github.com/makyo/juju@v0.0.0-20160425123129-2608902037e9/cmd/juju/model/grantrevoke.go (about) 1 // Copyright 2016 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package model 5 6 import ( 7 "github.com/juju/cmd" 8 "github.com/juju/errors" 9 "launchpad.net/gnuflag" 10 11 "github.com/juju/juju/cmd/juju/block" 12 "github.com/juju/juju/cmd/modelcmd" 13 "github.com/juju/juju/juju/permission" 14 ) 15 16 var usageGrantSummary = ` 17 Grants access to a Juju user for a model.`[1:] 18 19 var usageGrantDetails = ` 20 By default, the controller is the current controller. 21 Model access can also be granted at user-addition time with the `[1:] + "`juju add-\nuser`" + ` command. 22 Users with read access are limited in what they can do with models: ` + "`juju \nlist-models`, `juju list-machines`, and `juju status`" + `. 23 24 Examples: 25 Grant user 'joe' default (read) access to model 'mymodel': 26 27 juju grant joe mymodel 28 29 Grant user 'jim' write access to model 'mymodel': 30 31 juju grant --acl=write jim mymodel 32 33 Grant user 'sam' default (read) access to models 'model1' and 'model2': 34 35 juju grant sam model1 model2 36 37 See also: 38 revoke 39 add-user` 40 41 var usageRevokeSummary = ` 42 Revokes access from a Juju user for a model.`[1:] 43 44 var usageRevokeDetails = ` 45 By default, the controller is the current controller. 46 Revoking write access, from a user who has that permission, will leave 47 that user with read access. Revoking read access, however, also revokes 48 write access. 49 50 Examples: 51 Revoke read (and write) access from user 'joe' for model 'mymodel': 52 53 juju revoke joe mymodel 54 55 Revoke write access from user 'sam' for models 'model1' and 'model2': 56 57 juju revoke --acl=write sam model1 model2 58 59 See also: 60 grant`[1:] 61 62 type accessCommand struct { 63 modelcmd.ControllerCommandBase 64 65 User string 66 ModelNames []string 67 ModelAccess string 68 } 69 70 // SetFlags implements cmd.Command. 71 func (c *accessCommand) SetFlags(f *gnuflag.FlagSet) { 72 f.StringVar(&c.ModelAccess, "acl", "read", "Access control ('read' or 'write')") 73 } 74 75 // Init implements cmd.Command. 76 func (c *accessCommand) Init(args []string) error { 77 if len(args) < 1 { 78 return errors.New("no user specified") 79 } 80 81 if len(args) < 2 { 82 return errors.New("no model specified") 83 } 84 85 _, err := permission.ParseModelAccess(c.ModelAccess) 86 if err != nil { 87 return err 88 } 89 90 c.User = args[0] 91 c.ModelNames = args[1:] 92 return nil 93 } 94 95 // NewGrantCommand returns a new grant command. 96 func NewGrantCommand() cmd.Command { 97 return modelcmd.WrapController(&grantCommand{}) 98 } 99 100 // grantCommand represents the command to grant a user access to one or more models. 101 type grantCommand struct { 102 accessCommand 103 api GrantModelAPI 104 } 105 106 // Info implements Command.Info. 107 func (c *grantCommand) Info() *cmd.Info { 108 return &cmd.Info{ 109 Name: "grant", 110 Args: "<user name> <model name> ...", 111 Purpose: usageGrantSummary, 112 Doc: usageGrantDetails, 113 } 114 } 115 116 func (c *grantCommand) getAPI() (GrantModelAPI, error) { 117 if c.api != nil { 118 return c.api, nil 119 } 120 return c.NewModelManagerAPIClient() 121 } 122 123 // GrantModelAPI defines the API functions used by the grant command. 124 type GrantModelAPI interface { 125 Close() error 126 GrantModel(user, access string, modelUUIDs ...string) error 127 } 128 129 // Run implements cmd.Command. 130 func (c *grantCommand) Run(ctx *cmd.Context) error { 131 client, err := c.getAPI() 132 if err != nil { 133 return err 134 } 135 defer client.Close() 136 137 models, err := c.ModelUUIDs(c.ModelNames) 138 if err != nil { 139 return err 140 } 141 return block.ProcessBlockedError(client.GrantModel(c.User, c.ModelAccess, models...), block.BlockChange) 142 } 143 144 // NewRevokeCommand returns a new revoke command. 145 func NewRevokeCommand() cmd.Command { 146 return modelcmd.WrapController(&revokeCommand{}) 147 } 148 149 // revokeCommand revokes a user's access to models. 150 type revokeCommand struct { 151 accessCommand 152 api RevokeModelAPI 153 } 154 155 // Info implements cmd.Command. 156 func (c *revokeCommand) Info() *cmd.Info { 157 return &cmd.Info{ 158 Name: "revoke", 159 Args: "<user> <model name> ...", 160 Purpose: usageRevokeSummary, 161 Doc: usageRevokeDetails, 162 } 163 } 164 165 func (c *revokeCommand) getAPI() (RevokeModelAPI, error) { 166 if c.api != nil { 167 return c.api, nil 168 } 169 return c.NewModelManagerAPIClient() 170 } 171 172 // RevokeModelAPI defines the API functions used by the revoke command. 173 type RevokeModelAPI interface { 174 Close() error 175 RevokeModel(user, access string, modelUUIDs ...string) error 176 } 177 178 // Run implements cmd.Command. 179 func (c *revokeCommand) Run(ctx *cmd.Context) error { 180 client, err := c.getAPI() 181 if err != nil { 182 return err 183 } 184 defer client.Close() 185 186 modelUUIDs, err := c.ModelUUIDs(c.ModelNames) 187 if err != nil { 188 return err 189 } 190 return block.ProcessBlockedError(client.RevokeModel(c.User, c.ModelAccess, modelUUIDs...), block.BlockChange) 191 }