crossmodel

package
v0.0.0-...-004e4dd Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2024 License: AGPL-3.0 Imports: 36 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// Override for testing.
	DefaultTransport = http.DefaultTransport
)

Functions

func CheckCanConsume 

func CheckCanConsume(auth authoriser, backend offerBackend, controllerTag, modelTag names.Tag, oc OfferConnection) (bool, error)

CheckCanConsume checks consume permission for a user on an offer connection.

func ExpandChange 

func ExpandChange(
	backend Backend,
	relationToken string,
	appToken string,
	change params.RelationUnitsChange,
) (params.RemoteRelationChangeEvent, error)

ExpandChange converts a params.RelationUnitsChange into a params.RemoteRelationChangeEvent by filling out the extra information from the passed backend. This takes relation and application token so that it can still return sensible results if the relation has been removed (just departing units).

func GetBackend 

func GetBackend(st *state.State) stateShim

GetBackend wraps a State to provide a Backend interface implementation.

func GetConsumingRelationTokens 

func GetConsumingRelationTokens(backend Backend, tag names.RelationTag) (string, string, error)

GetConsumingRelationTokens returns the tokens for the relation and the local application of the passed in relation tag.

func GetOfferStatusChange 

func GetOfferStatusChange(st offerGetter, offerUUID, offerName string) (*params.OfferStatusChange, error)

GetOfferStatusChange returns a status change struct for the input offer name. If the offer or application are not found during a migration, a specific error to indicate the migration-in-progress is returned. This is interpreted upstream as a watcher error and propagated to the remote CMR consumer.

func GetOfferingRelationTokens 

func GetOfferingRelationTokens(backend Backend, tag names.RelationTag) (string, string, error)

GetOfferingRelationTokens returns the tokens for the relation and the offer of the passed in relation tag.

func GetRelationLifeSuspendedStatusChange 

func GetRelationLifeSuspendedStatusChange(
	st relationGetter, key string,
) (*params.RelationLifeSuspendedStatusChange, error)

GetRelationLifeSuspendedStatusChange returns a life/suspended status change struct for a specified relation key.

func PublishIngressNetworkChange 

func PublishIngressNetworkChange(backend Backend, relationTag names.Tag, change params.IngressNetworksChangeEvent) error

PublishIngressNetworkChange saves the specified ingress networks for a relation.

func PublishRelationChange 

func PublishRelationChange(auth authoriser, backend Backend, relationTag, applicationTag names.Tag, change params.RemoteRelationChangeEvent) error

PublishRelationChange applies the relation change event to the specified backend.

func RelationInfoFromMacaroons 

func RelationInfoFromMacaroons(mac macaroon.Slice) (string, string, bool)

RelationInfoFromMacaroons returns any relation and offer in the macaroons' declared caveats.

func RelationUnitSettings 

func RelationUnitSettings(backend Backend, ru params.RelationUnit) (params.Settings, error)

RelationUnitSettings returns the unit settings for the specified relation unit.

func WatchRelationUnits 

func WatchRelationUnits(backend Backend, tag names.RelationTag) (common.RelationUnitsWatcher, error)

WatchRelationUnits returns a watcher for changes to the units on the specified relation.

Types

type Application 

type Application interface {
	// Name is the name of the application.
	Name() string

	// Life returns the lifecycle state of the application.
	Life() state.Life

	// Endpoints returns the application's currently available relation endpoints.
	Endpoints() ([]state.Endpoint, error)

	// Charm returns the application's charm and whether units should upgrade to that
	// charm even if they are in an error state.
	Charm() (ch Charm, force bool, err error)

	// CharmURL returns a string representation the application's charm URL,
	// and whether units should upgrade to the charm with that URL even if
	// they are in an error state.
	CharmURL() (curl *string, force bool)

	// EndpointBindings returns the Bindings object for this application.
	EndpointBindings() (Bindings, error)

	// Status returns the status of the application.
	Status() (status.StatusInfo, error)

	// AllUnits returns all units of the application.
	AllUnits() ([]Unit, error)
}

Application represents the state of a application hosted in the local model.

type AuthContext 

type AuthContext struct {
	// contains filtered or unexported fields
}

AuthContext is used to validate macaroons used to access application offers.

func NewAuthContext 

func NewAuthContext(
	systemState Backend,
	offerThirdPartyKey *bakery.KeyPair,
	offerBakery OfferBakeryInterface,
) (*AuthContext, error)

NewAuthContext creates a new authentication context for checking macaroons used with application offer requests.

func (*AuthContext) Authenticator 

func (a *AuthContext) Authenticator() *authenticator

Authenticator returns an instance used to authenticate macaroons used to access offers.

func (*AuthContext) CheckLocalAccessRequest 

func (a *AuthContext) CheckLocalAccessRequest(details *offerPermissionCheck) ([]checkers.Caveat, error)

