New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow machine agents to connect to debuglog endpoint #6606
Conversation
This yields an AuthFunc that accepts if any of its components accept. (It's the same as AuthNever if it's not passed anything.)
This is needed by the migration log transfer phase.
!!build!! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good stuff!
type debugLogDBSuite struct { | ||
debugLogBaseSuite | ||
authHTTPSuite |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for cleaning this up. These reason for this is that /log used to be backed by a file on disk and the suites were split when logging to mongodb was added behind a feature flag. There's not need for the separation now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, from some of the comments and filenames I guessed that there had been a file version that had been ripped out.
@@ -56,8 +56,8 @@ func NewFirewallerAPI( | |||
accessUnit := common.AuthFuncForTagKind(names.UnitTagKind) | |||
accessService := common.AuthFuncForTagKind(names.ApplicationTagKind) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gah! This should be called accessApplication. Do you mind fixing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure.
accessUnitOrService := common.AuthEither(accessUnit, accessService) | ||
accessUnitServiceOrMachine := common.AuthEither(accessUnitOrService, accessMachine) | ||
accessUnitOrService := common.AuthAny(accessUnit, accessService) | ||
accessUnitServiceOrMachine := common.AuthAny(accessUnitOrService, accessMachine) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same for these. s/Service/Application/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done - it turned out that this was actually doing Either(Either(unit, application), machine), so I changed it to Any(unit, application, machine) instead.
|
Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju |
Previously only users could request the debug log, but we want to use it as the source for the migration log transfer, so the machine agent needs to be able to request it as well.
Added
httpContext.stateForRequestAuthenticatedTag
, which allows the calling code to say what kinds of entities should be allowed. Also generalisedapiserver.common.AuthEither
intoAuthAny
, which can combine any number of auth functions.Moved the base debuglog tests into
debuglog_db_test.go
to make them easier to find - the file version of the debuglog is gone now.QA steps:
Bootstrapped and checked that I could still use debug-log. It's hard to check that a machine agent can use it, but I'll be checking that in my logtrasfer testing.