本文整理汇总了Golang中github.com/juju/juju/apiserver/facade.Authorizer.AuthModelManager方法的典型用法代码示例。如果您正苦于以下问题:Golang Authorizer.AuthModelManager方法的具体用法?Golang Authorizer.AuthModelManager怎么用?Golang Authorizer.AuthModelManager使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/juju/juju/apiserver/facade.Authorizer的用法示例。
在下文中一共展示了Authorizer.AuthModelManager方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: NewMetricsManagerAPI
// NewMetricsManagerAPI creates a new API endpoint for calling metrics manager functions.
func NewMetricsManagerAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
clock clock.Clock,
) (*MetricsManagerAPI, error) {
if !(authorizer.AuthMachineAgent() && authorizer.AuthModelManager()) {
return nil, common.ErrPerm
}
// Allow access only to the current environment.
accessEnviron := func() (common.AuthFunc, error) {
return func(tag names.Tag) bool {
if tag == nil {
return false
}
return tag == st.ModelTag()
}, nil
}
return &MetricsManagerAPI{
state: st,
accessEnviron: accessEnviron,
clock: clock,
}, nil
}示例2: newUndertakerAPI
func newUndertakerAPI(st State, resources facade.Resources, authorizer facade.Authorizer) (*UndertakerAPI, error) {
if !authorizer.AuthMachineAgent() || !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
model, err := st.Model()
if err != nil {
return nil, errors.Trace(err)
}
getCanModifyModel := func() (common.AuthFunc, error) {
return func(tag names.Tag) bool {
if st.IsController() {
return true
}
// Only the agent's model can be modified.
modelTag, ok := tag.(names.ModelTag)
if !ok {
return false
}
return modelTag.Id() == model.UUID()
}, nil
}
return &UndertakerAPI{
st: st,
resources: resources,
StatusSetter: common.NewStatusSetter(st, getCanModifyModel),
}, nil
}示例3: NewFacade
// NewFacade creates a new authorized Facade.
func NewFacade(backend Backend, res facade.Resources, auth facade.Authorizer) (*Facade, error) {
if !auth.AuthModelManager() {
return nil, common.ErrPerm
}
return &Facade{
backend: backend,
resources: res,
}, nil
}示例4: NewInstancePollerAPI
// NewInstancePollerAPI creates a new server-side InstancePoller API
// facade.
func NewInstancePollerAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
clock clock.Clock,
) (*InstancePollerAPI, error) {
if !authorizer.AuthModelManager() {
// InstancePoller must run as environment manager.
return nil, common.ErrPerm
}
accessMachine := common.AuthFuncForTagKind(names.MachineTagKind)
sti := getState(st)
// Life() is supported for machines.
lifeGetter := common.NewLifeGetter(
sti,
accessMachine,
)
// ModelConfig() and WatchForModelConfigChanges() are allowed
// with unrestriced access.
modelWatcher := common.NewModelWatcher(
sti,
resources,
authorizer,
)
// WatchModelMachines() is allowed with unrestricted access.
machinesWatcher := common.NewModelMachinesWatcher(
sti,
resources,
authorizer,
)
// InstanceId() is supported for machines.
instanceIdGetter := common.NewInstanceIdGetter(
sti,
accessMachine,
)
// Status() is supported for machines.
statusGetter := common.NewStatusGetter(
sti,
accessMachine,
)
return &InstancePollerAPI{
LifeGetter: lifeGetter,
ModelWatcher: modelWatcher,
ModelMachinesWatcher: machinesWatcher,
InstanceIdGetter: instanceIdGetter,
StatusGetter: statusGetter,
st: sti,
resources: resources,
authorizer: authorizer,
accessMachine: accessMachine,
clock: clock,
}, nil
}示例5: NewFacade
// NewFacade returns a singular-controller API facade, backed by the supplied
// state, so long as the authorizer represents a controller machine.
func NewFacade(backend Backend, auth facade.Authorizer) (*Facade, error) {
if !auth.AuthModelManager() {
return nil, common.ErrPerm
}
return &Facade{
auth: auth,
model: backend.ModelTag(),
claimer: backend.SingularClaimer(),
}, nil
}示例6: NewDiscoverSpacesAPIWithBacking
func NewDiscoverSpacesAPIWithBacking(st networkingcommon.NetworkBacking, resources facade.Resources, authorizer facade.Authorizer) (*DiscoverSpacesAPI, error) {
if !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &DiscoverSpacesAPI{
st: st,
authorizer: authorizer,
resources: resources,
}, nil
}示例7: NewCharmRevisionUpdaterAPI
// NewCharmRevisionUpdaterAPI creates a new server-side charmrevisionupdater API end point.
func NewCharmRevisionUpdaterAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*CharmRevisionUpdaterAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &CharmRevisionUpdaterAPI{
state: st, resources: resources, authorizer: authorizer}, nil
}示例8: NewHighAvailabilityAPI
// NewHighAvailabilityAPI creates a new server-side highavailability API end point.
func NewHighAvailabilityAPI(st *state.State, resources facade.Resources, authorizer facade.Authorizer) (*HighAvailabilityAPI, error) {
// Only clients and environment managers can access the high availability service.
if !authorizer.AuthClient() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &HighAvailabilityAPI{
state: st,
resources: resources,
authorizer: authorizer,
}, nil
}示例9: NewCleanerAPI
// NewCleanerAPI creates a new instance of the Cleaner API.
func NewCleanerAPI(
st *state.State,
res facade.Resources,
authorizer facade.Authorizer,
) (*CleanerAPI, error) {
if !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &CleanerAPI{
st: getState(st),
resources: res,
}, nil
}示例10: NewAPI
// NewAPI implements the API used by the machine undertaker worker to
// find out what provider-level resources need to be cleaned up when a
// machine goes away.
func NewAPI(backend Backend, resources facade.Resources, authorizer facade.Authorizer) (*API, error) {
if !authorizer.AuthModelManager() {
return nil, errors.Trace(common.ErrPerm)
}
api := &API{
backend: backend,
resources: resources,
canManageModel: func(modelUUID string) bool {
return modelUUID == authorizer.ConnectedModel()
},
}
return api, nil
}示例11: createAPI
// createAPI returns a new image metadata API facade.
func createAPI(
st metadataAcess,
newEnviron func() (environs.Environ, error),
resources facade.Resources,
authorizer facade.Authorizer,
) (*API, error) {
if !authorizer.AuthClient() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &API{
metadata: st,
newEnviron: newEnviron,
authorizer: authorizer,
}, nil
}示例12: NewAPI
// NewAPI creates a new API server endpoint for the model migration
// master worker.
func NewAPI(
backend Backend,
precheckBackend migration.PrecheckBackend,
resources facade.Resources,
authorizer facade.Authorizer,
) (*API, error) {
if !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
return &API{
backend: backend,
precheckBackend: precheckBackend,
authorizer: authorizer,
resources: resources,
}, nil
}示例13: NewKeyManagerAPI
// NewKeyManagerAPI creates a new server-side keyupdater API end point.
func NewKeyManagerAPI(st *state.State, resources facade.Resources, authorizer facade.Authorizer) (*KeyManagerAPI, error) {
// Only clients and environment managers can access the key manager service.
if !authorizer.AuthClient() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
env, err := st.Model()
if err != nil {
return nil, errors.Trace(err)
}
// For gccgo interface comparisons, we need a Tag.
owner := names.Tag(env.Owner())
// TODO(wallyworld) - replace stub with real canRead function
// For now, only admins can read authorised ssh keys.
canRead := func(user string) bool {
// Are we a machine agent operating as the system identity?
if user == config.JujuSystemKey {
_, ismachinetag := authorizer.GetAuthTag().(names.MachineTag)
return ismachinetag
}
return authorizer.GetAuthTag() == owner
}
// TODO(wallyworld) - replace stub with real canWrite function
// For now, only admins can write authorised ssh keys for users.
// Machine agents can write the juju-system-key.
canWrite := func(user string) bool {
// Are we a machine agent writing the Juju system key.
if user == config.JujuSystemKey {
_, ismachinetag := authorizer.GetAuthTag().(names.MachineTag)
return ismachinetag
}
// No point looking to see if the user exists as we are not
// yet storing keys on the user.
return authorizer.GetAuthTag() == owner
}
return &KeyManagerAPI{
state: st,
resources: resources,
authorizer: authorizer,
canRead: canRead,
canWrite: canWrite,
check: common.NewBlockChecker(st),
}, nil
}示例14: NewProvisionerAPI
// NewProvisionerAPI creates a new server-side ProvisionerAPI facade.
func NewProvisionerAPI(st *state.State, resources facade.Resources, authorizer facade.Authorizer) (*ProvisionerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthModelManager() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
isModelManager := authorizer.AuthModelManager()
isMachineAgent := authorizer.AuthMachineAgent()
authEntityTag := authorizer.GetAuthTag()
return func(tag names.Tag) bool {
if isMachineAgent && tag == authEntityTag {
// A machine agent can always access its own machine.
return true
}
switch tag := tag.(type) {
case names.MachineTag:
parentId := state.ParentId(tag.Id())
if parentId == "" {
// All top-level machines are accessible by the
// environment manager.
return isModelManager
}
// All containers with the authenticated machine as a
// parent are accessible by it.
