1
// Copyright 2016 Canonical Ltd.
2
// Licensed under the AGPLv3, see LICENCE file for details.
10
"github.com/juju/errors"
11
"launchpad.net/gnuflag"
13
"github.com/juju/juju/cmd/juju/block"
14
"github.com/juju/juju/cmd/modelcmd"
15
"github.com/juju/juju/juju/permission"
18
type accessCommand struct {
19
modelcmd.ControllerCommandBase
26
// SetFlags implements cmd.Command.
27
func (c *accessCommand) SetFlags(f *gnuflag.FlagSet) {
28
f.StringVar(&c.ModelAccess, "acl", "read", "access control")
31
// Init implements cmd.Command.
32
func (c *accessCommand) Init(args []string) error {
34
return errors.New("no user specified")
38
return errors.New("no model specified")
41
_, err := permission.ParseModelAccess(c.ModelAccess)
47
c.ModelNames = args[1:]
51
const grantModelHelpDoc = `
52
Grant another user access to a model.
56
Grant user "joe" default (read) access to the current model
58
juju grant joe model1 --acl=write
59
Grant user "joe" write access to the current model
61
juju grant sam model1 model2
62
Grant user "sam" default (read) access to two models named "model1" and "model2".
65
// NewGrantCommand returns a new grant command.
66
func NewGrantCommand() cmd.Command {
67
return modelcmd.WrapController(&grantCommand{})
70
// grantCommand represents the command to grant a user access to one or more models.
71
type grantCommand struct {
76
// Info implements Command.Info.
77
func (c *grantCommand) Info() *cmd.Info {
80
Args: "<user> <model1> [<model2> .. <modelN>]",
81
Purpose: "grant another user access to the given models",
82
Doc: strings.TrimSpace(grantModelHelpDoc),
86
func (c *grantCommand) getAPI() (GrantModelAPI, error) {
90
return c.NewModelManagerAPIClient()
93
// GrantModelAPI defines the API functions used by the grant command.
94
type GrantModelAPI interface {
96
GrantModel(user, access string, modelUUIDs ...string) error
99
// Run implements cmd.Command.
100
func (c *grantCommand) Run(ctx *cmd.Context) error {
101
client, err := c.getAPI()
107
models, err := c.ModelUUIDs(c.ModelNames)
111
return block.ProcessBlockedError(client.GrantModel(c.User, c.ModelAccess, models...), block.BlockChange)
114
const revokeModelHelpDoc = `
115
Deny a user access to an model that was previously shared with them.
117
Revoking read access also revokes write access.
120
juju revoke joe model1
121
Revoke read access from user "joe" for model "model1".
123
juju revoke joe model1 model2 --acl=write
124
Revoke write access from user "joe" for models "model1" and "model2".
127
// NewRevokeCommand returns a new revoke command.
128
func NewRevokeCommand() cmd.Command {
129
return modelcmd.WrapController(&revokeCommand{})
132
// revokeCommand revokes a user's access to models.
133
type revokeCommand struct {
138
// Info implements cmd.Command.
139
func (c *revokeCommand) Info() *cmd.Info {
142
Args: "<user> <model1> [<model2> .. <modelN>]",
143
Purpose: "revoke user access to models",
144
Doc: strings.TrimSpace(revokeModelHelpDoc),
148
func (c *revokeCommand) getAPI() (RevokeModelAPI, error) {
152
return c.NewModelManagerAPIClient()
155
// RevokeModelAPI defines the API functions used by the revoke command.
156
type RevokeModelAPI interface {
158
RevokeModel(user, access string, modelUUIDs ...string) error
161
// Run implements cmd.Command.
162
func (c *revokeCommand) Run(ctx *cmd.Context) error {
163
client, err := c.getAPI()
169
modelUUIDs, err := c.ModelUUIDs(c.ModelNames)
173
return block.ProcessBlockedError(client.RevokeModel(c.User, c.ModelAccess, modelUUIDs...), block.BlockChange)