forked from juju/juju
/
authenticationprovider.go
87 lines (77 loc) · 2.3 KB
/
authenticationprovider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// Copyright 2012, 2013 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package environs
import (
"fmt"
"github.com/juju/utils"
"github.com/juju/juju/mongo"
"github.com/juju/juju/state"
"github.com/juju/juju/state/api"
apiprovisioner "github.com/juju/juju/state/api/provisioner"
)
// TaggedPasswordChanger defines an interface for a entity with a
// Tag() and SetPassword() methods.
type TaggedPasswordChanger interface {
SetPassword(string) error
Tag() string
}
// AuthenticationProvider defines the single method that the provisioner
// task needs to set up authentication for a machine.
type AuthenticationProvider interface {
SetupAuthentication(machine TaggedPasswordChanger) (*state.Info, *api.Info, error)
}
// NewEnvironAuthenticator gets the state and api info once from the environ.
func NewEnvironAuthenticator(environ Environ) (AuthenticationProvider, error) {
stateInfo, apiInfo, err := environ.StateInfo()
if err != nil {
return nil, err
}
return &simpleAuth{stateInfo, apiInfo}, nil
}
// NewAPIAuthenticator gets the state and api info once from the
// provisioner API.
func NewAPIAuthenticator(st *apiprovisioner.State) (AuthenticationProvider, error) {
stateAddresses, err := st.StateAddresses()
if err != nil {
return nil, err
}
apiAddresses, err := st.APIAddresses()
if err != nil {
return nil, err
}
caCert, err := st.CACert()
if err != nil {
return nil, err
}
stateInfo := &state.Info{
Info: mongo.Info{
Addrs: stateAddresses,
CACert: caCert,
},
}
apiInfo := &api.Info{
Addrs: apiAddresses,
CACert: caCert,
}
return &simpleAuth{stateInfo, apiInfo}, nil
}
type simpleAuth struct {
stateInfo *state.Info
apiInfo *api.Info
}
func (auth *simpleAuth) SetupAuthentication(machine TaggedPasswordChanger) (*state.Info, *api.Info, error) {
password, err := utils.RandomPassword()
if err != nil {
return nil, nil, fmt.Errorf("cannot make password for machine %v: %v", machine, err)
}
if err := machine.SetPassword(password); err != nil {
return nil, nil, fmt.Errorf("cannot set API password for machine %v: %v", machine, err)
}
stateInfo := *auth.stateInfo
stateInfo.Tag = machine.Tag()
stateInfo.Password = password
apiInfo := *auth.apiInfo
apiInfo.Tag = machine.Tag()
apiInfo.Password = password
return &stateInfo, &apiInfo, nil
}