← Back to branch summary

~juju-qa/ubuntu/xenial/juju/2.0-rc2

« back to all changes in this revision

Viewing changes to src/github.com/juju/juju/apiserver/controller/controller_test.go

  • Committer: Nicholas Skaggs
  • Date: 2016-09-30 14:39:30 UTC
  • mfrom: (1.8.1)
  • Revision ID: nicholas.skaggs@canonical.com-20160930143930-vwwhrefh6ftckccy
import upstream

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/github.com/juju/juju/apiserver/controller/controller_test.go
22
22
        "github.com/juju/juju/apiserver/facade/facadetest"
23
23
        "github.com/juju/juju/apiserver/params"
24
24
        apiservertesting "github.com/juju/juju/apiserver/testing"
25
 
        "github.com/juju/juju/core/description"
 
25
        "github.com/juju/juju/cloud"
 
26
        "github.com/juju/juju/environs"
 
27
        "github.com/juju/juju/environs/config"
26
28
        "github.com/juju/juju/instance"
27
 
        jujutesting "github.com/juju/juju/juju/testing"
 
29
        "github.com/juju/juju/permission"
28
30
        "github.com/juju/juju/state"
29
31
        "github.com/juju/juju/state/multiwatcher"
 
32
        statetesting "github.com/juju/juju/state/testing"
30
33
        "github.com/juju/juju/testing"
31
34
        "github.com/juju/juju/testing/factory"
32
35
)
33
36
 
34
37
type controllerSuite struct {
35
 
        jujutesting.JujuConnSuite
 
38
        statetesting.StateSuite
36
39
 
37
40
        controller *controller.ControllerAPI
38
41
        resources  *common.Resources
42
45
var _ = gc.Suite(&controllerSuite{})
43
46
 
44
47
func (s *controllerSuite) SetUpTest(c *gc.C) {
45
 
        s.JujuConnSuite.SetUpTest(c)
 
48
        // Initial config needs to be set before the StateSuite SetUpTest.
 
49
        s.InitialConfig = testing.CustomModelConfig(c, testing.Attrs{
 
50
                "name": "controller",
 
51
        })
 
52
 
 
53
        s.StateSuite.SetUpTest(c)
46
54
        s.resources = common.NewResources()
47
55
        s.AddCleanup(func(_ *gc.C) { s.resources.StopAll() })
48
56
 
49
57
        s.authorizer = apiservertesting.FakeAuthorizer{
50
 
                Tag: s.AdminUserTag(c),
 
58
                Tag:      s.Owner,
 
59
                AdminTag: s.Owner,
51
60
        }
52
61
 
53
62
        controller, err := controller.NewControllerAPI(s.State, s.resources, s.authorizer)
86
95
                        User:        admin.UserTag(),
87
96
                        CreatedBy:   remoteUserTag,
88
97
                        DisplayName: "Foo Bar",
89
 
                        Access:      description.ReadAccess})
 
98
                        Access:      permission.ReadAccess})
90
99
 
91
100
        s.Factory.MakeModel(c, &factory.ModelParams{
92
101
                Name: "no-access", Owner: remoteUserTag}).Close()
105
114
        c.Assert(obtained, jc.DeepEquals, expected)
106
115
}
107
116
 
 
117
func (s *controllerSuite) TestHostedModelConfigs_OnlyHostedModelsReturned(c *gc.C) {
 
118
        owner := s.Factory.MakeUser(c, nil)
 
119
        s.Factory.MakeModel(c, &factory.ModelParams{
 
120
                Name: "first", Owner: owner.UserTag()}).Close()
 
121
        remoteUserTag := names.NewUserTag("user@remote")
 
122
        s.Factory.MakeModel(c, &factory.ModelParams{
 
123
                Name: "second", Owner: remoteUserTag}).Close()
 
124
 
 
125
        results, err := s.controller.HostedModelConfigs()
 
126
        c.Assert(err, jc.ErrorIsNil)
 
127
        c.Assert(len(results.Models), gc.Equals, 2)
 
128
 
 
129
        one := results.Models[0]
 
130
        two := results.Models[1]
 
131
 
 
132
        c.Assert(one.Name, gc.Equals, "first")
 
133
        c.Assert(one.OwnerTag, gc.Equals, owner.UserTag().String())
 
134
        c.Assert(two.Name, gc.Equals, "second")
 
135
        c.Assert(two.OwnerTag, gc.Equals, remoteUserTag.String())
 
136
}
 
137
 
 
138
func (s *controllerSuite) makeCloudSpec(c *gc.C, pSpec *params.CloudSpec) environs.CloudSpec {
 
