github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/apiserver/facades/agent/keyupdater/authorisedkeys_test.go

github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/apiserver/facades/agent/keyupdater/authorisedkeys_test.go (about)

     1  // Copyright 2013 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package keyupdater_test
     5  
     6  import (
     7  	jc "github.com/juju/testing/checkers"
     8  	gc "gopkg.in/check.v1"
     9  	"gopkg.in/juju/names.v2"
    10  
    11  	"github.com/juju/juju/apiserver/common"
    12  	"github.com/juju/juju/apiserver/facades/agent/keyupdater"
    13  	"github.com/juju/juju/apiserver/params"
    14  	apiservertesting "github.com/juju/juju/apiserver/testing"
    15  	jujutesting "github.com/juju/juju/juju/testing"
    16  	"github.com/juju/juju/state"
    17  	statetesting "github.com/juju/juju/state/testing"
    18  )
    19  
    20  type authorisedKeysSuite struct {
    21  	jujutesting.JujuConnSuite
    22  
    23  	// These are raw State objects. Use them for setup and assertions, but
    24  	// should never be touched by the API calls themselves
    25  	rawMachine       *state.Machine
    26  	unrelatedMachine *state.Machine
    27  	keyupdater       *keyupdater.KeyUpdaterAPI
    28  	resources        *common.Resources
    29  	authoriser       apiservertesting.FakeAuthorizer
    30  }
    31  
    32  var _ = gc.Suite(&authorisedKeysSuite{})
    33  
    34  func (s *authorisedKeysSuite) SetUpTest(c *gc.C) {
    35  	s.JujuConnSuite.SetUpTest(c)
    36  	s.resources = common.NewResources()
    37  	s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() })
    38  
    39  	// Create machines to work with
    40  	var err error
    41  	s.rawMachine, err = s.State.AddMachine("quantal", state.JobHostUnits)
    42  	c.Assert(err, jc.ErrorIsNil)
    43  	s.unrelatedMachine, err = s.State.AddMachine("quantal", state.JobHostUnits)
    44  	c.Assert(err, jc.ErrorIsNil)
    45  
    46  	// The default auth is as a controller
    47  	s.authoriser = apiservertesting.FakeAuthorizer{
    48  		Tag: s.rawMachine.Tag(),
    49  	}
    50  	s.keyupdater, err = keyupdater.NewKeyUpdaterAPI(s.State, s.resources, s.authoriser)
    51  	c.Assert(err, jc.ErrorIsNil)
    52  }
    53  
    54  func (s *authorisedKeysSuite) TestNewKeyUpdaterAPIAcceptsController(c *gc.C) {
    55  	endPoint, err := keyupdater.NewKeyUpdaterAPI(s.State, s.resources, s.authoriser)
    56  	c.Assert(err, jc.ErrorIsNil)
    57  	c.Assert(endPoint, gc.NotNil)
    58  }
    59  
    60  func (s *authorisedKeysSuite) TestNewKeyUpdaterAPIRefusesNonMachineAgent(c *gc.C) {
    61  	anAuthoriser := s.authoriser
    62  	anAuthoriser.Tag = names.NewUnitTag("ubuntu/1")
    63  	endPoint, err := keyupdater.NewKeyUpdaterAPI(s.State, s.resources, anAuthoriser)
    64  	c.Assert(endPoint, gc.IsNil)
    65  	c.Assert(err, gc.ErrorMatches, "permission denied")
    66  }
    67  
    68  func (s *authorisedKeysSuite) TestWatchAuthorisedKeysNothing(c *gc.C) {
    69  	// Not an error to watch nothing
    70  	results, err := s.keyupdater.WatchAuthorisedKeys(params.Entities{})
    71  	c.Assert(err, jc.ErrorIsNil)
    72  	c.Assert(results.Results, gc.HasLen, 0)
    73  }
    74  
    75  func (s *authorisedKeysSuite) setAuthorizedKeys(c *gc.C, keys string) {
    76  	err := s.Model.UpdateModelConfig(map[string]interface{}{"authorized-keys": keys}, nil)
    77  	c.Assert(err, jc.ErrorIsNil)
    78  	modelConfig, err := s.Model.ModelConfig()
    79  	c.Assert(err, jc.ErrorIsNil)
    80  	c.Assert(modelConfig.AuthorizedKeys(), gc.Equals, keys)
    81  }
    82  
    83  func (s *authorisedKeysSuite) TestWatchAuthorisedKeys(c *gc.C) {
    84  	args := params.Entities{
    85  		Entities: []params.Entity{
    86  			{Tag: s.rawMachine.Tag().String()},
    87  			{Tag: s.unrelatedMachine.Tag().String()},
    88  			{Tag: "machine-42"},
    89  		},
    90  	}
    91  	results, err := s.keyupdater.WatchAuthorisedKeys(args)
    92  	c.Assert(err, jc.ErrorIsNil)
    93  	c.Assert(results, gc.DeepEquals, params.NotifyWatchResults{
    94  		Results: []params.NotifyWatchResult{
    95  			{NotifyWatcherId: "1"},
    96  			{Error: apiservertesting.ErrUnauthorized},
    97  			{Error: apiservertesting.ErrUnauthorized},
    98  		},
    99  	})
   100  	c.Assert(results.Results[0].NotifyWatcherId, gc.Not(gc.Equals), "")
   101  	c.Assert(results.Results[0].Error, gc.IsNil)
   102  	resource := s.resources.Get(results.Results[0].NotifyWatcherId)
   103  	c.Assert(resource, gc.NotNil)
   104  
   105  	w := resource.(state.NotifyWatcher)
   106  	wc := statetesting.NewNotifyWatcherC(c, s.State, w)
   107  	wc.AssertNoChange()
   108  
   109  	s.setAuthorizedKeys(c, "key1\nkey2")
   110  
   111  	wc.AssertOneChange()
   112  	statetesting.AssertStop(c, w)
   113  	wc.AssertClosed()
   114  }
   115  
   116  func (s *authorisedKeysSuite) TestAuthorisedKeysForNoone(c *gc.C) {
   117  	// Not an error to request nothing, dumb, but not an error.
   118  	results, err := s.keyupdater.AuthorisedKeys(params.Entities{})
   119  	c.Assert(err, jc.ErrorIsNil)
   120  	c.Assert(results.Results, gc.HasLen, 0)
   121  }
   122  
   123  func (s *authorisedKeysSuite) TestAuthorisedKeys(c *gc.C) {
   124  	s.setAuthorizedKeys(c, "key1\nkey2")
   125  
   126  	args := params.Entities{
   127  		Entities: []params.Entity{
   128  			{Tag: s.rawMachine.Tag().String()},
   129  			{Tag: s.unrelatedMachine.Tag().String()},
   130  			{Tag: "machine-42"},
   131  		},
   132  	}
   133  	results, err := s.keyupdater.AuthorisedKeys(args)
   134  	c.Assert(err, jc.ErrorIsNil)
   135  	c.Assert(results, gc.DeepEquals, params.StringsResults{
   136  		Results: []params.StringsResult{
   137  			{Result: []string{"key1", "key2"}},
   138  			{Error: apiservertesting.ErrUnauthorized},
   139  			{Error: apiservertesting.ErrUnauthorized},
   140  		},
   141  	})
   142  }