-
Notifications
You must be signed in to change notification settings - Fork 491
/
trust.go
121 lines (104 loc) · 3.14 KB
/
trust.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
// Copyright 2018 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package application
import (
"fmt"
"github.com/juju/cmd/v3"
"github.com/juju/errors"
"github.com/juju/gnuflag"
"github.com/juju/juju/api/client/application"
appfacade "github.com/juju/juju/apiserver/facades/client/application"
jujucmd "github.com/juju/juju/cmd"
"github.com/juju/juju/cmd/juju/block"
"github.com/juju/juju/cmd/modelcmd"
"github.com/juju/juju/core/model"
)
const (
trustSummary = `Sets the trust status of a deployed application to true.`
trustDetails = `Sets the trust configuration value to true.
On k8s models, the trust operation currently grants the charm full access to the cluster.
Until the permissions model is refined to grant more granular role based access, the use of
'--scope=cluster' is required to confirm this choice.
`
trustExamples = `
juju trust media-wiki
juju trust metallb --scope=cluster
`
clusterScopeError = `'juju trust' currently grants full access to the cluster itself.
Set the scope to 'cluster' using '--scope=cluster' to confirm this choice.
`
)
type trustCommand struct {
modelcmd.ModelCommandBase
api ApplicationAPI
applicationName string
removeTrust bool
scope string
}
func NewTrustCommand() cmd.Command {
return modelcmd.Wrap(&trustCommand{})
}
// Info is part of the cmd.Command interface.
func (c *trustCommand) Info() *cmd.Info {
return jujucmd.Info(&cmd.Info{
Name: "trust",
Args: "<application name>",
Purpose: trustSummary,
Doc: trustDetails,
Examples: trustExamples,
SeeAlso: []string{
"config",
},
})
}
// SetFlags is part of the cmd.Command interface.
func (c *trustCommand) SetFlags(f *gnuflag.FlagSet) {
c.ModelCommandBase.SetFlags(f)
f.BoolVar(&c.removeTrust, "remove", false, "Remove trusted access from a trusted application")
f.StringVar(&c.scope, "scope", "", "k8s models only - needs to be set to 'cluster'")
}
// getAPI either uses the fake API set at test time or that is nil, gets a real
// API and sets that as the API.
func (c *trustCommand) getAPI() (ApplicationAPI, error) {
if c.api != nil {
return c.api, nil
}
root, err := c.NewAPIRoot()
if err != nil {
return nil, errors.Trace(err)
}
client := application.NewClient(root)
return client, nil
}
// Init is part of the cmd.Command interface.
func (c *trustCommand) Init(args []string) error {
if len(args) == 0 {
return errors.New("no application name specified")
}
c.applicationName = args[0]
return nil
}
func (c *trustCommand) Run(ctx *cmd.Context) error {
modelType, err := c.ModelType()
if err != nil {
return errors.Trace(err)
}
if modelType == model.CAAS && !c.removeTrust {
if c.scope == "" {
return errors.New(clusterScopeError)
}
if c.scope != "cluster" {
return errors.NotValidf("scope %q", c.scope)
}
}
// Set trust config value
client, err := c.getAPI()
if err != nil {
return errors.Trace(err)
}
defer func() { _ = client.Close() }()
err = client.SetConfig("", c.applicationName, "",
map[string]string{appfacade.TrustConfigOptionName: fmt.Sprint(!c.removeTrust)},
)
return errors.Trace(block.ProcessBlockedError(err, block.BlockChange))
}