139
        c.Assert(pSpec, gc.NotNil)
 
140
        var credential *cloud.Credential
 
141
        if pSpec.Credential != nil {
 
142
                credentialValue := cloud.NewCredential(
 
143
                        cloud.AuthType(pSpec.Credential.AuthType),
 
144
                        pSpec.Credential.Attributes,
 
145
                )
 
146
                credential = &credentialValue
 
147
        }
 
148
        spec := environs.CloudSpec{
 
149
                Type:             pSpec.Type,
 
150
                Name:             pSpec.Name,
 
151
                Region:           pSpec.Region,
 
152
                Endpoint:         pSpec.Endpoint,
 
153
                IdentityEndpoint: pSpec.IdentityEndpoint,
 
154
                StorageEndpoint:  pSpec.StorageEndpoint,
 
155
                Credential:       credential,
 
156
        }
 
157
        c.Assert(spec.Validate(), jc.ErrorIsNil)
 
158
        return spec
 
159
}
 
160
 
 
161
func (s *controllerSuite) TestHostedModelConfigs_CanOpenEnviron(c *gc.C) {
 
162
        owner := s.Factory.MakeUser(c, nil)
 
163
        s.Factory.MakeModel(c, &factory.ModelParams{
 
164
                Name: "first", Owner: owner.UserTag()}).Close()
 
165
        remoteUserTag := names.NewUserTag("user@remote")
 
166
        s.Factory.MakeModel(c, &factory.ModelParams{
 
167
                Name: "second", Owner: remoteUserTag}).Close()
 
168
 
 
169
        results, err := s.controller.HostedModelConfigs()
 
170
        c.Assert(err, jc.ErrorIsNil)
 
171
        c.Assert(len(results.Models), gc.Equals, 2)
 
172
 
 
173
        for _, model := range results.Models {
 
174
                c.Assert(model.Error, gc.IsNil)
 
175
 
 
176
                cfg, err := config.New(config.NoDefaults, model.Config)
 
177
                c.Assert(err, jc.ErrorIsNil)
 
178
                spec := s.makeCloudSpec(c, model.CloudSpec)
 
179
                _, err = environs.New(environs.OpenParams{
 
180
                        Cloud:  spec,
 
181
                        Config: cfg,
 
182
                })
 
183
                c.Assert(err, jc.ErrorIsNil)
 
184
        }
 
185
}
 
186
 
108
187
func (s *controllerSuite) TestListBlockedModels(c *gc.C) {
109
188
        st := s.Factory.MakeModel(c, &factory.ModelParams{
110
189
                Name: "test"})
122
201
                params.ModelBlockInfo{
123
202
                        Name:     "controller",
124
203
                        UUID:     s.State.ModelUUID(),
125
 
                        OwnerTag: s.AdminUserTag(c).String(),
 
204
                        OwnerTag: s.Owner.String(),
126
205
                        Blocks: []string{
127
206
                                "BlockDestroy",
128
207
                                "BlockChange",
131
210
                params.ModelBlockInfo{
132
211
                        Name:     "test",
133
212
                        UUID:     st.ModelUUID(),
134
 
                        OwnerTag: s.AdminUserTag(c).String(),
 
213
                        OwnerTag: s.Owner.String(),
135
214
                        Blocks: []string{
136
215
                                "BlockDestroy",
137
216
                                "BlockChange",
158
237
                Name: "test"})
159
238
        defer st.Close()
160
239
 
161
 
        authorizer := &apiservertesting.FakeAuthorizer{Tag: s.AdminUserTag(c)}
 
240
        authorizer := &apiservertesting.FakeAuthorizer{
 
241
                Tag:      s.Owner,
 
242
                AdminTag: s.Owner,
 
243
        }
162
244
        controller, err := controller.NewControllerAPI(st, common.NewResources(), authorizer)
163
245
        c.Assert(err, jc.ErrorIsNil)
164
246
        cfg, err := controller.ModelConfig()
181
263
                Name: "test"})
182
264
        defer st.Close()
183
265
 
184
 
        authorizer := &apiservertesting.FakeAuthorizer{Tag: s.AdminUserTag(c)}
 
266
        authorizer := &apiservertesting.FakeAuthorizer{Tag: s.Owner}
185
267
        controller, err := controller.NewControllerAPI(st, common.NewResources(), authorizer)
186
268
        c.Assert(err, jc.ErrorIsNil)
187
269
        cfg, err := controller.ControllerConfig()
301
383
                ModelTag:           controllerEnvTag,
302
384
                HostedMachineCount: 1,
303
385
                ApplicationCount:   1,
304
 
