github.com/wallyworld/juju@v0.0.0-20161013125918-6cf1bc9d917a/apiserver/restrict_controller.go

github.com/wallyworld/juju@v0.0.0-20161013125918-6cf1bc9d917a/apiserver/restrict_controller.go (about)

     1  // Copyright 2016 Canonical Ltd.
     2  // Licensed under the AGPLv3, see LICENCE file for details.
     3  
     4  package apiserver
     5  
     6  import (
     7  	"fmt"
     8  
     9  	"github.com/juju/errors"
    10  	"github.com/juju/utils/set"
    11  )
    12  
    13  // The controllerFacadeNames are the root names that can be accessed
    14  // using a controller-only login. Any facade added here needs to work
    15  // independently of individual models.
    16  var controllerFacadeNames = set.NewStrings(
    17  	"AllModelWatcher",
    18  	"Cloud",
    19  	"Controller",
    20  	"MigrationTarget",
    21  	"ModelManager",
    22  	"UserManager",
    23  )
    24  
    25  // commonFacadeNames holds root names that can be accessed using both
    26  // controller and model connections.
    27  var commonFacadeNames = set.NewStrings(
    28  	"Pinger",
    29  	"Bundle",
    30  
    31  	// TODO(mjs) - bug 1632172 - Exposed for model logins for
    32  	// backwards compatibility. Remove once we're sure no non-Juju
    33  	// clients care about it.
    34  	"HighAvailability",
    35  )
    36  
    37  func controllerFacadesOnly(facadeName, _ string) error {
    38  	if !isControllerFacade(facadeName) {
    39  		return errors.NewNotSupported(nil, fmt.Sprintf("facade %q not supported for controller API connection", facadeName))
    40  	}
    41  	return nil
    42  }
    43  
    44  // isControllerFacade reports whether the given facade name can be accessed
    45  // using the controller connection.
    46  func isControllerFacade(facadeName string) bool {
    47  	return controllerFacadeNames.Contains(facadeName) || commonFacadeNames.Contains(facadeName)
    48  }