CheckLocalAccessRequest checks that the user in the specified permission check details has consume access to the offer in the details. It returns an error with a *bakery.VerificationError cause if the macaroon verification failed. If the macaroon is valid, CheckLocalAccessRequest returns a list of caveats to add to the discharge macaroon.

func (*AuthContext) CheckOfferAccessCaveat 

func (a *AuthContext) CheckOfferAccessCaveat(caveat string) (*offerPermissionCheck, error)

CheckOfferAccessCaveat checks that the specified caveat required to be satisfied to gain access to an offer is valid, and returns the attributes return to check that the caveat is satisfied.

func (*AuthContext) CreateConsumeOfferMacaroon 

func (a *AuthContext) CreateConsumeOfferMacaroon(
	ctx context.Context, offer *params.ApplicationOfferDetailsV5, username string, version bakery.Version,
) (*bakery.Macaroon, error)

CreateConsumeOfferMacaroon creates a macaroon that authorises access to the specified offer.

func (*AuthContext) CreateRemoteRelationMacaroon 

func (a *AuthContext) CreateRemoteRelationMacaroon(
	ctx context.Context, sourceModelUUID, offerUUID, username string, rel names.Tag, version bakery.Version,
) (*bakery.Macaroon, error)

CreateRemoteRelationMacaroon creates a macaroon that authorises access to the specified relation.

func (*AuthContext) OfferThirdPartyKey 

func (a *AuthContext) OfferThirdPartyKey() *bakery.KeyPair

OfferThirdPartyKey returns the key used to discharge offer macaroons.

func (*AuthContext) WithDischargeURL 

func (a *AuthContext) WithDischargeURL(offerAccessEndpoint string) (*AuthContext, error)

WithDischargeURL create an auth context based on this context and used to perform third party discharges at the specified URL.

type Backend 

type Backend interface {
	// ModelUUID returns the model UUID for the model
	// controlled by this state instance.
	ModelUUID() string

	// ModelTag the tag of the model on which we are operating.
	ModelTag() names.ModelTag

	// ModelConfig returns the complete config for the model
	ModelConfig() (*config.Config, error)

	// AllModelUUIDs returns the UUIDs of all models in the controller.
	AllModelUUIDs() ([]string, error)

	// ControllerTag the tag of the controller in which we are operating.
	ControllerTag() names.ControllerTag

	// KeyRelation returns the existing relation with the given key (which can
	// be derived unambiguously from the relation's endpoints).
	KeyRelation(string) (Relation, error)

	// Application returns a local application by name.
	Application(string) (Application, error)

	// GetOfferAccess gets the access permission for the specified user on an offer.
	GetOfferAccess(offerUUID string, user names.UserTag) (permission.Access, error)

	// UserPermission returns the access permission for the passed subject and target.
	UserPermission(subject names.UserTag, target names.Tag) (permission.Access, error)

	// RemoteApplication returns a remote application by name.
	RemoteApplication(string) (RemoteApplication, error)

	// AddRelation adds a relation between the specified endpoints and returns the relation info.
	AddRelation(...state.Endpoint) (Relation, error)

	// EndpointsRelation returns the existing relation with the given endpoints.
	EndpointsRelation(...state.Endpoint) (Relation, error)

	// OfferConnectionForRelation get the offer connection for a cross model relation.
	OfferConnectionForRelation(string) (OfferConnection, error)

	// AddRemoteApplication creates a new remote application record, having the supplied relation endpoints,
	// with the supplied name (which must be unique across all applications, local and remote).
	AddRemoteApplication(state.AddRemoteApplicationParams) (RemoteApplication, error)

	// OfferUUIDForRelation gets the uuid of the offer for the
	// specified cross-model relation key.
	OfferUUIDForRelation(string) (string, error)

	// GetRemoteEntity returns the tag of the entity associated with the given token.
	GetRemoteEntity(string) (names.Tag, error)

	// GetToken returns the token associated with the entity with the given tag.
	GetToken(entity names.Tag) (string, error)

	// ExportLocalEntity adds an entity to the remote entities collection,
	// returning an opaque token that uniquely identifies the entity within
	// the model.
	ExportLocalEntity(names.Tag) (string, error)

	// ImportRemoteEntity adds an entity to the remote entities collection
	// with the specified opaque token.
	ImportRemoteEntity(entity names.Tag, token string) error

	// SaveIngressNetworks stores in state the ingress networks for the relation.
	SaveIngressNetworks(relationKey string, cidrs []string) (state.RelationNetworks, error)

	// IngressNetworks returns the networks for the specified relation.
	IngressNetworks(relationKey string) (state.RelationNetworks, error)

	// ApplicationOfferForUUID returns the application offer for the UUID.
	ApplicationOfferForUUID(offerUUID string) (*crossmodel.ApplicationOffer, error)

	// WatchOfferStatus returns a watcher that notifies of changes to the status
	// of the offer.
	WatchOfferStatus(offerUUID string) (state.NotifyWatcher, error)

	// WatchOffer returns a watcher that notifies of changes to the
	// lifecycle of the offer.
	WatchOffer(offerName string) state.NotifyWatcher

	// ApplyOperation applies a model operation to the state.
	ApplyOperation(op state.ModelOperation) error

	// RemoveSecretConsumer removes secret references for the specified consumer.
	RemoveSecretConsumer(consumer names.Tag) error

	// UpdateSecretConsumerOperation returns an operation for updating the latest revision
	// for any consumers of the secret.
	UpdateSecretConsumerOperation(uri *coresecrets.URI, latestRevision int) (state.ModelOperation, error)
}

type Bindings 

type Bindings interface {
	MapWithSpaceNames(network.SpaceInfos) (map[string]string, error)
}

Bindings defines a subset of the functionality provided by the state.Bindings type, as required by the application facade. For details on the methods, see the methods on state.Bindings with the same names.

type Charm 

type Charm interface {
	// Meta returns the metadata of the charm.
	Meta() *charm.Meta

	// StoragePath returns the storage path of the charm bundle.
	StoragePath() string
}

type CrossModelAuthorizer 

type CrossModelAuthorizer struct{}

CrossModelAuthorizer authorises any cmr operation presented to it.

func (CrossModelAuthorizer) AuthorizeOps 

func (CrossModelAuthorizer) AuthorizeOps(ctx context.Context, authorizedOp bakery.Op, queryOps []bakery.Op) ([]bool, []checkers.Caveat, error)

AuthorizeOps implements OpsAuthorizer.AuthorizeOps.

type JaaSOfferBakery 

type JaaSOfferBakery struct {
	*OfferBakery
	// contains filtered or unexported fields
}

JaaSOfferBakery is a bakery service for offer access.

func NewJaaSOfferBakery 

func NewJaaSOfferBakery(
	loginTokenRefreshURL, location string,
	bakeryConfig bakerystorage.BakeryConfig,
	store bakerystorage.ExpirableStorage,
	checker bakery.FirstPartyCaveatChecker,
) (*JaaSOfferBakery, error)

NewJaaSOfferBakery creates a new bakery service for JaaS offer access.

func (*JaaSOfferBakery) CreateDischargeMacaroon 

func (o *JaaSOfferBakery) CreateDischargeMacaroon(
	ctx context.Context, accessEndpoint, username string,
	requiredValues, declaredValues map[string]string,
	op bakery.Op, version bakery.Version,
) (*bakery.Macaroon, error)

CreateDischargeMacaroon creates a discharge macaroon.

func (*JaaSOfferBakery) GetConsumeOfferCaveats 

func (o *JaaSOfferBakery) GetConsumeOfferCaveats(offerUUID, sourceModelUUID, username string) []checkers.Caveat

GetConsumeOfferCaveats returns the caveats for consuming an offer.

func (*JaaSOfferBakery) InferDeclaredFromMacaroon 

func (o *JaaSOfferBakery) InferDeclaredFromMacaroon(mac macaroon.Slice, requiredValues map[string]string) map[string]string

InferDeclaredFromMacaroon returns the declared attributes from the macaroon.

func (*JaaSOfferBakery) RefreshDischargeURL 

func (o *JaaSOfferBakery) RefreshDischargeURL(accessEndpoint string) (string, error)

RefreshDischargeURL updates the discharge URL for the bakery service.

type OfferBakery 

type OfferBakery struct {
	// contains filtered or unexported fields
}

OfferBakery is a bakery service for offer access.

func NewLocalOfferBakery 

func NewLocalOfferBakery(
	location string,
	bakeryConfig bakerystorage.BakeryConfig,
	store bakerystorage.ExpirableStorage,
	checker bakery.FirstPartyCaveatChecker,
) (*OfferBakery, error)

NewLocalOfferBakery creates a new bakery service for local offer access.

func NewOfferBakeryForTest 

func NewOfferBakeryForTest(bakery authentication.ExpirableStorageBakery, clk clock.Clock) *OfferBakery

NewOfferBakeryForTest is for testing.

func (*OfferBakery) CreateDischargeMacaroon 

func (o *OfferBakery) CreateDischargeMacaroon(
	ctx context.Context, accessEndpoint, username string,
	requiredValues, declaredValues map[string]string,
	op bakery.Op, version bakery.Version,
) (*bakery.Macaroon, error)

CreateDischargeMacaroon creates a discharge macaroon.

