github.com/wallyworld/juju@v0.0.0-20161013125918-6cf1bc9d917a/apiserver/restrict_controller.go (about) 1 // Copyright 2016 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package apiserver 5 6 import ( 7 "fmt" 8 9 "github.com/juju/errors" 10 "github.com/juju/utils/set" 11 ) 12 13 // The controllerFacadeNames are the root names that can be accessed 14 // using a controller-only login. Any facade added here needs to work 15 // independently of individual models. 16 var controllerFacadeNames = set.NewStrings( 17 "AllModelWatcher", 18 "Cloud", 19 "Controller", 20 "MigrationTarget", 21 "ModelManager", 22 "UserManager", 23 ) 24 25 // commonFacadeNames holds root names that can be accessed using both 26 // controller and model connections. 27 var commonFacadeNames = set.NewStrings( 28 "Pinger", 29 "Bundle", 30 31 // TODO(mjs) - bug 1632172 - Exposed for model logins for 32 // backwards compatibility. Remove once we're sure no non-Juju 33 // clients care about it. 34 "HighAvailability", 35 ) 36 37 func controllerFacadesOnly(facadeName, _ string) error { 38 if !isControllerFacade(facadeName) { 39 return errors.NewNotSupported(nil, fmt.Sprintf("facade %q not supported for controller API connection", facadeName)) 40 } 41 return nil 42 } 43 44 // isControllerFacade reports whether the given facade name can be accessed 45 // using the controller connection. 46 func isControllerFacade(facadeName string) bool { 47 return controllerFacadeNames.Contains(facadeName) || commonFacadeNames.Contains(facadeName) 48 }