                OwnerTag:           "user-admin@local",
 
386
                OwnerTag:           s.Owner.String(),
305
387
                Life:               params.Alive,
306
388
                Machines: []params.ModelMachineInfo{
307
389
                        {Id: "0", Hardware: &params.MachineHardware{Cores: &eight}, InstanceId: "id-4", Status: "pending", WantsVote: true},
341
423
                        {
342
424
                                ModelTag: st1.ModelTag().String(),
343
425
                                TargetInfo: params.MigrationTargetInfo{
344
 
                                        ControllerTag: randomModelTag(),
 
426
                                        ControllerTag: randomControllerTag(),
345
427
                                        Addrs:         []string{"1.1.1.1:1111", "2.2.2.2:2222"},
346
428
                                        CACert:        "cert1",
347
429
                                        AuthTag:       names.NewUserTag("admin1").String(),
350
432
                        }, {
351
433
                                ModelTag: st2.ModelTag().String(),
352
434
                                TargetInfo: params.MigrationTargetInfo{
353
 
                                        ControllerTag: randomModelTag(),
 
435
                                        ControllerTag: randomControllerTag(),
354
436
                                        Addrs:         []string{"3.3.3.3:3333"},
355
437
                                        CACert:        "cert2",
356
438
                                        AuthTag:       names.NewUserTag("admin2").String(),
381
463
                c.Assert(err, jc.ErrorIsNil)
382
464
                c.Check(mig.Id(), gc.Equals, expectedId)
383
465
                c.Check(mig.ModelUUID(), gc.Equals, st.ModelUUID())
384
 
                c.Check(mig.InitiatedBy(), gc.Equals, s.AdminUserTag(c).Id())
 
466
                c.Check(mig.InitiatedBy(), gc.Equals, s.Owner.Id())
385
467
                c.Check(mig.ExternalControl(), gc.Equals, args.Specs[i].ExternalControl)
386
468
 
387
469
                targetInfo, err := mig.TargetInfo()
431
513
                        {
432
514
                                ModelTag: st.ModelTag().String(),
433
515
                                TargetInfo: params.MigrationTargetInfo{
434
 
                                        ControllerTag: randomModelTag(),
 
516
                                        ControllerTag: randomControllerTag(),
435
517
                                        Addrs:         []string{"1.1.1.1:1111", "2.2.2.2:2222"},
436
518
                                        CACert:        "cert",
437
519
                                        AuthTag:       names.NewUserTag("admin").String(),
462
544
                        {
463
545
                                ModelTag: st.ModelTag().String(),
464
546
                                TargetInfo: params.MigrationTargetInfo{
465
 
                                        ControllerTag: randomModelTag(),
 
547
                                        ControllerTag: randomControllerTag(),
466
548
                                        Addrs:         []string{"1.1.1.1:1111", "2.2.2.2:2222"},
467
549
                                        CACert:        "cert",
468
550
                                        AuthTag:       names.NewUserTag("admin").String(),
489
571
                Specs: []params.MigrationSpec{{
490
572
                        ModelTag: st.ModelTag().String(),
491
573
                        TargetInfo: params.MigrationTargetInfo{
492
 
                                ControllerTag: randomModelTag(),
 
574
                                ControllerTag: randomControllerTag(),
493
575
                                Addrs:         []string{"1.1.1.1:1111"},
494
576
                                CACert:        "cert1",
495
577
                                AuthTag:       names.NewUserTag("admin1").String(),
504
586
        active, err := st.IsMigrationActive()
505
587
        c.Assert(err, jc.ErrorIsNil)
506
588
        c.Check(active, jc.IsFalse)
507
 
 
 
589
}
 
590
 
 
591
func (s *controllerSuite) TestInitiateMigrationSkipPrechecks(c *gc.C) {
 
592
        st := s.Factory.MakeModel(c, nil)
 
593
        defer st.Close()
 
594
        controller.SetPrecheckResult(s, errors.New("should not happen"))
 
595
 
 
596
        args := params.InitiateMigrationArgs{
 
597
                Specs: []params.MigrationSpec{
 
598
                        {
 
599
                                ModelTag: st.ModelTag().String(),
 
600
                                TargetInfo: params.MigrationTargetInfo{
 
601
                                        ControllerTag: randomControllerTag(),
 
602
                                        Addrs:         []string{"1.1.1.1:1111", "2.2.2.2:2222"},
 
603
                                        CACert:        "cert",
 
604
                                        AuthTag:       names.NewUserTag("admin").String(),
 
605
                                        Password:      "secret",
 
606
                                },
 
607
                                ExternalControl:      true,
 
608
                                SkipInitialPrechecks: true,
 
609
                        },
 
610
                },
 
611
        }
 
612
        out, err := s.controller.InitiateMigration(args)
 
