github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/apiserver/restrict_anonymous.go

github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/apiserver/restrict_anonymous.go (about)

     1  // Copyright 2017 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package apiserver
     5  
     6  import (
     7  	"fmt"
     8  
     9  	"github.com/juju/collections/set"
    10  	"github.com/juju/errors"
    11  )
    12  
    13  // The anonymousFacadeNames are the root names that can be accessed
    14  // using an anonymous login. Any facade added here needs to perform
    15  // its own authentication and authorisation if required.
    16  var anonymousFacadeNames = set.NewStrings(
    17  	"CrossController",
    18  	"CrossModelRelations",
    19  	"CrossModelSecrets",
    20  	"NotifyWatcher",
    21  	"OfferStatusWatcher",
    22  	"RelationStatusWatcher",
    23  	"RelationUnitsWatcher",
    24  	"RemoteRelationWatcher",
    25  	"SecretsRevisionWatcher",
    26  	"StringsWatcher",
    27  )
    28  
    29  func anonymousFacadesOnly(facadeName, _ string) error {
    30  	if !IsAnonymousFacade(facadeName) {
    31  		return errors.NewNotSupported(nil, fmt.Sprintf("facade %q not supported for anonymous API connections", facadeName))
    32  	}
    33  	return nil
    34  }
    35  
    36  // IsAnonymousFacade reports whether the given facade name can be accessed
    37  // using an anonymous connection.
    38  func IsAnonymousFacade(facadeName string) bool {
    39  	return anonymousFacadeNames.Contains(facadeName)
    40  }