// TODO(dfc) sometimes authEntity tag is nil, which is fine because nil is
// only equal to nil, but it suggests someone is passing an authorizer
// with a nil tag.
return isMachineAgent && names.NewMachineTag(parentId) == authEntityTag
default:
return false
}
}, nil
}
getAuthOwner := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
model, err := st.Model()
if err != nil {
return nil, err
}
configGetter := stateenvirons.EnvironConfigGetter{st}
env, err := environs.GetEnviron(configGetter, environs.New)
if err != nil {
return nil, err
}
urlGetter := common.NewToolsURLGetter(model.UUID(), st)
storageProviderRegistry := stateenvirons.NewStorageProviderRegistry(env)
return &ProvisionerAPI{
Remover: common.NewRemover(st, false, getAuthFunc),
StatusSetter: common.NewStatusSetter(st, getAuthFunc),
StatusGetter: common.NewStatusGetter(st, getAuthFunc),
DeadEnsurer: common.NewDeadEnsurer(st, getAuthFunc),
PasswordChanger: common.NewPasswordChanger(st, getAuthFunc),
LifeGetter: common.NewLifeGetter(st, getAuthFunc),
StateAddresser: common.NewStateAddresser(st),
APIAddresser: common.NewAPIAddresser(st, resources),
ModelWatcher: common.NewModelWatcher(st, resources, authorizer),
ModelMachinesWatcher: common.NewModelMachinesWatcher(st, resources, authorizer),
ControllerConfigAPI: common.NewControllerConfig(st),
InstanceIdGetter: common.NewInstanceIdGetter(st, getAuthFunc),
ToolsFinder: common.NewToolsFinder(configGetter, st, urlGetter),
ToolsGetter: common.NewToolsGetter(st, configGetter, st, urlGetter, getAuthOwner),
st: st,
resources: resources,
authorizer: authorizer,
configGetter: configGetter,
storageProviderRegistry: storageProviderRegistry,
storagePoolManager: poolmanager.New(state.NewStateSettings(st), storageProviderRegistry),
getAuthFunc: getAuthFunc,
}, nil
}示例15: NewFirewallerAPI
// NewFirewallerAPI creates a new server-side FirewallerAPI facade.
func NewFirewallerAPI(
st *state.State,
resources facade.Resources,
authorizer facade.Authorizer,
) (*FirewallerAPI, error) {
if !authorizer.AuthModelManager() {
// Firewaller must run as environment manager.
return nil, common.ErrPerm
}
// Set up the various authorization checkers.
accessEnviron := common.AuthFuncForTagKind(names.ModelTagKind)
accessUnit := common.AuthFuncForTagKind(names.UnitTagKind)
accessService := common.AuthFuncForTagKind(names.ApplicationTagKind)
accessMachine := common.AuthFuncForTagKind(names.MachineTagKind)
accessUnitOrService := common.AuthEither(accessUnit, accessService)
accessUnitServiceOrMachine := common.AuthEither(accessUnitOrService, accessMachine)
// Life() is supported for units, services or machines.
lifeGetter := common.NewLifeGetter(
st,
accessUnitServiceOrMachine,
)
// ModelConfig() and WatchForModelConfigChanges() are allowed
// with unrestriced access.
modelWatcher := common.NewModelWatcher(
st,
resources,
authorizer,
)
// Watch() is supported for applications only.
entityWatcher := common.NewAgentEntityWatcher(
st,
resources,
accessService,
)
// WatchUnits() is supported for machines.
unitsWatcher := common.NewUnitsWatcher(st,
resources,
accessMachine,
)
// WatchModelMachines() is allowed with unrestricted access.
machinesWatcher := common.NewModelMachinesWatcher(
st,
resources,
authorizer,
)
// InstanceId() is supported for machines.
instanceIdGetter := common.NewInstanceIdGetter(
st,
accessMachine,
)
environConfigGetter := stateenvirons.EnvironConfigGetter{st}
cloudSpecAPI := cloudspec.NewCloudSpec(environConfigGetter.CloudSpec, common.AuthFuncForTag(st.ModelTag()))
return &FirewallerAPI{
LifeGetter: lifeGetter,
ModelWatcher: modelWatcher,
AgentEntityWatcher: entityWatcher,
UnitsWatcher: unitsWatcher,
ModelMachinesWatcher: machinesWatcher,
InstanceIdGetter: instanceIdGetter,
CloudSpecAPI: cloudSpecAPI,
st: st,
resources: resources,
authorizer: authorizer,
accessUnit: accessUnit,
accessService: accessService,
accessMachine: accessMachine,
accessEnviron: accessEnviron,
}, nil
}