github.com/juju/juju@v0.0.0-20240430160146-1752b71fcf00/state/clouduser_test.go (about) 1 // Copyright 2018 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package state_test 5 6 import ( 7 "github.com/juju/errors" 8 "github.com/juju/names/v5" 9 jc "github.com/juju/testing/checkers" 10 gc "gopkg.in/check.v1" 11 12 "github.com/juju/juju/cloud" 13 "github.com/juju/juju/core/permission" 14 "github.com/juju/juju/state" 15 "github.com/juju/juju/testing/factory" 16 ) 17 18 type CloudUserSuite struct { 19 ConnSuite 20 } 21 22 var _ = gc.Suite(&CloudUserSuite{}) 23 24 func (s *CloudUserSuite) makeCloud(c *gc.C, access permission.Access) (cloud.Cloud, names.UserTag) { 25 cloud := cloud.Cloud{ 26 Name: "fluffy", 27 Type: "dummy", 28 AuthTypes: []cloud.AuthType{cloud.UserPassAuthType}, 29 } 30 err := s.State.AddCloud(cloud, "test-admin") 31 c.Assert(err, jc.ErrorIsNil) 32 user := s.Factory.MakeUser(c, 33 &factory.UserParams{Name: "validusername"}) 34 35 // Initially no access. 36 _, err = s.State.UserPermission(user.UserTag(), names.NewCloudTag(cloud.Name)) 37 c.Assert(err, jc.Satisfies, errors.IsNotFound) 38 39 err = s.State.CreateCloudAccess(cloud.Name, user.UserTag(), access) 40 c.Assert(err, jc.ErrorIsNil) 41 return cloud, user.UserTag() 42 } 43 44 func (s *CloudUserSuite) assertAddCloud(c *gc.C, wantedAccess permission.Access) string { 45 cloud, user := s.makeCloud(c, wantedAccess) 46 47 access, err := s.State.GetCloudAccess(cloud.Name, user) 48 c.Assert(err, jc.ErrorIsNil) 49 c.Assert(access, gc.Equals, wantedAccess) 50 51 // Creator of cloud has admin. 52 access, err = s.State.GetCloudAccess(cloud.Name, names.NewUserTag("test-admin")) 53 c.Assert(err, jc.ErrorIsNil) 54 c.Assert(access, gc.Equals, permission.AdminAccess) 55 56 // Everyone else has no access. 57 _, err = s.State.GetCloudAccess(cloud.Name, names.NewUserTag("everyone@external")) 58 c.Assert(err, jc.Satisfies, errors.IsNotFound) 59 return cloud.Name 60 } 61 62 func (s *CloudUserSuite) TestAddModelUser(c *gc.C) { 63 s.assertAddCloud(c, permission.AddModelAccess) 64 } 65 66 func (s *CloudUserSuite) TestGetCloudAccess(c *gc.C) { 67 cloud := s.assertAddCloud(c, permission.AddModelAccess) 68 users, err := s.State.GetCloudUsers(cloud) 69 c.Assert(err, jc.ErrorIsNil) 70 c.Assert(users, jc.DeepEquals, map[string]permission.Access{ 71 "test-admin": permission.AdminAccess, 72 "validusername": permission.AddModelAccess, 73 }) 74 } 75 76 func (s *CloudUserSuite) TestUpdateCloudAccess(c *gc.C) { 77 cloud, user := s.makeCloud(c, permission.AdminAccess) 78 err := s.State.UpdateCloudAccess(cloud.Name, user, permission.AddModelAccess) 79 c.Assert(err, jc.ErrorIsNil) 80 81 access, err := s.State.GetCloudAccess(cloud.Name, user) 82 c.Assert(err, jc.ErrorIsNil) 83 c.Assert(access, gc.Equals, permission.AddModelAccess) 84 } 85 86 func (s *CloudUserSuite) TestCreateCloudAccessNoUserFails(c *gc.C) { 87 cloud := cloud.Cloud{ 88 Name: "fluffy", 89 Type: "dummy", 90 AuthTypes: []cloud.AuthType{cloud.UserPassAuthType}, 91 } 92 err := s.State.AddCloud(cloud, "test-admin") 93 c.Assert(err, jc.ErrorIsNil) 94 err = s.State.CreateCloudAccess( 95 "fluffy", 96 names.NewUserTag("validusername"), permission.AddModelAccess) 97 c.Assert(err, gc.ErrorMatches, `user "validusername" does not exist locally: user "validusername" not found`) 98 } 99 100 func (s *CloudUserSuite) TestRemoveCloudAccess(c *gc.C) { 101 cloud, user := s.makeCloud(c, permission.AddModelAccess) 102 103 err := s.State.RemoveCloudAccess(cloud.Name, user) 104 c.Assert(err, jc.ErrorIsNil) 105 106 _, err = s.State.GetCloudAccess(cloud.Name, user) 107 c.Assert(err, jc.Satisfies, errors.IsNotFound) 108 } 109 110 func (s *CloudUserSuite) TestRemoveCloudAccessNoUser(c *gc.C) { 111 cloud, _ := s.makeCloud(c, permission.AddModelAccess) 112 err := s.State.RemoveCloudAccess(cloud.Name, names.NewUserTag("fred")) 113 c.Assert(err, jc.Satisfies, errors.IsNotFound) 114 } 115 116 func (s *CloudUserSuite) TestCloudsForUser(c *gc.C) { 117 cloudName := s.assertAddCloud(c, permission.AddModelAccess) 118 info, err := s.State.CloudsForUser(names.NewUserTag("validusername"), false) 119 c.Assert(err, jc.ErrorIsNil) 120 cloud, err := s.State.Cloud(cloudName) 121 c.Assert(err, jc.ErrorIsNil) 122 c.Assert(info, jc.DeepEquals, []state.CloudInfo{ 123 { 124 Cloud: cloud, 125 Access: permission.AddModelAccess, 126 }, 127 }) 128 } 129 130 func (s *CloudUserSuite) TestCloudsForUserAll(c *gc.C) { 131 cloudName := s.assertAddCloud(c, permission.AddModelAccess) 132 info, err := s.State.CloudsForUser(names.NewUserTag("test-admin"), true) 133 c.Assert(err, jc.ErrorIsNil) 134 cloud, err := s.State.Cloud(cloudName) 135 c.Assert(err, jc.ErrorIsNil) 136 controllerInfo, err := s.State.ControllerInfo() 137 c.Assert(err, jc.ErrorIsNil) 138 controllerCloud, err := s.State.Cloud(controllerInfo.CloudName) 139 c.Assert(err, jc.ErrorIsNil) 140 c.Assert(info, jc.DeepEquals, []state.CloudInfo{ 141 { 142 Cloud: controllerCloud, 143 Access: permission.AdminAccess, 144 }, { 145 Cloud: cloud, 146 Access: permission.AdminAccess, 147 }, 148 }) 149 }