github.com/mhilton/juju-juju@v0.0.0-20150901100907-a94dd2c73455/apiserver/rsyslog/rsyslog_test.go (about) 1 // Copyright 2013 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package rsyslog_test 5 6 import ( 7 "encoding/pem" 8 9 "github.com/juju/names" 10 jc "github.com/juju/testing/checkers" 11 gc "gopkg.in/check.v1" 12 13 apirsyslog "github.com/juju/juju/api/rsyslog" 14 "github.com/juju/juju/apiserver/common" 15 commontesting "github.com/juju/juju/apiserver/common/testing" 16 "github.com/juju/juju/apiserver/params" 17 "github.com/juju/juju/apiserver/rsyslog" 18 apiservertesting "github.com/juju/juju/apiserver/testing" 19 "github.com/juju/juju/juju/testing" 20 "github.com/juju/juju/network" 21 "github.com/juju/juju/state" 22 coretesting "github.com/juju/juju/testing" 23 ) 24 25 type rsyslogSuite struct { 26 testing.JujuConnSuite 27 *commontesting.EnvironWatcherTest 28 authorizer apiservertesting.FakeAuthorizer 29 resources *common.Resources 30 rsyslog *rsyslog.RsyslogAPI 31 } 32 33 var _ = gc.Suite(&rsyslogSuite{}) 34 35 func (s *rsyslogSuite) SetUpTest(c *gc.C) { 36 s.JujuConnSuite.SetUpTest(c) 37 s.authorizer = apiservertesting.FakeAuthorizer{ 38 Tag: names.NewMachineTag("1"), 39 EnvironManager: false, 40 } 41 s.resources = common.NewResources() 42 s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() }) 43 api, err := rsyslog.NewRsyslogAPI(s.State, s.resources, s.authorizer) 44 c.Assert(err, jc.ErrorIsNil) 45 s.EnvironWatcherTest = commontesting.NewEnvironWatcherTest( 46 api, s.State, s.resources, commontesting.NoSecrets) 47 } 48 49 func verifyRsyslogCACert(c *gc.C, st *apirsyslog.State, expectedCA, expectedKey string) { 50 cfg, err := st.GetRsyslogConfig("foo") 51 c.Assert(err, jc.ErrorIsNil) 52 c.Assert(cfg.CACert, gc.DeepEquals, expectedCA) 53 c.Assert(cfg.CAKey, gc.DeepEquals, expectedKey) 54 } 55 56 func (s *rsyslogSuite) TestSetRsyslogCert(c *gc.C) { 57 st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron) 58 err := m.SetProviderAddresses(network.NewAddress("0.1.2.3")) 59 c.Assert(err, jc.ErrorIsNil) 60 61 err = st.Rsyslog().SetRsyslogCert(coretesting.CACert, coretesting.CAKey) 62 c.Assert(err, jc.ErrorIsNil) 63 verifyRsyslogCACert(c, st.Rsyslog(), coretesting.CACert, coretesting.CAKey) 64 } 65 66 func (s *rsyslogSuite) TestSetRsyslogCertNil(c *gc.C) { 67 st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron) 68 err := m.SetProviderAddresses(network.NewAddress("0.1.2.3")) 69 c.Assert(err, jc.ErrorIsNil) 70 71 err = st.Rsyslog().SetRsyslogCert("", "") 72 c.Assert(err, gc.ErrorMatches, "no certificates found") 73 verifyRsyslogCACert(c, st.Rsyslog(), "", "") 74 } 75 76 func (s *rsyslogSuite) TestSetRsyslogCertInvalid(c *gc.C) { 77 st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron) 78 err := m.SetProviderAddresses(network.NewAddress("0.1.2.3")) 79 c.Assert(err, jc.ErrorIsNil) 80 81 err = st.Rsyslog().SetRsyslogCert(string(pem.EncodeToMemory(&pem.Block{ 82 Type: "CERTIFICATE", 83 Bytes: []byte("not a valid certificate"), 84 })), "") 85 c.Assert(err, gc.ErrorMatches, ".*structure error.*") 86 verifyRsyslogCACert(c, st.Rsyslog(), "", "") 87 } 88 89 func (s *rsyslogSuite) TestSetRsyslogCertPerms(c *gc.C) { 90 // create a machine-0 so we have an addresss to log to 91 m, err := s.State.AddMachine("trusty", state.JobManageEnviron) 92 c.Assert(err, jc.ErrorIsNil) 93 err = m.SetProviderAddresses(network.NewAddress("0.1.2.3")) 94 c.Assert(err, jc.ErrorIsNil) 95 96 unitState, _ := s.OpenAPIAsNewMachine(c, state.JobHostUnits) 97 err = unitState.Rsyslog().SetRsyslogCert(coretesting.CACert, coretesting.CAKey) 98 c.Assert(err, gc.ErrorMatches, "invalid entity name or password") 99 c.Assert(err, jc.Satisfies, params.IsCodeUnauthorized) 100 // Verify no change was effected. 101 verifyRsyslogCACert(c, unitState.Rsyslog(), "", "") 102 } 103 104 func (s *rsyslogSuite) TestUpgraderAPIAllowsUnitAgent(c *gc.C) { 105 anAuthorizer := s.authorizer 106 anAuthorizer.Tag = names.NewUnitTag("seven/9") 107 anUpgrader, err := rsyslog.NewRsyslogAPI(s.State, s.resources, anAuthorizer) 108 c.Check(err, jc.ErrorIsNil) 109 c.Check(anUpgrader, gc.NotNil) 110 } 111 112 func (s *rsyslogSuite) TestUpgraderAPIRefusesNonUnitNonMachineAgent(c *gc.C) { 113 anAuthorizer := s.authorizer 114 anAuthorizer.Tag = names.NewServiceTag("hadoop") 115 anUpgrader, err := rsyslog.NewRsyslogAPI(s.State, s.resources, anAuthorizer) 116 c.Check(err, gc.NotNil) 117 c.Check(anUpgrader, gc.IsNil) 118 c.Assert(err, gc.ErrorMatches, "permission denied") 119 }