github.com/mhilton/juju-juju@v0.0.0-20150901100907-a94dd2c73455/apiserver/rsyslog/rsyslog_test.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package rsyslog_test
     5  
     6  import (
     7  	"encoding/pem"
     8  
     9  	"github.com/juju/names"
    10  	jc "github.com/juju/testing/checkers"
    11  	gc "gopkg.in/check.v1"
    12  
    13  	apirsyslog "github.com/juju/juju/api/rsyslog"
    14  	"github.com/juju/juju/apiserver/common"
    15  	commontesting "github.com/juju/juju/apiserver/common/testing"
    16  	"github.com/juju/juju/apiserver/params"
    17  	"github.com/juju/juju/apiserver/rsyslog"
    18  	apiservertesting "github.com/juju/juju/apiserver/testing"
    19  	"github.com/juju/juju/juju/testing"
    20  	"github.com/juju/juju/network"
    21  	"github.com/juju/juju/state"
    22  	coretesting "github.com/juju/juju/testing"
    23  )
    24  
    25  type rsyslogSuite struct {
    26  	testing.JujuConnSuite
    27  	*commontesting.EnvironWatcherTest
    28  	authorizer apiservertesting.FakeAuthorizer
    29  	resources  *common.Resources
    30  	rsyslog    *rsyslog.RsyslogAPI
    31  }
    32  
    33  var _ = gc.Suite(&rsyslogSuite{})
    34  
    35  func (s *rsyslogSuite) SetUpTest(c *gc.C) {
    36  	s.JujuConnSuite.SetUpTest(c)
    37  	s.authorizer = apiservertesting.FakeAuthorizer{
    38  		Tag:            names.NewMachineTag("1"),
    39  		EnvironManager: false,
    40  	}
    41  	s.resources = common.NewResources()
    42  	s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() })
    43  	api, err := rsyslog.NewRsyslogAPI(s.State, s.resources, s.authorizer)
    44  	c.Assert(err, jc.ErrorIsNil)
    45  	s.EnvironWatcherTest = commontesting.NewEnvironWatcherTest(
    46  		api, s.State, s.resources, commontesting.NoSecrets)
    47  }
    48  
    49  func verifyRsyslogCACert(c *gc.C, st *apirsyslog.State, expectedCA, expectedKey string) {
    50  	cfg, err := st.GetRsyslogConfig("foo")
    51  	c.Assert(err, jc.ErrorIsNil)
    52  	c.Assert(cfg.CACert, gc.DeepEquals, expectedCA)
    53  	c.Assert(cfg.CAKey, gc.DeepEquals, expectedKey)
    54  }
    55  
    56  func (s *rsyslogSuite) TestSetRsyslogCert(c *gc.C) {
    57  	st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
    58  	err := m.SetProviderAddresses(network.NewAddress("0.1.2.3"))
    59  	c.Assert(err, jc.ErrorIsNil)
    60  
    61  	err = st.Rsyslog().SetRsyslogCert(coretesting.CACert, coretesting.CAKey)
    62  	c.Assert(err, jc.ErrorIsNil)
    63  	verifyRsyslogCACert(c, st.Rsyslog(), coretesting.CACert, coretesting.CAKey)
    64  }
    65  
    66  func (s *rsyslogSuite) TestSetRsyslogCertNil(c *gc.C) {
    67  	st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
    68  	err := m.SetProviderAddresses(network.NewAddress("0.1.2.3"))
    69  	c.Assert(err, jc.ErrorIsNil)
    70  
    71  	err = st.Rsyslog().SetRsyslogCert("", "")
    72  	c.Assert(err, gc.ErrorMatches, "no certificates found")
    73  	verifyRsyslogCACert(c, st.Rsyslog(), "", "")
    74  }
    75  
    76  func (s *rsyslogSuite) TestSetRsyslogCertInvalid(c *gc.C) {
    77  	st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
    78  	err := m.SetProviderAddresses(network.NewAddress("0.1.2.3"))
    79  	c.Assert(err, jc.ErrorIsNil)
    80  
    81  	err = st.Rsyslog().SetRsyslogCert(string(pem.EncodeToMemory(&pem.Block{
    82  		Type:  "CERTIFICATE",
    83  		Bytes: []byte("not a valid certificate"),
    84  	})), "")
    85  	c.Assert(err, gc.ErrorMatches, ".*structure error.*")
    86  	verifyRsyslogCACert(c, st.Rsyslog(), "", "")
    87  }
    88  
    89  func (s *rsyslogSuite) TestSetRsyslogCertPerms(c *gc.C) {
    90  	// create a machine-0 so we have an addresss to log to
    91  	m, err := s.State.AddMachine("trusty", state.JobManageEnviron)
    92  	c.Assert(err, jc.ErrorIsNil)
    93  	err = m.SetProviderAddresses(network.NewAddress("0.1.2.3"))
    94  	c.Assert(err, jc.ErrorIsNil)
    95  
    96  	unitState, _ := s.OpenAPIAsNewMachine(c, state.JobHostUnits)
    97  	err = unitState.Rsyslog().SetRsyslogCert(coretesting.CACert, coretesting.CAKey)
    98  	c.Assert(err, gc.ErrorMatches, "invalid entity name or password")
    99  	c.Assert(err, jc.Satisfies, params.IsCodeUnauthorized)
   100  	// Verify no change was effected.
   101  	verifyRsyslogCACert(c, unitState.Rsyslog(), "", "")
   102  }
   103  
   104  func (s *rsyslogSuite) TestUpgraderAPIAllowsUnitAgent(c *gc.C) {
   105  	anAuthorizer := s.authorizer
   106  	anAuthorizer.Tag = names.NewUnitTag("seven/9")
   107  	anUpgrader, err := rsyslog.NewRsyslogAPI(s.State, s.resources, anAuthorizer)
   108  	c.Check(err, jc.ErrorIsNil)
   109  	c.Check(anUpgrader, gc.NotNil)
   110  }
   111  
   112  func (s *rsyslogSuite) TestUpgraderAPIRefusesNonUnitNonMachineAgent(c *gc.C) {
   113  	anAuthorizer := s.authorizer
   114  	anAuthorizer.Tag = names.NewServiceTag("hadoop")
   115  	anUpgrader, err := rsyslog.NewRsyslogAPI(s.State, s.resources, anAuthorizer)
   116  	c.Check(err, gc.NotNil)
   117  	c.Check(anUpgrader, gc.IsNil)
   118  	c.Assert(err, gc.ErrorMatches, "permission denied")
   119  }