github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/apiserver/facades/client/controller/controller_internal_test.go

github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/apiserver/facades/client/controller/controller_internal_test.go (about)

     1  // Copyright 2019 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package controller
     5  
     6  import (
     7  	"github.com/juju/collections/set"
     8  	"github.com/juju/names/v5"
     9  	jc "github.com/juju/testing/checkers"
    10  	gc "gopkg.in/check.v1"
    11  	"gopkg.in/macaroon.v2"
    12  
    13  	"github.com/juju/juju/api"
    14  	"github.com/juju/juju/core/migration"
    15  	"github.com/juju/juju/testing"
    16  )
    17  
    18  var _ = gc.Suite(&controllerSuite{})
    19  
    20  type controllerSuite struct{}
    21  
    22  func (s *controllerSuite) TestUserListCompatibility(c *gc.C) {
    23  	extProvider1 := "https://api.jujucharms.com/identity"
    24  	extProvider2 := "http://candid.provider/identity"
    25  	specs := []struct {
    26  		descr    string
    27  		src, dst userList
    28  		expErr   string
    29  	}{
    30  		{
    31  			descr: `all src users present in dst`,
    32  			src: userList{
    33  				users: set.NewStrings("foo", "bar"),
    34  			},
    35  			dst: userList{
    36  				users: set.NewStrings("foo", "bar"),
    37  			},
    38  		},
    39  		{
    40  			descr: `local src users present in dst, and an external user has been granted access, and src/dst use the same identity provider url`,
    41  			src: userList{
    42  				users:       set.NewStrings("foo", "bar@external"),
    43  				identityURL: extProvider1,
    44  			},
    45  			dst: userList{
    46  				users:       set.NewStrings("foo"),
    47  				identityURL: extProvider1,
    48  			},
    49  		},
    50  		{
    51  			descr: `some local src users not present in dst`,
    52  			src: userList{
    53  				users: set.NewStrings("foo", "bar"),
    54  			},
    55  			dst: userList{
    56  				users: set.NewStrings("bar"),
    57  			},
    58  			expErr: `cannot initiate migration as the users granted access to the model do not exist
    59  on the destination controller. To resolve this issue you can add the following
    60  users to the destination controller or remove them from the current model:
    61    - foo`,
    62  		},
    63  		{
    64  			descr: `local src users present in dst, and an external user has been granted access, and src/dst use different identity provider URL`,
    65  			src: userList{
    66  				users:       set.NewStrings("foo", "bar@external"),
    67  				identityURL: extProvider1,
    68  			},
    69  			dst: userList{
    70  				users:       set.NewStrings("foo", "bar@external"),
    71  				identityURL: extProvider2,
    72  			},
    73  			expErr: `cannot initiate migration as external users have been granted access to the model
    74  and the two controllers have different identity provider configurations. To resolve
    75  this issue you can remove the following users from the current model:
    76    - bar@external`,
    77  		},
    78  		{
    79  			descr: `not all local src users present in dst, and an external user has been granted access, and src/dst use different identity provider URL`,
    80  			src: userList{
    81  				users:       set.NewStrings("foo", "bar@external"),
    82  				identityURL: extProvider1,
    83  			},
    84  			dst: userList{
    85  				users:       set.NewStrings("baz", "bar@external"),
    86  				identityURL: extProvider2,
    87  			},
    88  			expErr: `cannot initiate migration as external users have been granted access to the model
    89  and the two controllers have different identity provider configurations. To resolve
    90  this issue you need to remove the following users from the current model:
    91    - bar@external
    92  
    93  and add the following users to the destination controller or remove them from
    94  the current model:
    95    - foo`,
    96  		},
    97  	}
    98  
    99  	for specIndex, spec := range specs {
   100  		c.Logf("test %d: %s", specIndex, spec.descr)
   101  
   102  		err := spec.src.checkCompatibilityWith(spec.dst)
   103  		if spec.expErr == "" {
   104  			c.Assert(err, jc.ErrorIsNil)
   105  		} else {
   106  			c.Assert(err, gc.Not(gc.Equals), nil)
   107  			c.Assert(err.Error(), gc.Equals, spec.expErr)
   108  		}
   109  	}
   110  }
   111  
   112  func (s *controllerSuite) TestTargetToAPIInfoLocalUser(c *gc.C) {
   113  	targetInfo := migration.TargetInfo{
   114  		Addrs:     []string{"6.6.6.6"},
   115  		CACert:    testing.CACert,
   116  		AuthTag:   names.NewUserTag("fred"),
   117  		Password:  "sekret",
   118  		Macaroons: []macaroon.Slice{{}},
   119  	}
   120  	apiInfo := targetToAPIInfo(&targetInfo)
   121  	c.Assert(apiInfo, jc.DeepEquals, &api.Info{
   122  		Addrs:     targetInfo.Addrs,
   123  		CACert:    targetInfo.CACert,
   124  		Tag:       targetInfo.AuthTag,
   125  		Password:  targetInfo.Password,
   126  		Macaroons: targetInfo.Macaroons,
   127  	})
   128  }
   129  
   130  func (s *controllerSuite) TestTargetToAPIInfoExternalUser(c *gc.C) {
   131  	targetInfo := migration.TargetInfo{
   132  		Addrs:     []string{"6.6.6.6"},
   133  		CACert:    testing.CACert,
   134  		AuthTag:   names.NewUserTag("fred@external"),
   135  		Password:  "sekret",
   136  		Macaroons: []macaroon.Slice{{}},
   137  	}
   138  	apiInfo := targetToAPIInfo(&targetInfo)
   139  	c.Assert(apiInfo, jc.DeepEquals, &api.Info{
   140  		Addrs:     targetInfo.Addrs,
   141  		CACert:    targetInfo.CACert,
   142  		Password:  targetInfo.Password,
   143  		Macaroons: targetInfo.Macaroons,
   144  	})
   145  }