github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/apiserver/restrict_caasmodel.go

github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/apiserver/restrict_caasmodel.go (about)

     1  // Copyright 2017 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package apiserver
     5  
     6  import (
     7  	"fmt"
     8  
     9  	"github.com/juju/collections/set"
    10  	"github.com/juju/errors"
    11  )
    12  
    13  // commonModelFacadeNames lists facades that are shared between CAAS
    14  // and IAAS models.
    15  var commonModelFacadeNames = set.NewStrings(
    16  	"Action",
    17  	"ActionPruner",
    18  	"AllWatcher",
    19  	"Agent",
    20  	"AgentLifeFlag",
    21  	"Annotations",
    22  	"Application",
    23  	"Block",
    24  	"CharmDownloader",
    25  	"CharmRevisionUpdater",
    26  	"Charms",
    27  	"Cleaner",
    28  	"Client",
    29  	"Cloud",
    30  	"CredentialValidator",
    31  	"CrossController",
    32  	"CrossModelRelations",
    33  	"CrossModelSecrets",
    34  	"EnvironUpgrader",
    35  	"ExternalControllerUpdater",
    36  	"FilesystemAttachmentsWatcher",
    37  	"LeadershipService",
    38  	"LifeFlag",
    39  	"Logger",
    40  	"LogPruner",
    41  	"MeterStatus",
    42  	"MigrationFlag",
    43  	"MigrationMaster",
    44  	"MigrationMinion",
    45  	"MigrationStatusWatcher",
    46  	"MigrationTarget",
    47  	"ModelConfig",
    48  	"NotifyWatcher",
    49  	"OfferStatusWatcher",
    50  	"Payloads",
    51  	"PayloadsHookContext",
    52  	"Pinger",
    53  	"ProxyUpdater",
    54  	"Resources",
    55  	"GetResource",
    56  	"GetResourceInfo",
    57  	"RelationStatusWatcher",
    58  	"RelationUnitsWatcher",
    59  	"ResourcesHookContext",
    60  	"RemoteRelations",
    61  	"Resumer",
    62  	"RetryStrategy",
    63  	"Secrets",
    64  	"SecretsManager",
    65  	"SecretsDrain",
    66  	"UserSecretsDrain",
    67  	"SecretBackendsManager",
    68  	"SecretBackendsRotateWatcher",
    69  	"SecretsRevisionWatcher",
    70  	"SecretsTriggerWatcher",
    71  	"UserSecretsManager",
    72  	"Singular",
    73  	"StatusHistory",
    74  	"Storage",
    75  	"StorageProvisioner",
    76  	"StringsWatcher",
    77  	"Undertaker",
    78  	"Uniter",
    79  	"Upgrader",
    80  	"VolumeAttachmentsWatcher",
    81  	"RemoteRelationWatcher",
    82  	"SSHClient",
    83  )
    84  
    85  // caasModelFacadeNames lists facades that are only used with CAAS
    86  // models.
    87  var caasModelFacadeNames = set.NewStrings(
    88  	"CAASAdmission",
    89  	"CAASAgent",
    90  	"CAASFirewaller",
    91  	"CAASModelOperator",
    92  	"CAASOperator",
    93  	"CAASOperatorProvisioner",
    94  	"CAASOperatorUpgrader",
    95  	"CAASUnitProvisioner",
    96  	"CAASModelConfigManager",
    97  
    98  	// For sidecar applications.
    99  	"CAASApplication",
   100  	"CAASApplicationProvisioner",
   101  	"CAASFirewallerSidecar",
   102  )
   103  
   104  func caasModelFacadesOnly(facadeName, _ string) error {
   105  	if !isCAASModelFacade(facadeName) {
   106  		return errors.NewNotSupported(nil, fmt.Sprintf("facade %q not supported on container models", facadeName))
   107  	}
   108  	return nil
   109  }
   110  
   111  // isCAASModelFacade reports whether the given facade name can be accessed
   112  // using the controller connection.
   113  func isCAASModelFacade(facadeName string) bool {
   114  	return caasModelFacadeNames.Contains(facadeName) ||
   115  		commonModelFacadeNames.Contains(facadeName) ||
   116  		commonFacadeNames.Contains(facadeName)
   117  }