本文整理汇总了Golang中github.com/wallyworld/core/state/apiserver/common.Authorizer类的典型用法代码示例。如果您正苦于以下问题:Golang Authorizer类的具体用法?Golang Authorizer怎么用?Golang Authorizer使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Authorizer类的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: NewLoggerAPI
// NewLoggerAPI creates a new server-side logger API end point.
func NewLoggerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*LoggerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
return &LoggerAPI{state: st, resources: resources, authorizer: authorizer}, nil
}示例2: NewCharmRevisionUpdaterAPI
// NewCharmRevisionUpdaterAPI creates a new server-side charmrevisionupdater API end point.
func NewCharmRevisionUpdaterAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*CharmRevisionUpdaterAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
return &CharmRevisionUpdaterAPI{
state: st, resources: resources, authorizer: authorizer}, nil
}示例3: NewRsyslogAPI
// NewRsyslogAPI creates a new instance of the Rsyslog API.
func NewRsyslogAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*RsyslogAPI, error) {
// Can always watch for environ changes.
getCanWatch := common.AuthAlways(true)
// Does not get the secrets.
getCanReadSecrets := common.AuthAlways(false)
return &RsyslogAPI{
EnvironWatcher: common.NewEnvironWatcher(st, resources, getCanWatch, getCanReadSecrets),
st: st,
canModify: authorizer.AuthEnvironManager(),
}, nil
}示例4: NewAPI
// NewAPI returns an object implementing an agent API
// with the given authorizer representing the currently logged in client.
func NewAPI(st *state.State, auth common.Authorizer) (*API, error) {
// Agents are defined to be any user that's not a client user.
if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() {
return nil, common.ErrPerm
}
getCanChange := func() (common.AuthFunc, error) {
return auth.AuthOwner, nil
}
return &API{
PasswordChanger: common.NewPasswordChanger(st, getCanChange),
st: st,
auth: auth,
}, nil
}示例5: NewKeyUpdaterAPI
// NewKeyUpdaterAPI creates a new server-side keyupdater API end point.
func NewKeyUpdaterAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*KeyUpdaterAPI, error) {
// Only machine agents have access to the keyupdater service.
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
// No-one else except the machine itself can only read a machine's own credentials.
getCanRead := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &KeyUpdaterAPI{state: st, resources: resources, authorizer: authorizer, getCanRead: getCanRead}, nil
}示例6: NewUserManagerAPI
func NewUserManagerAPI(
st *state.State,
authorizer common.Authorizer,
) (*UserManagerAPI, error) {
if !authorizer.AuthClient() {
return nil, common.ErrPerm
}
// TODO(mattyw) - replace stub with real canWrite function
getCanWrite := common.AuthAlways(true)
return &UserManagerAPI{
state: st,
authorizer: authorizer,
getCanWrite: getCanWrite},
nil
}示例7: NewUpgraderAPI
// NewUpgraderAPI creates a new client-side UpgraderAPI facade.
func NewUpgraderAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*UpgraderAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getCanReadWrite := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &UpgraderAPI{
ToolsGetter: common.NewToolsGetter(st, getCanReadWrite),
ToolsSetter: common.NewToolsSetter(st, getCanReadWrite),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}示例8: NewMachinerAPI
// NewMachinerAPI creates a new instance of the Machiner API.
func NewMachinerAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*MachinerAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getCanModify := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
getCanRead := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &MachinerAPI{
LifeGetter: common.NewLifeGetter(st, getCanRead),
StatusSetter: common.NewStatusSetter(st, getCanModify),
DeadEnsurer: common.NewDeadEnsurer(st, getCanModify),
AgentEntityWatcher: common.NewAgentEntityWatcher(st, resources, getCanRead),
APIAddresser: common.NewAPIAddresser(st, resources),
st: st,
auth: authorizer,
getCanModify: getCanModify,
}, nil
}示例9: NewUnitUpgraderAPI
// NewUnitUpgraderAPI creates a new server-side UnitUpgraderAPI facade.
func NewUnitUpgraderAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
dataDir string,
) (*UnitUpgraderAPI, error) {
if !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
getCanWrite := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &UnitUpgraderAPI{
ToolsSetter: common.NewToolsSetter(st, getCanWrite),
st: st,
resources: resources,
authorizer: authorizer,
dataDir: dataDir,
}, nil
}示例10: NewDeployerAPI
// NewDeployerAPI creates a new server-side DeployerAPI facade.
func NewDeployerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*DeployerAPI, error) {
if !authorizer.AuthMachineAgent() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
// Get all units of the machine and cache them.
thisMachineTag := authorizer.GetAuthTag()
units, err := getAllUnits(st, thisMachineTag)
if err != nil {
return nil, err
}
// Then we just check if the unit is already known.
return func(tag string) bool {
for _, unit := range units {
if names.UnitTag(unit) == tag {
return true
}
}
return false
}, nil
}
getCanWatch := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
return &DeployerAPI{
Remover: common.NewRemover(st, true, getAuthFunc),
PasswordChanger: common.NewPasswordChanger(st, getAuthFunc),
LifeGetter: common.NewLifeGetter(st, getAuthFunc),
StateAddresser: common.NewStateAddresser(st),
APIAddresser: common.NewAPIAddresser(st, resources),
UnitsWatcher: common.NewUnitsWatcher(st, resources, getCanWatch),
st: st,
resources: resources,
authorizer: authorizer,
}, nil
}示例11: NewUniterAPI
// NewUniterAPI creates a new instance of the Uniter API.
func NewUniterAPI(st *state.State, resources *common.Resources, authorizer common.Authorizer) (*UniterAPI, error) {
if !authorizer.AuthUnitAgent() {
return nil, common.ErrPerm
}
accessUnit := func() (common.AuthFunc, error) {
return authorizer.AuthOwner, nil
}
accessService := func() (common.AuthFunc, error) {
unit, ok := authorizer.GetAuthEntity().(*state.Unit)
if !ok {
panic("authenticated entity is not a unit")
}
return func(tag string) bool {
return tag == names.ServiceTag(unit.ServiceName())
}, nil
}
accessUnitOrService := common.AuthEither(accessUnit, accessService)
// Uniter can always watch for environ changes.
getCanWatch := common.AuthAlways(true)
// Uniter can not get the secrets.
getCanReadSecrets := common.AuthAlways(false)
return &UniterAPI{
LifeGetter: common.NewLifeGetter(st, accessUnitOrService),
StatusSetter: common.NewStatusSetter(st, accessUnit),
DeadEnsurer: common.NewDeadEnsurer(st, accessUnit),
AgentEntityWatcher: common.NewAgentEntityWatcher(st, resources, accessUnitOrService),
APIAddresser: common.NewAPIAddresser(st, resources),
EnvironWatcher: common.NewEnvironWatcher(st, resources, getCanWatch, getCanReadSecrets),
st: st,
auth: authorizer,
resources: resources,
accessUnit: accessUnit,
accessService: accessService,
}, nil
}示例12: NewKeyManagerAPI
// NewKeyManagerAPI creates a new server-side keyupdater API end point.
func NewKeyManagerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*KeyManagerAPI, error) {
// Only clients and environment managers can access the key manager service.
if !authorizer.AuthClient() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
// TODO(wallyworld) - replace stub with real canRead function
// For now, only admins can read authorised ssh keys.
getCanRead := func() (common.AuthFunc, error) {
return func(tag string) bool {
return authorizer.GetAuthTag() == "user-admin"
}, nil
}
// TODO(wallyworld) - replace stub with real canWrite function
// For now, only admins can write authorised ssh keys for users.
// Machine agents can write the juju-system-key.
getCanWrite := func() (common.AuthFunc, error) {
return func(tag string) bool {
// Are we a machine agent writing the Juju system key.
if tag == config.JujuSystemKey {
_, _, err := names.ParseTag(authorizer.GetAuthTag(), names.MachineTagKind)
return err == nil
}
// Are we writing the auth key for a user.
if _, err := st.User(tag); err != nil {
return false
}
return authorizer.GetAuthTag() == "user-admin"
}, nil
}
return &KeyManagerAPI{
state: st, resources: resources, authorizer: authorizer, getCanRead: getCanRead, getCanWrite: getCanWrite}, nil
}示例13: NewFirewallerAPI
// NewFirewallerAPI creates a new server-side FirewallerAPI facade.
func NewFirewallerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*FirewallerAPI, error) {
if !authorizer.AuthEnvironManager() {
// Firewaller must run as environment manager.
