Allow machine agents to connect to debuglog endpoint #6606
Conversation
This yields an AuthFunc that accepts if any of its components accept. (It's the same as AuthNever if it's not passed anything.)
This is needed by the migration log transfer phase.
|
!!build!! |
| type debugLogDBSuite struct { | ||
| debugLogBaseSuite | ||
| authHTTPSuite |
There was a problem hiding this comment.
Thanks for cleaning this up. These reason for this is that /log used to be backed by a file on disk and the suites were split when logging to mongodb was added behind a feature flag. There's not need for the separation now.
There was a problem hiding this comment.
Yeah, from some of the comments and filenames I guessed that there had been a file version that had been ripped out.
| @@ -56,8 +56,8 @@ func NewFirewallerAPI( | |||
| accessUnit := common.AuthFuncForTagKind(names.UnitTagKind) | |||
| accessService := common.AuthFuncForTagKind(names.ApplicationTagKind) | |||
There was a problem hiding this comment.
Gah! This should be called accessApplication. Do you mind fixing?
| accessUnitOrService := common.AuthEither(accessUnit, accessService) | ||
| accessUnitServiceOrMachine := common.AuthEither(accessUnitOrService, accessMachine) | ||
| accessUnitOrService := common.AuthAny(accessUnit, accessService) | ||
| accessUnitServiceOrMachine := common.AuthAny(accessUnitOrService, accessMachine) |
There was a problem hiding this comment.
Done - it turned out that this was actually doing Either(Either(unit, application), machine), so I changed it to Any(unit, application, machine) instead.
|
|
|
Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju |
Previously only users could request the debug log, but we want to use it as the source for the migration log transfer, so the machine agent needs to be able to request it as well.
Added
httpContext.stateForRequestAuthenticatedTag, which allows the calling code to say what kinds of entities should be allowed. Also generalisedapiserver.common.AuthEitherintoAuthAny, which can combine any number of auth functions.Moved the base debuglog tests into
debuglog_db_test.goto make them easier to find - the file version of the debuglog is gone now.QA steps:
Bootstrapped and checked that I could still use debug-log. It's hard to check that a machine agent can use it, but I'll be checking that in my logtrasfer testing.