github.com/makyo/juju@v0.0.0-20160425123129-2608902037e9/apiserver/restricted_root.go (about) 1 // Copyright 2015 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package apiserver 5 6 import ( 7 "github.com/juju/errors" 8 "github.com/juju/utils/set" 9 10 "github.com/juju/juju/rpc" 11 "github.com/juju/juju/rpc/rpcreflect" 12 ) 13 14 // restrictedRoot restricts API calls to the environment manager and 15 // user manager when accessed through the root path on the API server. 16 type restrictedRoot struct { 17 rpc.MethodFinder 18 } 19 20 // newRestrictedRoot returns a new restrictedRoot. 21 func newRestrictedRoot(finder rpc.MethodFinder) *restrictedRoot { 22 return &restrictedRoot{finder} 23 } 24 25 // The restrictedRootNames are the root names that can be accessed at the root 26 // of the API server. Any facade added here needs to work across environment 27 // boundaries. 28 var restrictedRootNames = set.NewStrings( 29 "AllModelWatcher", 30 "Controller", 31 "MigrationTarget", 32 "ModelManager", 33 "UserManager", 34 ) 35 36 // FindMethod returns a not supported error if the rootName is not one 37 // of the facades available at the server root when there is no active 38 // environment. 39 func (r *restrictedRoot) FindMethod(rootName string, version int, methodName string) (rpcreflect.MethodCaller, error) { 40 // We restrict what facades are advertised at login, filtered on the restricted root names. 41 // Therefore we can't accurately know if a method is not found unless it resides on one 42 // of the restricted facades. 43 if !restrictedRootNames.Contains(rootName) { 44 return nil, errors.NotSupportedf("logged in to server, no model, %q", rootName) 45 } 46 caller, err := r.MethodFinder.FindMethod(rootName, version, methodName) 47 if err != nil { 48 return nil, err 49 } 50 return caller, nil 51 }