return nil, common.ErrPerm
}
// Set up the various authorization checkers.
accessUnit := getAuthFuncForTagKind(names.UnitTagKind)
accessService := getAuthFuncForTagKind(names.ServiceTagKind)
accessMachine := getAuthFuncForTagKind(names.MachineTagKind)
accessEnviron := getAuthFuncForTagKind("")
accessUnitOrService := common.AuthEither(accessUnit, accessService)
accessUnitServiceOrMachine := common.AuthEither(accessUnitOrService, accessMachine)
// Life() is supported for units, services or machines.
lifeGetter := common.NewLifeGetter(
st,
accessUnitServiceOrMachine,
)
// EnvironConfig() and WatchForEnvironConfigChanges() are allowed
// with unrestriced access.
environWatcher := common.NewEnvironWatcher(
st,
resources,
accessEnviron,
accessEnviron,
)
// Watch() is supported for units or services.
entityWatcher := common.NewAgentEntityWatcher(
st,
resources,
accessUnitOrService,
)
// WatchUnits() is supported for machines.
unitsWatcher := common.NewUnitsWatcher(st,
resources,
accessMachine,
)
// WatchEnvironMachines() is allowed with unrestricted access.
machinesWatcher := common.NewEnvironMachinesWatcher(
st,
resources,
accessEnviron,
)
// InstanceId() is supported for machines.
instanceIdGetter := common.NewInstanceIdGetter(
st,
accessMachine,
)
return &FirewallerAPI{
LifeGetter: lifeGetter,
EnvironWatcher: environWatcher,
AgentEntityWatcher: entityWatcher,
UnitsWatcher: unitsWatcher,
EnvironMachinesWatcher: machinesWatcher,
InstanceIdGetter: instanceIdGetter,
st: st,
resources: resources,
authorizer: authorizer,
accessUnit: accessUnit,
accessService: accessService,
}, nil
}示例14: NewProvisionerAPI
// NewProvisionerAPI creates a new server-side ProvisionerAPI facade.
func NewProvisionerAPI(
st *state.State,
resources *common.Resources,
authorizer common.Authorizer,
) (*ProvisionerAPI, error) {
if !authorizer.AuthMachineAgent() && !authorizer.AuthEnvironManager() {
return nil, common.ErrPerm
}
getAuthFunc := func() (common.AuthFunc, error) {
isEnvironManager := authorizer.AuthEnvironManager()
isMachineAgent := authorizer.AuthMachineAgent()
authEntityTag := authorizer.GetAuthTag()
return func(tag string) bool {
if isMachineAgent && tag == authEntityTag {
// A machine agent can always access its own machine.
return true
}
_, id, err := names.ParseTag(tag, names.MachineTagKind)
if err != nil {
return false
}
parentId := state.ParentId(id)
if parentId == "" {
// All top-level machines are accessible by the
// environment manager.
return isEnvironManager
}
// All containers with the authenticated machine as a
// parent are accessible by it.
return isMachineAgent && names.MachineTag(parentId) == authEntityTag
}, nil
}
// Both provisioner types can watch the environment.
getCanWatch := common.AuthAlways(true)
// Only the environment provisioner can read secrets.
getCanReadSecrets := common.AuthAlways(authorizer.AuthEnvironManager())
return &ProvisionerAPI{
Remover: common.NewRemover(st, false, getAuthFunc),
StatusSetter: common.NewStatusSetter(st, getAuthFunc),
DeadEnsurer: common.NewDeadEnsurer(st, getAuthFunc),
PasswordChanger: common.NewPasswordChanger(st, getAuthFunc),
LifeGetter: common.NewLifeGetter(st, getAuthFunc),
StateAddresser: common.NewStateAddresser(st),
APIAddresser: common.NewAPIAddresser(st, resources),
ToolsGetter: common.NewToolsGetter(st, getAuthFunc),
EnvironWatcher: common.NewEnvironWatcher(st, resources, getCanWatch, getCanReadSecrets),
EnvironMachinesWatcher: common.NewEnvironMachinesWatcher(st, resources, getCanReadSecrets),
InstanceIdGetter: common.NewInstanceIdGetter(st, getAuthFunc),
st: st,
resources: resources,
authorizer: authorizer,
getAuthFunc: getAuthFunc,
getCanWatchMachines: getCanReadSecrets,
}, nil
}