github.com/rogpeppe/juju@v0.0.0-20140613142852-6337964b789e/state/apiserver/usermanager/usermanager_test.go (about) 1 // Copyright 2014 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package usermanager_test 5 6 import ( 7 "time" 8 9 "github.com/juju/names" 10 gc "launchpad.net/gocheck" 11 12 jujutesting "github.com/juju/juju/juju/testing" 13 "github.com/juju/juju/state" 14 "github.com/juju/juju/state/api/params" 15 apiservertesting "github.com/juju/juju/state/apiserver/testing" 16 "github.com/juju/juju/state/apiserver/usermanager" 17 "github.com/juju/juju/testing/factory" 18 ) 19 20 type userManagerSuite struct { 21 jujutesting.JujuConnSuite 22 23 usermanager *usermanager.UserManagerAPI 24 authorizer apiservertesting.FakeAuthorizer 25 user *state.User 26 } 27 28 var _ = gc.Suite(&userManagerSuite{}) 29 30 func (s *userManagerSuite) SetUpTest(c *gc.C) { 31 s.JujuConnSuite.SetUpTest(c) 32 33 user, err := s.State.User("admin") 34 c.Assert(err, gc.IsNil) 35 s.authorizer = apiservertesting.FakeAuthorizer{ 36 Tag: "user-admin", 37 LoggedIn: true, 38 Client: true, 39 Entity: user, 40 } 41 s.usermanager, err = usermanager.NewUserManagerAPI(s.State, s.authorizer) 42 c.Assert(err, gc.IsNil) 43 } 44 45 func (s *userManagerSuite) TestNewUserManagerAPIRefusesNonClient(c *gc.C) { 46 anAuthoriser := s.authorizer 47 anAuthoriser.Client = false 48 endPoint, err := usermanager.NewUserManagerAPI(s.State, anAuthoriser) 49 c.Assert(endPoint, gc.IsNil) 50 c.Assert(err, gc.ErrorMatches, "permission denied") 51 } 52 53 func (s *userManagerSuite) TestAddUser(c *gc.C) { 54 args := params.ModifyUsers{ 55 Changes: []params.ModifyUser{{ 56 Username: "foobar", 57 DisplayName: "Foo Bar", 58 Password: "password", 59 }}} 60 61 result, err := s.usermanager.AddUser(args) 62 // Check that the call is succesful 63 c.Assert(err, gc.IsNil) 64 c.Assert(result.Results, gc.HasLen, 1) 65 c.Assert(result.Results[0], gc.DeepEquals, params.ErrorResult{Error: nil}) 66 // Check that the call results in a new user being created 67 user, err := s.State.User("foobar") 68 c.Assert(err, gc.IsNil) 69 c.Assert(user, gc.NotNil) 70 c.Assert(user.Name(), gc.Equals, "foobar") 71 c.Assert(user.DisplayName(), gc.Equals, "Foo Bar") 72 } 73 74 func (s *userManagerSuite) TestRemoveUser(c *gc.C) { 75 args := params.ModifyUsers{ 76 Changes: []params.ModifyUser{{ 77 Username: "foobar", 78 DisplayName: "Foo Bar", 79 Password: "password", 80 }}} 81 removeArg := params.Entity{ 82 Tag: "foobar", 83 } 84 removeArgs := params.Entities{Entities: []params.Entity{removeArg}} 85 _, err := s.usermanager.AddUser(args) 86 c.Assert(err, gc.IsNil) 87 user, err := s.State.User("foobar") 88 c.Assert(user.IsDeactivated(), gc.Equals, false) // The user should be active 89 90 result, err := s.usermanager.RemoveUser(removeArgs) 91 c.Assert(err, gc.IsNil) 92 c.Assert(result, gc.DeepEquals, params.ErrorResults{Results: []params.ErrorResult{params.ErrorResult{Error: nil}}}) 93 user, err = s.State.User("foobar") 94 c.Assert(err, gc.IsNil) 95 // Removal makes the user in active 96 c.Assert(user.IsDeactivated(), gc.Equals, true) 97 c.Assert(user.PasswordValid(args.Changes[0].Password), gc.Equals, false) 98 } 99 100 // Since removing a user just deacitvates them you cannot add a user 101 // that has been previously been removed 102 // TODO(mattyw) 2014-03-07 bug #1288745 103 func (s *userManagerSuite) TestCannotAddRemoveAdd(c *gc.C) { 104 removeArg := params.Entity{ 105 Tag: "foobar", 106 } 107 args := params.ModifyUsers{ 108 Changes: []params.ModifyUser{{ 109 Username: "foobar", 110 DisplayName: "Foo Bar", 111 Password: "password", 112 }}} 113 removeArgs := params.Entities{Entities: []params.Entity{removeArg}} 114 _, err := s.usermanager.AddUser(args) 115 c.Assert(err, gc.IsNil) 116 117 _, err = s.usermanager.RemoveUser(removeArgs) 118 c.Assert(err, gc.IsNil) 119 _, err = s.State.User("addremove") 120 result, err := s.usermanager.AddUser(args) 121 expectedError := apiservertesting.ServerError("failed to create user: user already exists") 122 c.Assert(result, gc.DeepEquals, params.ErrorResults{ 123 Results: []params.ErrorResult{ 124 params.ErrorResult{expectedError}}}) 125 } 126 127 func (s *userManagerSuite) TestUserInfoUsersExist(c *gc.C) { 128 foobar := "foobar" 129 barfoo := "barfoo" 