本文整理汇总了Golang中github.com/juju/juju/apiserver/common.Authorizer.AuthMachineAgent方法的典型用法代码示例。如果您正苦于以下问题:Golang Authorizer.AuthMachineAgent方法的具体用法?Golang Authorizer.AuthMachineAgent怎么用?Golang Authorizer.AuthMachineAgent使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/juju/juju/apiserver/common.Authorizer的用法示例。
在下文中一共展示了Authorizer.AuthMachineAgent方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: newUndertakerAPI
func newUndertakerAPI(st State, resources *common.Resources, authorizer common.Authorizer) (*UndertakerAPI, error) {
if !authorizer.AuthMachineAgent() || !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
model, err := st.Model()
if err != nil {
return nil, errors.Trace(err)
}
getCanModifyModel := func() (common.AuthFunc, error) {
return func(tag names.Tag) bool {
if st.IsController() {
return true
}
// Only the agent's model can be modified.
modelTag, ok := tag.(names.ModelTag)
if !ok {
return false
}
return modelTag.Id() == model.UUID()
}, nil
}
return &UndertakerAPI{
st: st,
resources: resources,
StatusSetter: common.NewStatusSetter(st, getCanModifyModel),
}, nil
}示例2: NewRebootAPI
// NewRebootAPI creates a new server-side RebootAPI facade.
func NewRebootAPI(st *state.State, resources *common.Resources, auth common.Authorizer) (*RebootAPI, error) {
if !auth.AuthMachineAgent() {
return nil, common.ErrPerm
}
tag, ok := auth.GetAuthTag().(names.MachineTag)
if !ok {
return nil, errors.Errorf("Expected names.MachineTag, got %T", auth.GetAuthTag())
}
machine, err := st.Machine(tag.Id())
if err != nil {
return nil, errors.Trace(err)
}
canAccess := func() (common.AuthFunc, error) {
return auth.AuthOwner, nil
}
return &RebootAPI{
RebootActionGetter: common.NewRebootActionGetter(st, canAccess),
RebootRequester: common.NewRebootRequester(st, canAccess),
RebootFlagClearer: common.NewRebootFlagClearer(st, canAccess),
st: st,
machine: machine,
resources: resources,
auth: auth,
}, nil
}示例3: newUndertakerAPI
func newUndertakerAPI(st State, resources *common.Resources, authorizer common.Authorizer) (*UndertakerAPI, error) {
if !authorizer.AuthMachineAgent() || !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &UndertakerAPI{
st: st,
resources: resources,
}, nil
}示例4: NewProvisionerAPI
// NewProvisionerAPI creates a new server-side ProvisionerAPI facade.
func NewProvisionerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*ProvisionerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
isEnvironManager := authorizer.AuthEnvironManager()
isMachineAgent := authorizer.AuthMachineAgent()
authEntityTag := authorizer.GetAuthTag()
return func(tag names.Tag) bool {
if isMachineAgent && tag == authEntityTag {
// A machine agent can always access its own machine.
return true
}
switch tag := tag.(type) {
case names.MachineTag:
parentId := state.ParentId(tag.Id())
if parentId == "" {
// All top-level machines are accessible by the
// environment manager.
return isEnvironManager
}
// All containers with the authenticated machine as a
// parent are accessible by it.
// TODO(dfc) sometimes authEntity tag is nil, which is fine because nil is
// only equal to nil, but it suggests someone is passing an authorizer
// with a nil tag.
return isMachineAgent && names.NewMachineTag(parentId) == authEntityTag
default:
return false
}
}, nil
}
env, err := st.Environment()
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(env.UUID(), st)
return &ProvisionerAPI{
Remover: common.NewRemover(st, false, getAuthFunc),
StatusSetter: common.NewStatusSetter(st, getAuthFunc),
StatusGetter: common.NewStatusGetter(st, getAuthFunc),
DeadEnsurer: common.NewDeadEnsurer(st, getAuthFunc),
PasswordChanger: common.NewPasswordChanger(st, getAuthFunc),
LifeGetter: common.NewLifeGetter(st, getAuthFunc),
StateAddresser: common.NewStateAddresser(st),
APIAddresser: common.NewAPIAddresser(st, resources),
EnvironWatcher: common.NewEnvironWatcher(st, resources, authorizer),
EnvironMachinesWatcher: common.NewEnvironMachinesWatcher(st, resources, authorizer),
InstanceIdGetter: common.NewInstanceIdGetter(st, getAuthFunc),
ToolsFinder: common.NewToolsFinder(st, st, urlGetter),
st: st,
resources: resources,
authorizer: authorizer,
getAuthFunc: getAuthFunc,
}, nil
}示例5: New
// New creates a Facade backed by backend and resources. If auth
// doesn't identity the client as a machine agent or a unit agent,
// it will return common.ErrPerm.
