1
// Copyright 2013 Canonical Ltd.
2
// Licensed under the AGPLv3, see LICENCE file for details.
9
"github.com/juju/names"
10
jc "github.com/juju/testing/checkers"
11
gc "gopkg.in/check.v1"
13
apirsyslog "github.com/juju/juju/api/rsyslog"
14
"github.com/juju/juju/apiserver/common"
15
commontesting "github.com/juju/juju/apiserver/common/testing"
16
"github.com/juju/juju/apiserver/params"
17
"github.com/juju/juju/apiserver/rsyslog"
18
apiservertesting "github.com/juju/juju/apiserver/testing"
19
"github.com/juju/juju/juju/testing"
20
"github.com/juju/juju/network"
21
"github.com/juju/juju/state"
22
coretesting "github.com/juju/juju/testing"
25
type rsyslogSuite struct {
27
*commontesting.EnvironWatcherTest
28
authorizer apiservertesting.FakeAuthorizer
29
resources *common.Resources
30
rsyslog *rsyslog.RsyslogAPI
33
var _ = gc.Suite(&rsyslogSuite{})
35
func (s *rsyslogSuite) SetUpTest(c *gc.C) {
36
s.JujuConnSuite.SetUpTest(c)
37
s.authorizer = apiservertesting.FakeAuthorizer{
38
Tag: names.NewMachineTag("1"),
39
EnvironManager: false,
41
s.resources = common.NewResources()
42
s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() })
43
api, err := rsyslog.NewRsyslogAPI(s.State, s.resources, s.authorizer)
44
c.Assert(err, jc.ErrorIsNil)
45
s.EnvironWatcherTest = commontesting.NewEnvironWatcherTest(
46
api, s.State, s.resources, commontesting.NoSecrets)
49
func verifyRsyslogCACert(c *gc.C, st *apirsyslog.State, expectedCA, expectedKey string) {
50
cfg, err := st.GetRsyslogConfig("foo")
51
c.Assert(err, jc.ErrorIsNil)
52
c.Assert(cfg.CACert, gc.DeepEquals, expectedCA)
53
c.Assert(cfg.CAKey, gc.DeepEquals, expectedKey)
56
func (s *rsyslogSuite) TestSetRsyslogCert(c *gc.C) {
57
st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
58
err := m.SetProviderAddresses(network.NewAddress("0.1.2.3"))
59
c.Assert(err, jc.ErrorIsNil)
61
err = st.Rsyslog().SetRsyslogCert(coretesting.CACert, coretesting.CAKey)
62
c.Assert(err, jc.ErrorIsNil)
63
verifyRsyslogCACert(c, st.Rsyslog(), coretesting.CACert, coretesting.CAKey)
66
func (s *rsyslogSuite) TestSetRsyslogCertNil(c *gc.C) {
67
st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
68
err := m.SetProviderAddresses(network.NewAddress("0.1.2.3"))
69
c.Assert(err, jc.ErrorIsNil)
71
err = st.Rsyslog().SetRsyslogCert("", "")
72
c.Assert(err, gc.ErrorMatches, "no certificates found")
73
verifyRsyslogCACert(c, st.Rsyslog(), "", "")
76
func (s *rsyslogSuite) TestSetRsyslogCertInvalid(c *gc.C) {
77
st, m := s.OpenAPIAsNewMachine(c, state.JobManageEnviron)
78
err := m.SetProviderAddresses(network.NewAddress("0.1.2.3"))
79
c.Assert(err, jc.ErrorIsNil)
81
err = st.Rsyslog().SetRsyslogCert(string(pem.EncodeToMemory(&pem.Block{
83
Bytes: []byte("not a valid certificate"),
85
c.Assert(err, gc.ErrorMatches, ".*structure error.*")
86
verifyRsyslogCACert(c, st.Rsyslog(), "", "")
89
func (s *rsyslogSuite) TestSetRsyslogCertPerms(c *gc.C) {
90
// create a machine-0 so we have an addresss to log to
91
m, err := s.State.AddMachine("trusty", state.JobManageEnviron)
92
c.Assert(err, jc.ErrorIsNil)
93
err = m.SetProviderAddresses(network.NewAddress("0.1.2.3"))
94
c.Assert(err, jc.ErrorIsNil)
96
unitState, _ := s.OpenAPIAsNewMachine(c, state.JobHostUnits)
97
err = unitState.Rsyslog().SetRsyslogCert(coretesting.CACert, coretesting.CAKey)
98
c.Assert(err, gc.ErrorMatches, "permission denied")
99
c.Assert(err, jc.Satisfies, params.IsCodeUnauthorized)
100
// Verify no change was effected.
101
verifyRsyslogCACert(c, unitState.Rsyslog(), "", "")
104
func (s *rsyslogSuite) TestUpgraderAPIAllowsUnitAgent(c *gc.C) {
105
anAuthorizer := s.authorizer
106
anAuthorizer.Tag = names.NewUnitTag("seven/9")
107
anUpgrader, err := rsyslog.NewRsyslogAPI(s.State, s.resources, anAuthorizer)
108
c.Check(err, jc.ErrorIsNil)
109
c.Check(anUpgrader, gc.NotNil)
112
func (s *rsyslogSuite) TestUpgraderAPIRefusesNonUnitNonMachineAgent(c *gc.C) {
113
anAuthorizer := s.authorizer
114
anAuthorizer.Tag = names.NewServiceTag("hadoop")
115
anUpgrader, err := rsyslog.NewRsyslogAPI(s.State, s.resources, anAuthorizer)
116
c.Check(err, gc.NotNil)
117
c.Check(anUpgrader, gc.IsNil)
118
c.Assert(err, gc.ErrorMatches, "permission denied")