130 fooTag := names.NewUserTag(foobar) 131 barTag := names.NewUserTag(barfoo) 132 133 userFactory := factory.NewFactory(s.State, c) 134 userFactory.MakeUser(factory.UserParams{Username: foobar, DisplayName: "Foo Bar"}) 135 userFactory.MakeUser(factory.UserParams{Username: barfoo, DisplayName: "Bar Foo"}) 136 137 args := params.Entities{ 138 Entities: []params.Entity{{Tag: fooTag.String()}, {Tag: barTag.String()}}, 139 } 140 results, err := s.usermanager.UserInfo(args) 141 c.Assert(err, gc.IsNil) 142 expected := params.UserInfoResults{ 143 Results: []params.UserInfoResult{ 144 { 145 Result: ¶ms.UserInfo{ 146 Username: "foobar", 147 DisplayName: "Foo Bar", 148 CreatedBy: "admin", 149 DateCreated: time.Time{}, 150 LastConnection: time.Time{}, 151 }, 152 }, { 153 Result: ¶ms.UserInfo{ 154 Username: "barfoo", 155 DisplayName: "Bar Foo", 156 CreatedBy: "admin", 157 DateCreated: time.Time{}, 158 LastConnection: time.Time{}, 159 }, 160 }}, 161 } 162 163 // set DateCreated to nil as we cannot know the exact time user was created 164 results.Results[0].Result.DateCreated = time.Time{} 165 results.Results[1].Result.DateCreated = time.Time{} 166 167 c.Assert(results, gc.DeepEquals, expected) 168 } 169 170 func (s *userManagerSuite) TestUserInfoUserExists(c *gc.C) { 171 foobar := "foobar" 172 fooTag := names.NewUserTag(foobar) 173 174 userFactory := factory.NewFactory(s.State, c) 175 userFactory.MakeUser(factory.UserParams{Username: foobar, DisplayName: "Foo Bar"}) 176 177 args := params.Entities{ 178 Entities: []params.Entity{{Tag: fooTag.String()}}, 179 } 180 results, err := s.usermanager.UserInfo(args) 181 c.Assert(err, gc.IsNil) 182 expected := params.UserInfoResults{ 183 Results: []params.UserInfoResult{ 184 { 185 Result: ¶ms.UserInfo{ 186 Username: "foobar", 187 DisplayName: "Foo Bar", 188 CreatedBy: "admin", 189 DateCreated: time.Time{}, 190 LastConnection: time.Time{}, 191 }, 192 }, 193 }, 194 } 195 196 // set DateCreated to nil as we cannot know the exact time user was created 197 results.Results[0].Result.DateCreated = time.Time{} 198 199 c.Assert(results, gc.DeepEquals, expected) 200 } 201 202 func (s *userManagerSuite) TestUserInfoUserDoesNotExist(c *gc.C) { 203 userTag := names.NewUserTag("foobar") 204 args := params.Entities{ 205 Entities: []params.Entity{{Tag: userTag.String()}}, 206 } 207 results, err := s.usermanager.UserInfo(args) 208 c.Assert(err, gc.IsNil) 209 expected := params.UserInfoResults{ 210 Results: []params.UserInfoResult{ 211 { 212 Result: nil, 213 Error: ¶ms.Error{ 214 Message: "permission denied", 215 Code: params.CodeUnauthorized, 216 }, 217 }, 218 }, 219 } 220 c.Assert(results, gc.DeepEquals, expected) 221 } 222 223 func (s *userManagerSuite) TestUserInfoMachineTagFails(c *gc.C) { 224 userTag := names.NewMachineTag("0") 225 args := params.Entities{ 226 Entities: []params.Entity{{Tag: userTag.String()}}, 227 } 228 results, err := s.usermanager.UserInfo(args) 229 c.Assert(err, gc.IsNil) 230 expected := params.UserInfoResults{ 231 Results: []params.UserInfoResult{ 232 { 233 Result: nil, 234 Error: ¶ms.Error{ 235 Message: `"machine-0" is not a valid user tag`, 236 Code: "", 237 }, 238 }, 239 }, 240 } 241 c.Assert(results, gc.DeepEquals, expected) 242 } 243 244 func (s *userManagerSuite) TestUserInfoNotATagFails(c *gc.C) { 245 args := params.Entities{ 246 Entities: []params.Entity{{Tag: "notatag"}}, 247 } 248 results, err := s.usermanager.UserInfo(args) 249 c.Assert(err, gc.IsNil) 250 expected := params.UserInfoResults{ 251 Results: []params.UserInfoResult{ 252 { 253 Result: nil, 254 Error: ¶ms.Error{ 255 Message: `"notatag" is not a valid user tag`, 256 Code: "", 257 }, 258 }, 259 }, 260 } 261 c.Assert(results, gc.DeepEquals, expected) 262 } 263 264 func (s *userManagerSuite) TestAgentUnauthorized(c *gc.C) { 265 266 machine1, err := s.State.AddMachine("quantal", state.JobManageEnviron) 267 c.Assert(err, gc.IsNil) 268 269 // Create a FakeAuthorizer so we can check permissions, 270 // set up assuming machine 1 has logged in. 271 s.authorizer = apiservertesting.FakeAuthorizer{ 272 Tag: machine1.Tag(), 273 LoggedIn: true, 274 MachineAgent: true, 275 } 276 277 s.usermanager, err = usermanager.NewUserManagerAPI(s.State, s.authorizer) 278 c.Assert(err, gc.ErrorMatches, "permission denied") 279 }