613
        c.Assert(err, jc.ErrorIsNil)
 
614
        c.Assert(out.Results, gc.HasLen, 1)
 
615
        c.Check(out.Results[0].ModelTag, gc.Equals, st.ModelTag().String())
 
616
        c.Check(out.Results[0].Error, gc.IsNil)
 
617
}
 
618
 
 
619
func randomControllerTag() string {
 
620
        uuid := utils.MustNewUUID().String()
 
621
        return names.NewControllerTag(uuid).String()
508
622
}
509
623
 
510
624
func randomModelTag() string {
534
648
 
535
649
func (s *controllerSuite) TestGrantMissingUserFails(c *gc.C) {
536
650
        user := names.NewLocalUserTag("foobar")
537
 
        err := s.controllerGrant(c, user, string(description.AddModelAccess))
 
651
        err := s.controllerGrant(c, user, string(permission.AddModelAccess))
538
652
        expectedErr := `could not grant controller access: user "foobar" does not exist locally: user "foobar" not found`
539
653
        c.Assert(err, gc.ErrorMatches, expectedErr)
540
654
}
542
656
func (s *controllerSuite) TestRevokeSuperuserLeavesAddModelAccess(c *gc.C) {
543
657
        user := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
544
658
 
545
 
        err := s.controllerGrant(c, user.UserTag(), string(description.SuperuserAccess))
 
659
        err := s.controllerGrant(c, user.UserTag(), string(permission.SuperuserAccess))
546
660
        c.Assert(err, gc.IsNil)
547
661
        ctag := names.NewControllerTag(s.State.ControllerUUID())
548
662
        controllerUser, err := s.State.UserAccess(user.UserTag(), ctag)
549
663
        c.Assert(err, jc.ErrorIsNil)
550
 
        c.Assert(controllerUser.Access, gc.Equals, description.SuperuserAccess)
 
664
        c.Assert(controllerUser.Access, gc.Equals, permission.SuperuserAccess)
551
665
 
552
 
        err = s.controllerRevoke(c, user.UserTag(), string(description.SuperuserAccess))
 
666
        err = s.controllerRevoke(c, user.UserTag(), string(permission.SuperuserAccess))
553
667
        c.Assert(err, gc.IsNil)
554
668
 
555
669
        controllerUser, err = s.State.UserAccess(user.UserTag(), controllerUser.Object)
556
670
        c.Assert(err, jc.ErrorIsNil)
557
 
        c.Assert(controllerUser.Access, gc.Equals, description.AddModelAccess)
 
671
        c.Assert(controllerUser.Access, gc.Equals, permission.AddModelAccess)
558
672
}
559
673
 
560
674
func (s *controllerSuite) TestRevokeAddModelLeavesLoginAccess(c *gc.C) {
561
675
        user := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
562
676
 
563
 
        err := s.controllerGrant(c, user.UserTag(), string(description.AddModelAccess))
 
677
        err := s.controllerGrant(c, user.UserTag(), string(permission.AddModelAccess))
564
678
        c.Assert(err, gc.IsNil)
565
679
        ctag := names.NewControllerTag(s.State.ControllerUUID())
566
680
        controllerUser, err := s.State.UserAccess(user.UserTag(), ctag)
567
681
        c.Assert(err, jc.ErrorIsNil)
568
 
        c.Assert(controllerUser.Access, gc.Equals, description.AddModelAccess)
 
682
        c.Assert(controllerUser.Access, gc.Equals, permission.AddModelAccess)
569
683
 
570
 
        err = s.controllerRevoke(c, user.UserTag(), string(description.AddModelAccess))
 
684
        err = s.controllerRevoke(c, user.UserTag(), string(permission.AddModelAccess))
571
685
        c.Assert(err, gc.IsNil)
572
686
 
573
687
        controllerUser, err = s.State.UserAccess(user.UserTag(), controllerUser.Object)
574
688
        c.Assert(err, jc.ErrorIsNil)
575
 
        c.Assert(controllerUser.Access, gc.Equals, description.LoginAccess)
 
689
        c.Assert(controllerUser.Access, gc.Equals, permission.LoginAccess)
576
690
}
577
691
 
578
692
func (s *controllerSuite) TestRevokeLoginRemovesControllerUser(c *gc.C) {
579
693
        user := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
580
 
        err := s.controllerRevoke(c, user.UserTag(), string(description.LoginAccess))
 
694
        err := s.controllerRevoke(c, user.UserTag(), string(permission.LoginAccess))
581
695
        c.Assert(err, gc.IsNil)
582
696
 
583
697
        ctag := names.NewControllerTag(s.State.ControllerUUID())
588
702
 
589
703
func (s *controllerSuite) TestRevokeControllerMissingUser(c *gc.C) {
590
704
        user := names.NewLocalUserTag("foobar")
591
 
        err := s.controllerRevoke(c, user, string(description.AddModelAccess))
 
705
        err := s.controllerRevoke(c, user, string(permission.AddModelAccess))
592
706
        expectedErr := `could not look up controller access for user: user "foobar" not found`
593
707
        c.Assert(err, gc.ErrorMatches, expectedErr)
594
708
}
596
710
func (s *controllerSuite) TestGrantOnlyGreaterAccess(c *gc.C) {
597
711
        user := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
598
712
 
599
 
        err := s.controllerGrant(c, user.UserTag(), string(description.AddModelAccess))
 
713
        err := s.controllerGrant(c, user.UserTag(), string(permission.AddModelAccess))
600
714
        c.Assert(err, gc.IsNil)
601
715
        ctag := names.NewControllerTag(s.State.ControllerUUID())
602
716
        controllerUser, err := s.State.UserAccess(user.UserTag(), ctag)
603
717
        c.Assert(err, jc.ErrorIsNil)
604
 
        c.Assert(controllerUser.Access, gc.Equals, description.AddModelAccess)
 
718
        c.Assert(controllerUser.Access, gc.Equals, permission.AddModelAccess)
605
719
 
606
 
        err = s.controllerGrant(c, user.UserTag(), string(description.AddModelAccess))
 
720
        err = s.controllerGrant(c, user.UserTag(), string(permission.AddModelAccess))
607
721
        expectedErr := `could not grant controller access: user already has "addmodel" access or greater`
608
722
        c.Assert(err, gc.ErrorMatches, expectedErr)
609
723
}
611
725
func (s *controllerSuite) TestGrantControllerAddRemoteUser(c *gc.C) {
612
726
        userTag := names.NewUserTag("foobar@ubuntuone")
613
727
 
614
 
        err := s.controllerGrant(c, userTag, string(description.AddModelAccess))
 
728
        err := s.controllerGrant(c, userTag, string(permission.AddModelAccess))
615
729
        c.Assert(err, jc.ErrorIsNil)
616
730
 
617
731
        ctag := names.NewControllerTag(s.State.ControllerUUID())
618
732
        controllerUser, err := s.State.UserAccess(userTag, ctag)
619
733
        c.Assert(err, jc.ErrorIsNil)
620
734
 
621
 
        c.Assert(controllerUser.Access, gc.Equals, description.AddModelAccess)
 
735
        c.Assert(controllerUser.Access, gc.Equals, permission.AddModelAccess)
622
736
}
623
737
 
624
738
func (s *controllerSuite) TestGrantControllerInvalidUserTag(c *gc.C) {
678
792
                        Changes: []params.ModifyControllerAccess{{
679
793
                                UserTag: testParam.tag,
680
794
                                Action:  params.GrantControllerAccess,
681
 
                                Access:  string(description.SuperuserAccess),
 
795
                                Access:  string(permission.SuperuserAccess),
682
796
                        }}}
683
797
 
684
798
                result, err := s.controller.ModifyControllerAccess(args)
702
816
                Changes: []params.ModifyControllerAccess{{
703
817
                        UserTag: "user-user@local",
704
818
                        Action:  dance,
705
 
                        Access:  string(description.LoginAccess),
 
819
                        Access:  string(permission.LoginAccess),
706
820
                }}}
707
821
 
708
822
        result, err := s.controller.ModifyControllerAccess(args)
715
829
        user := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
716
830
        user2 := s.Factory.MakeUser(c, &factory.UserParams{NoModelUser: true})
717
831
 
718
 
        err := s.controllerGrant(c, user.UserTag(), string(description.SuperuserAccess))
 
832
        err := s.controllerGrant(c, user.UserTag(), string(permission.SuperuserAccess))
719
833
        c.Assert(err, gc.IsNil)
720
 
        err = s.controllerGrant(c, user2.UserTag(), string(description.AddModelAccess))
 
834
        err = s.controllerGrant(c, user2.UserTag(), string(permission.AddModelAccess))
721
835
        c.Assert(err, gc.IsNil)
722
836
        req := params.Entities{
723
837
                Entities: []params.Entity{{Tag: user.Tag().String()}, {Tag: user2.Tag().String()}},