forked from juju/juju
/
agent.go
197 lines (177 loc) · 5.87 KB
/
agent.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
// Copyright 2013 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
// Package agent implements the API interfaces
// used by the machine agent.
package agent
import (
"github.com/juju/errors"
"gopkg.in/juju/names.v2"
"github.com/juju/juju/apiserver/common"
"github.com/juju/juju/apiserver/common/cloudspec"
"github.com/juju/juju/apiserver/facade"
"github.com/juju/juju/apiserver/params"
"github.com/juju/juju/mongo"
"github.com/juju/juju/state"
"github.com/juju/juju/state/multiwatcher"
"github.com/juju/juju/state/watcher"
)
// AgentAPIV2 implements the version 2 of the API provided to an agent.
type AgentAPIV2 struct {
*common.PasswordChanger
*common.RebootFlagClearer
*common.ModelWatcher
*common.ControllerConfigAPI
cloudspec.CloudSpecAPI
st *state.State
auth facade.Authorizer
resources facade.Resources
}
// NewAgentAPIV2 returns an object implementing version 2 of the Agent API
// with the given authorizer representing the currently logged in client.
func NewAgentAPIV2(st *state.State, resources facade.Resources, auth facade.Authorizer) (*AgentAPIV2, error) {
// Agents are defined to be any user that's not a client user.
if !auth.AuthMachineAgent() && !auth.AuthUnitAgent() {
return nil, common.ErrPerm
}
getCanChange := func() (common.AuthFunc, error) {
return auth.AuthOwner, nil
}
model, err := st.Model()
if err != nil {
return nil, errors.Trace(err)
}
return &AgentAPIV2{
PasswordChanger: common.NewPasswordChanger(st, getCanChange),
RebootFlagClearer: common.NewRebootFlagClearer(st, getCanChange),
ModelWatcher: common.NewModelWatcher(model, resources, auth),
ControllerConfigAPI: common.NewStateControllerConfig(st),
CloudSpecAPI: cloudspec.NewCloudSpec(
cloudspec.MakeCloudSpecGetterForModel(st),
common.AuthFuncForTag(model.ModelTag()),
),
st: st,
auth: auth,
resources: resources,
}, nil
}
func (api *AgentAPIV2) GetEntities(args params.Entities) params.AgentGetEntitiesResults {
results := params.AgentGetEntitiesResults{
Entities: make([]params.AgentGetEntitiesResult, len(args.Entities)),
}
for i, entity := range args.Entities {
tag, err := names.ParseTag(entity.Tag)
if err != nil {
results.Entities[i].Error = common.ServerError(err)
continue
}
result, err := api.getEntity(tag)
result.Error = common.ServerError(err)
results.Entities[i] = result
}
return results
}
func (api *AgentAPIV2) getEntity(tag names.Tag) (result params.AgentGetEntitiesResult, err error) {
// Allow only for the owner agent.
// Note: having a bulk API call for this is utter madness, given that
// this check means we can only ever return a single object.
if !api.auth.AuthOwner(tag) {
err = common.ErrPerm
return
}
entity0, err := api.st.FindEntity(tag)
if err != nil {
return
}
entity, ok := entity0.(state.Lifer)
if !ok {
err = common.NotSupportedError(tag, "life cycles")
return
}
result.Life = params.Life(entity.Life().String())
if machine, ok := entity.(*state.Machine); ok {
result.Jobs = stateJobsToAPIParamsJobs(machine.Jobs())
result.ContainerType = machine.ContainerType()
}
return
}
func (api *AgentAPIV2) StateServingInfo() (result params.StateServingInfo, err error) {
if !api.auth.AuthController() {
err = common.ErrPerm
return
}
info, err := api.st.StateServingInfo()
if err != nil {
return params.StateServingInfo{}, errors.Trace(err)
}
// ControllerAPIPort comes from the controller config.
config, err := api.st.ControllerConfig()
if err != nil {
return params.StateServingInfo{}, errors.Trace(err)
}
result = params.StateServingInfo{
APIPort: info.APIPort,
ControllerAPIPort: config.ControllerAPIPort(),
StatePort: info.StatePort,
Cert: info.Cert,
PrivateKey: info.PrivateKey,
CAPrivateKey: info.CAPrivateKey,
SharedSecret: info.SharedSecret,
SystemIdentity: info.SystemIdentity,
}
return result, nil
}
// MongoIsMaster is called by the IsMaster API call
// instead of mongo.IsMaster. It exists so it can
// be overridden by tests.
var MongoIsMaster = mongo.IsMaster
func (api *AgentAPIV2) IsMaster() (params.IsMasterResult, error) {
if !api.auth.AuthController() {
return params.IsMasterResult{}, common.ErrPerm
}
switch tag := api.auth.GetAuthTag().(type) {
case names.MachineTag:
machine, err := api.st.Machine(tag.Id())
if err != nil {
return params.IsMasterResult{}, common.ErrPerm
}
session := api.st.MongoSession()
isMaster, err := MongoIsMaster(session, machine)
return params.IsMasterResult{Master: isMaster}, err
default:
return params.IsMasterResult{}, errors.Errorf("authenticated entity is not a Machine")
}
}
func stateJobsToAPIParamsJobs(jobs []state.MachineJob) []multiwatcher.MachineJob {
pjobs := make([]multiwatcher.MachineJob, len(jobs))
for i, job := range jobs {
pjobs[i] = multiwatcher.MachineJob(job.String())
}
return pjobs
}
// WatchCredentials watches for changes to the specified credentials.
func (api *AgentAPIV2) WatchCredentials(args params.Entities) (params.NotifyWatchResults, error) {
if !api.auth.AuthController() {
return params.NotifyWatchResults{}, common.ErrPerm
}
results := params.NotifyWatchResults{
Results: make([]params.NotifyWatchResult, len(args.Entities)),
}
for i, entity := range args.Entities {
credentialTag, err := names.ParseCloudCredentialTag(entity.Tag)
if err != nil {
results.Results[i].Error = common.ServerError(err)
continue
}
watch := api.st.WatchCredential(credentialTag)
// Consume the initial event. Technically, API calls to Watch
// 'transmit' the initial event in the Watch response. But
// NotifyWatchers have no state to transmit.
if _, ok := <-watch.Changes(); ok {
results.Results[i].NotifyWatcherId = api.resources.Register(watch)
} else {
err = watcher.EnsureErr(watch)
results.Results[i].Error = common.ServerError(err)
}
}
return results, nil
}