Allow machine agents to connect to debuglog endpoint #6606

Merged
merged 3 commits into from Nov 24, 2016

Conversation

Projects
None yet
3 participants
Member

babbageclunk commented Nov 23, 2016

Previously only users could request the debug log, but we want to use it as the source for the migration log transfer, so the machine agent needs to be able to request it as well.

Added httpContext.stateForRequestAuthenticatedTag, which allows the calling code to say what kinds of entities should be allowed. Also generalised apiserver.common.AuthEither into AuthAny, which can combine any number of auth functions.

Moved the base debuglog tests into debuglog_db_test.go to make them easier to find - the file version of the debuglog is gone now.

QA steps:
Bootstrapped and checked that I could still use debug-log. It's hard to check that a machine agent can use it, but I'll be checking that in my logtrasfer testing.

babbageclunk added some commits Nov 23, 2016

Replace apiserver.common.AuthEither with AuthAny
This yields an AuthFunc that accepts if any of its components
accept. (It's the same as AuthNever if it's not passed anything.)
Allow machine agents to connect to debuglog endpoint
This is needed by the migration log transfer phase.
Member

babbageclunk commented Nov 23, 2016

!!build!!

mjs approved these changes Nov 23, 2016

Good stuff!

type debugLogDBSuite struct {
- debugLogBaseSuite
+ authHTTPSuite
@mjs

mjs Nov 23, 2016

Contributor

Thanks for cleaning this up. These reason for this is that /log used to be backed by a file on disk and the suites were split when logging to mongodb was added behind a feature flag. There's not need for the separation now.

@babbageclunk

babbageclunk Nov 23, 2016

Member

Yeah, from some of the comments and filenames I guessed that there had been a file version that had been ripped out.

apiserver/firewaller/firewaller.go
@@ -56,8 +56,8 @@ func NewFirewallerAPI(
accessUnit := common.AuthFuncForTagKind(names.UnitTagKind)
accessService := common.AuthFuncForTagKind(names.ApplicationTagKind)
@mjs

mjs Nov 23, 2016

Contributor

Gah! This should be called accessApplication. Do you mind fixing?

apiserver/firewaller/firewaller.go
- accessUnitOrService := common.AuthEither(accessUnit, accessService)
- accessUnitServiceOrMachine := common.AuthEither(accessUnitOrService, accessMachine)
+ accessUnitOrService := common.AuthAny(accessUnit, accessService)
+ accessUnitServiceOrMachine := common.AuthAny(accessUnitOrService, accessMachine)
@mjs

mjs Nov 23, 2016

Contributor

Same for these. s/Service/Application/

@babbageclunk

babbageclunk Nov 24, 2016

Member

Done - it turned out that this was actually doing Either(Either(unit, application), machine), so I changed it to Any(unit, application, machine) instead.

Member

babbageclunk commented Nov 24, 2016

$$merge$$

Contributor

jujubot commented Nov 24, 2016

Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju

@jujubot jujubot merged commit d4df71e into juju:develop Nov 24, 2016

@babbageclunk babbageclunk deleted the babbageclunk:debuglog-allow-machines branch Nov 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment