github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/api/credentialvalidator/credentialvalidator.go (about) 1 // Copyright 2018 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package credentialvalidator 5 6 import ( 7 "github.com/juju/errors" 8 "github.com/juju/loggo" 9 "gopkg.in/juju/names.v2" 10 11 "github.com/juju/juju/api/base" 12 apiwatcher "github.com/juju/juju/api/watcher" 13 "github.com/juju/juju/apiserver/params" 14 "github.com/juju/juju/core/watcher" 15 ) 16 17 var logger = loggo.GetLogger("juju.api.credentialvalidator") 18 19 // Facade provides methods that the Juju client command uses to interact 20 // with the Juju backend. 21 type Facade struct { 22 facade base.FacadeCaller 23 } 24 25 // NewFacade creates a new `Facade` based on an existing authenticated API 26 // connection. 27 func NewFacade(caller base.APICaller) *Facade { 28 return &Facade{base.NewFacadeCaller(caller, "CredentialValidator")} 29 } 30 31 // ModelCredential gets the cloud credential that a given model uses, including 32 // useful data such as "is this credential valid"... 33 // Some clouds do not require a credential and support the "empty" authentication 34 // type. Models on these clouds will have no credentials set, and thus, will return 35 // a false as 2nd argument. 36 func (c *Facade) ModelCredential() (base.StoredCredential, bool, error) { 37 out := params.ModelCredential{} 38 emptyResult := base.StoredCredential{} 39 if err := c.facade.FacadeCall("ModelCredential", nil, &out); err != nil { 40 return emptyResult, false, errors.Trace(err) 41 } 42 43 if !out.Exists { 44 // On some clouds, model credential may not be required. 45 // So, it may be valid for models to not have a credential set. 46 return base.StoredCredential{Valid: out.Valid}, false, nil 47 } 48 49 credentialTag, err := names.ParseCloudCredentialTag(out.CloudCredential) 50 if err != nil { 51 return emptyResult, false, errors.Trace(err) 52 } 53 return base.StoredCredential{ 54 CloudCredential: credentialTag.Id(), 55 Valid: out.Valid, 56 }, true, nil 57 } 58 59 // WatchCredential provides a notify watcher that is responsive to changes 60 // to a given cloud credential. 61 func (c *Facade) WatchCredential(credentialID string) (watcher.NotifyWatcher, error) { 62 in := names.NewCloudCredentialTag(credentialID).String() 63 var result params.NotifyWatchResult 64 err := c.facade.FacadeCall("WatchCredential", params.Entity{in}, &result) 65 if err != nil { 66 return nil, errors.Trace(err) 67 } 68 69 if err := result.Error; err != nil { 70 return nil, errors.Trace(err) 71 } 72 w := apiwatcher.NewNotifyWatcher(c.facade.RawAPICaller(), result) 73 return w, nil 74 } 75 76 // InvalidateModelCredential invalidates cloud credential for the model that made a connection. 77 func (c *Facade) InvalidateModelCredential(reason string) error { 78 in := params.InvalidateCredentialArg{reason} 79 var result params.ErrorResult 80 err := c.facade.FacadeCall("InvalidateModelCredential", in, &result) 81 if err != nil { 82 return errors.Trace(err) 83 } 84 85 if result.Error != nil { 86 return errors.Trace(result.Error) 87 } 88 return nil 89 } 90 91 // WatchModelCredential provides a notify watcher that is responsive to changes 92 // to a given cloud credential. 93 func (c *Facade) WatchModelCredential() (watcher.NotifyWatcher, error) { 94 if v := c.facade.BestAPIVersion(); v < 2 { 95 return nil, errors.NotSupportedf("WatchModelCredential on CredentialValidator v%v", v) 96 } 97 var result params.NotifyWatchResult 98 err := c.facade.FacadeCall("WatchModelCredential", nil, &result) 99 if err != nil { 100 return nil, errors.Trace(err) 101 } 102 103 if err := result.Error; err != nil { 104 return nil, errors.Trace(err) 105 } 106 w := apiwatcher.NewNotifyWatcher(c.facade.RawAPICaller(), result) 107 return w, nil 108 }