 65 c.Assert(err, gc.ErrorMatches, "permission denied") 66 } 67 68 func (s *authorisedKeysSuite) TestWatchAuthorisedKeysNothing(c *gc.C) { 69 // Not an error to watch nothing 70 results, err := s.keyupdater.WatchAuthorisedKeys(params.Entities{}) 71 c.Assert(err, gc.IsNil) 72 c.Assert(results.Results, gc.HasLen, 0) 73 } 74 75 func (s *authorisedKeysSuite) setAuthorizedKeys(c *gc.C, keys string) { 76 err := statetesting.UpdateConfig(s.State, map[string]interface{}{"authorized-keys": keys}) 77 c.Assert(err, gc.IsNil) 78 envConfig, err := s.State.EnvironConfig() 79 c.Assert(err, gc.IsNil) 80 c.Assert(envConfig.AuthorizedKeys(), gc.Equals, keys) 81 } 82 83 func (s *authorisedKeysSuite) TestWatchAuthorisedKeys(c *gc.C) { 84 args := params.Entities{ 85 Entities: []params.Entity{ 86 {Tag: s.rawMachine.Tag()}, 87 {Tag: s.unrelatedMachine.Tag()}, 88 {Tag: "machine-42"}, 89 }, 90 } 91 results, err := s.keyupdater.WatchAuthorisedKeys(args) 92 c.Assert(err, gc.IsNil) 93 c.Assert(results, gc.DeepEquals, params.NotifyWatchResults{ 94 Results: []params.NotifyWatchResult{ 95 {NotifyWatcherId: "1"}, 96 {Error: apiservertesting.ErrUnauthorized}, 97 {Error: apiservertesting.ErrUnauthorized}, 98 }, 99 }) 100 c.Assert(results.Results[0].NotifyWatcherId, gc.Not(gc.Equals), "") 101 c.Assert(results.Results[0].Error, gc.IsNil) 102 resource := s.resources.Get(results.Results[0].NotifyWatcherId) 103 c.Assert(resource, gc.NotNil) 104 105 w := resource.(state.NotifyWatcher) 106 wc := statetesting.NewNotifyWatcherC(c, s.State, w) 107 wc.AssertNoChange() 108 109 s.setAuthorizedKeys(c, "key1\nkey2") 110 111 wc.AssertOneChange() 112 statetesting.AssertStop(c, w) 113 wc.AssertClosed() 114 } 115 116 func (s *authorisedKeysSuite) TestAuthorisedKeysForNoone(c *gc.C) { 117 // Not an error to request nothing, dumb, but not an error. 118 results, err := s.keyupdater.AuthorisedKeys(params.Entities{}) 119 c.Assert(err, gc.IsNil) 120 c.Assert(results.Results, gc.HasLen, 0) 121 } 122 123 func (s *authorisedKeysSuite) TestAuthorisedKeys(c *gc.C) { 124 s.setAuthorizedKeys(c, "key1\nkey2") 125 126 args := params.Entities{ 127 Entities: []params.Entity{ 128 {Tag: s.rawMachine.Tag()}, 129 {Tag: s.unrelatedMachine.Tag()}, 130 {Tag: "machine-42"}, 131 }, 132 } 133 results, err := s.keyupdater.AuthorisedKeys(args) 134 c.Assert(err, gc.IsNil) 135 c.Assert(results, gc.DeepEquals, params.StringsResults{ 136 Results: []params.StringsResult{ 137 {Result: []string{"key1", "key2"}}, 138 {Error: apiservertesting.ErrUnauthorized}, 139 {Error: apiservertesting.ErrUnauthorized}, 140 }, 141 }) 142 }