func New(backend Backend, resources *common.Resources, auth common.Authorizer) (*Facade, error) {
if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &Facade{
backend: backend,
resources: resources,
}, nil
}示例6: NewLoggerAPI
// NewLoggerAPI creates a new server-side logger API end point.
func NewLoggerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*LoggerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &LoggerAPI{state: st, resources: resources, authorizer: authorizer}, nil
}示例7: NewAPIWithBacking
// NewAPIWithBacking creates a new server-side API facade with the given Backing.
func NewAPIWithBacking(st Backend, resources *common.Resources, authorizer common.Authorizer) (*ProxyUpdaterAPI, error) {
if !(authorizer.AuthMachineAgent() || authorizer.AuthUnitAgent()) {
return &ProxyUpdaterAPI{}, common.ErrPerm
}
return &ProxyUpdaterAPI{
backend: st,
resources: resources,
authorizer: authorizer,
}, nil
}示例8: NewCharmRevisionUpdaterAPI
// NewCharmRevisionUpdaterAPI creates a new server-side charmrevisionupdater API end point.
func NewCharmRevisionUpdaterAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*CharmRevisionUpdaterAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
return &CharmRevisionUpdaterAPI{
state: st, resources: resources, authorizer: authorizer}, nil
}示例9: NewRsyslogAPI
// NewRsyslogAPI creates a new instance of the Rsyslog API.
func NewRsyslogAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*RsyslogAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &RsyslogAPI{
EnvironWatcher: common.NewEnvironWatcher(st, resources, authorizer),
st: st,
authorizer: authorizer,
resources: resources,
canModify: authorizer.AuthEnvironManager(),
StateAddresser: common.NewStateAddresser(st),
}, nil
}示例10: NewAPI
// NewAPI returns an object implementing an agent API
// with the given authorizer representing the currently logged in client.
func NewAPI(st *state.State, resources *common.Resources, auth common.Authorizer) (*API, error) {
// Agents are defined to be any user that's not a client user.
if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() {
return nil, common.ErrPerm
}
getCanChange := func() (common.AuthFunc, error) {
return auth.AuthOwner, nil
}
return &API{
PasswordChanger: common.NewPasswordChanger(st, getCanChange),
st: st,
auth: auth,
}, nil
}示例11: NewAPI
// NewAPI creates a new API server endpoint for the model migration
// master worker.
func NewAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*API, error) {
if !(authorizer.AuthMachineAgent() || authorizer.AuthUnitAgent()) {
return nil, common.ErrPerm
}
return &API{
backend: getBackend(st),
authorizer: authorizer,
resources: resources,
}, nil
}示例12: NewMetricsAdderAPI
// NewMetricsAdderAPI creates a new API endpoint for adding metrics to state.
func NewMetricsAdderAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*MetricsAdderAPI, error) {
// TODO(cmars): remove unit agent auth, once worker/metrics/sender manifold
// can be righteously relocated to machine agent.
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &MetricsAdderAPI{
state: st,
}, nil
}示例13: NewFacade
// NewFacade creates a new server-side machineactions API end point.
func NewFacade(
backend Backend,
resources *common.Resources,
authorizer common.Authorizer,
) (*Facade, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
return &Facade{
backend: backend,
resources: resources,
accessMachine: authorizer.AuthOwner,
}, nil
}示例14: NewKeyUpdaterAPI
// NewKeyUpdaterAPI creates a new server-side keyupdater API end point.
func NewKeyUpdaterAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*KeyUpdaterAPI, error) {
// Only machine agents have access to the keyupdater service.
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
// No-one else except the machine itself can only read a machine's own credentials.
getCanRead := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &KeyUpdaterAPI{state: st, resources: resources, authorizer: authorizer, getCanRead: getCanRead}, nil
}示例15: NewNetworkerAPI
// NewNetworkerAPI creates a new server-side Networker API facade.
func NewNetworkerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*NetworkerAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
authEntityTag := authorizer.GetAuthTag()
return func(tag names.Tag) bool {
if tag == authEntityTag {
// A machine agent can always access its own machine.
return true
}
if _, ok := tag.(names.MachineTag); !ok {
// Only machine tags are allowed.
return false
}
id := tag.Id()
for parentId := state.ParentId(id); parentId != ""; parentId = state.ParentId(parentId) {
// Until a top-level machine is reached.
// TODO (thumper): remove the names.Tag conversion when gccgo
// implements concrete-type-to-interface comparison correctly.
if names.Tag(names.NewMachineTag(parentId)) == authEntityTag {
// All containers with the authenticated machine as a
// parent are accessible by it.
return true
}
}
// Not found authorized machine agent among ancestors of the current one.
return false
}, nil
}
return &NetworkerAPI{
st: st,
resources: resources,
authorizer: authorizer,
getAuthFunc: getAuthFunc,
}, nil
}