/juju

Allow machine agents to connect to debuglog endpoint #6606

Merged
merged 3 commits into from Nov 24, 2016

Conversation

Reviewers

@mjs mjs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@babbageclunk @jujubot @mjs
@babbageclunk
Member

babbageclunk commented Nov 23, 2016
Edited 1 time

Previously only users could request the debug log, but we want to use it as the source for the migration log transfer, so the machine agent needs to be able to request it as well.

Added httpContext.stateForRequestAuthenticatedTag, which allows the calling code to say what kinds of entities should be allowed. Also generalised apiserver.common.AuthEither into AuthAny, which can combine any number of auth functions.

Moved the base debuglog tests into debuglog_db_test.go to make them easier to find - the file version of the debuglog is gone now.

QA steps:
Bootstrapped and checked that I could still use debug-log. It's hard to check that a machine agent can use it, but I'll be checking that in my logtrasfer testing.

babbageclunk added some commits Nov 23, 2016

@babbageclunk
Replace apiserver.common.AuthEither with AuthAny 
This yields an AuthFunc that accepts if any of its components
accept. (It's the same as AuthNever if it's not passed anything.)
dc51073
@babbageclunk
Allow machine agents to connect to debuglog endpoint 
This is needed by the migration log transfer phase.
987d272
@babbageclunk
Member

babbageclunk commented Nov 23, 2016

!!build!!
@mjs

mjs approved these changes Nov 23, 2016
View changes

Good stuff!

apiserver/debuglog_db_test.go
type debugLogDBSuite struct {
- debugLogBaseSuite
+ authHTTPSuite
@mjs

mjs Nov 23, 2016

Contributor

Thanks for cleaning this up. These reason for this is that /log used to be backed by a file on disk and the suites were split when logging to mongodb was added behind a feature flag. There's not need for the separation now.

@babbageclunk

babbageclunk Nov 23, 2016

Member

Yeah, from some of the comments and filenames I guessed that there had been a file version that had been ripped out.

apiserver/firewaller/firewaller.go
@@ -56,8 +56,8 @@ func NewFirewallerAPI(
accessUnit := common.AuthFuncForTagKind(names.UnitTagKind)
accessService := common.AuthFuncForTagKind(names.ApplicationTagKind)
@mjs

mjs Nov 23, 2016

Contributor

Gah! This should be called accessApplication. Do you mind fixing?

@babbageclunk

babbageclunk Nov 24, 2016

Member

Sure.

apiserver/firewaller/firewaller.go
- accessUnitOrService := common.AuthEither(accessUnit, accessService)
- accessUnitServiceOrMachine := common.AuthEither(accessUnitOrService, accessMachine)
+ accessUnitOrService := common.AuthAny(accessUnit, accessService)
+ accessUnitServiceOrMachine := common.AuthAny(accessUnitOrService, accessMachine)
@mjs

mjs Nov 23, 2016

Contributor

Same for these. s/Service/Application/

@babbageclunk

babbageclunk Nov 24, 2016

Member

Done - it turned out that this was actually doing Either(Either(unit, application), machine), so I changed it to Any(unit, application, machine) instead.

@babbageclunk
Member

babbageclunk commented Nov 24, 2016

$$merge$$
@jujubot
Contributor

jujubot commented Nov 24, 2016

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju

@jujubot jujubot merged commit d4df71e into juju:develop Nov 24, 2016

@babbageclunk babbageclunk deleted the babbageclunk:debuglog-allow-machines branch Nov 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment