github.com/makyo/juju@v0.0.0-20160425123129-2608902037e9/apiserver/common/interfaces.go

github.com/makyo/juju@v0.0.0-20160425123129-2608902037e9/apiserver/common/interfaces.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package common
     5  
     6  import (
     7  	"github.com/juju/errors"
     8  	"github.com/juju/names"
     9  )
    10  
    11  // AuthFunc returns whether the given entity is available to some operation.
    12  type AuthFunc func(tag names.Tag) bool
    13  
    14  // GetAuthFunc returns an AuthFunc.
    15  type GetAuthFunc func() (AuthFunc, error)
    16  
    17  // Authorizer represents a value that can be asked for authorization
    18  // information on its associated authenticated entity. It is
    19  // implemented by an API server to allow an API implementation to ask
    20  // questions about the client that is currently connected.
    21  type Authorizer interface {
    22  	// AuthMachineAgent returns whether the authenticated entity is a
    23  	// machine agent.
    24  	AuthMachineAgent() bool
    25  
    26  	// AuthUnitAgent returns whether the authenticated entity is a
    27  	// unit agent.
    28  	AuthUnitAgent() bool
    29  
    30  	// AuthOwner returns whether the authenticated entity is the same
    31  	// as the given entity.
    32  	AuthOwner(tag names.Tag) bool
    33  
    34  	// AuthModelManager returns whether the authenticated entity is
    35  	// a machine running the environment manager job.
    36  	AuthModelManager() bool
    37  
    38  	// AuthClient returns whether the authenticated entity
    39  	// is a client user.
    40  	AuthClient() bool
    41  
    42  	// GetAuthTag returns the tag of the authenticated entity.
    43  	GetAuthTag() names.Tag
    44  }
    45  
    46  // AuthEither returns an AuthFunc generator that returns an AuthFunc
    47  // that accepts any tag authorized by either of its arguments.
    48  func AuthEither(a, b GetAuthFunc) GetAuthFunc {
    49  	return func() (AuthFunc, error) {
    50  		f1, err := a()
    51  		if err != nil {
    52  			return nil, err
    53  		}
    54  		f2, err := b()
    55  		if err != nil {
    56  			return nil, err
    57  		}
    58  		return func(tag names.Tag) bool {
    59  			return f1(tag) || f2(tag)
    60  		}, nil
    61  	}
    62  }
    63  
    64  // AuthAlways returns an authentication function that always returns true iff it is passed a valid tag.
    65  func AuthAlways() GetAuthFunc {
    66  	return func() (AuthFunc, error) {
    67  		return func(tag names.Tag) bool {
    68  			return true
    69  		}, nil
    70  	}
    71  }
    72  
    73  // AuthNever returns an authentication function that never returns true.
    74  func AuthNever() GetAuthFunc {
    75  	return func() (AuthFunc, error) {
    76  		return func(tag names.Tag) bool {
    77  			return false
    78  		}, nil
    79  	}
    80  }
    81  
    82  // AuthFuncForTagKind returns a GetAuthFunc which creates an AuthFunc
    83  // allowing only the given tag kind and denies all others. Passing an
    84  // empty kind is an error.
    85  func AuthFuncForTagKind(kind string) GetAuthFunc {
    86  	return func() (AuthFunc, error) {
    87  		if kind == "" {
    88  			return nil, errors.Errorf("tag kind cannot be empty")
    89  		}
    90  		return func(tag names.Tag) bool {
    91  			// Allow only the given tag kind.
    92  			if tag == nil {
    93  				return false
    94  			}
    95  			return tag.Kind() == kind
    96  		}, nil
    97  	}
    98  }