func (*OfferBakery) GetConsumeOfferCaveats 

func (o *OfferBakery) GetConsumeOfferCaveats(offerUUID, sourceModelUUID, username string) []checkers.Caveat

GetConsumeOfferCaveats returns the caveats for consuming an offer.

func (*OfferBakery) InferDeclaredFromMacaroon 

func (o *OfferBakery) InferDeclaredFromMacaroon(mac macaroon.Slice, requiredValues map[string]string) map[string]string

InferDeclaredFromMacaroon returns the declared attributes from the macaroon.

func (*OfferBakery) RefreshDischargeURL 

func (o *OfferBakery) RefreshDischargeURL(accessEndpoint string) (string, error)

RefreshDischargeURL updates the discharge URL for the bakery service.

type OfferBakeryInterface 

type OfferBakeryInterface interface {
	RefreshDischargeURL(string) (string, error)
	GetConsumeOfferCaveats(offerUUID, sourceModelUUID, username string) []checkers.Caveat
	InferDeclaredFromMacaroon(macaroon.Slice, map[string]string) map[string]string
	CreateDischargeMacaroon(
		context.Context, string, string, map[string]string, map[string]string, bakery.Op, bakery.Version,
	) (*bakery.Macaroon, error)
	// contains filtered or unexported methods
}

OfferBakeryInterface is the interface that OfferBakery implements.

type OfferConnection 

type OfferConnection interface {
	UserName() string
	OfferUUID() string
}

OfferConnection provides access to an offer connection in state.

type Relation 

type Relation interface {
	status.StatusGetter
	status.StatusSetter
	// Destroy ensures that the relation will be removed at some point; if
	// no units are currently in scope, it will be removed immediately.
	Destroy() error

	// DestroyWithForce may force the destruction of the relation.
	// In addition, this function also returns all non-fatal operational errors
	// encountered.
	DestroyWithForce(force bool, maxWait time.Duration) ([]error, error)

	// Id returns the integer internal relation key.
	Id() int

	// Life returns the relation's current life state.
	Life() state.Life

	// Tag returns the relation's tag.
	Tag() names.Tag

	// UnitCount is the number of units still in relation scope.
	UnitCount() int

	// RemoteUnit returns a RelationUnit for the remote application unit
	// with the supplied ID.
	RemoteUnit(unitId string) (RelationUnit, error)

	// AllRemoteUnits returns all the RelationUnits for the remote
	// application units for a given application.
	AllRemoteUnits(appName string) ([]RelationUnit, error)

	// Endpoints returns the endpoints that constitute the relation.
	Endpoints() []state.Endpoint

	// Endpoint returns the endpoint of the relation for the named application.
	Endpoint(appName string) (state.Endpoint, error)

	// Unit returns a RelationUnit for the unit with the supplied ID.
	Unit(unitId string) (RelationUnit, error)

	// WatchUnits returns a watcher that notifies of changes to the units of the
	// specified application in the relation.
	WatchUnits(applicationName string) (state.RelationUnitsWatcher, error)

	// WatchLifeSuspendedStatus returns a watcher that notifies of changes to the life
	// or suspended status of the relation.
	WatchLifeSuspendedStatus() state.StringsWatcher

	// Suspended returns the suspended status of the relation.
	Suspended() bool

	// SuspendedReason returns the reason why the relation is suspended.
	SuspendedReason() string

	// SetSuspended sets the suspended status of the relation.
	SetSuspended(bool, string) error

	// ReplaceApplicationSettings replaces the application's settings within the
	// relation.
	ReplaceApplicationSettings(appName string, settings map[string]interface{}) error

	// ApplicationSettings returns the settings for the specified
	// application in the relation.
	ApplicationSettings(appName string) (map[string]interface{}, error)
}

Relation provides access a relation in global state.

type RelationUnit 

type RelationUnit interface {
	// EnterScope ensures that the unit has entered its scope in the
	// relation. When the unit has already entered its scope, EnterScope
	// will report success but make no changes to state.
	EnterScope(settings map[string]interface{}) error

	// InScope returns whether the relation unit has entered scope and
	// not left it.
	InScope() (bool, error)

	// LeaveScope signals that the unit has left its scope in the relation.
	// After the unit has left its relation scope, it is no longer a member
	// of the relation; if the relation is dying when its last member unit
	// leaves, it is removed immediately. It is not an error to leave a
	// scope that the unit is not, or never was, a member of.
	LeaveScope() error

	// Settings returns the relation unit's settings within the relation.
	Settings() (map[string]interface{}, error)

	// ReplaceSettings replaces the relation unit's settings within the
	// relation.
	ReplaceSettings(map[string]interface{}) error
}

RelationUnit provides access to the settings of a single unit in a relation, and methods for modifying the unit's involvement in the relation.

type RemoteApplication 

type RemoteApplication interface {
	// DestroyWithForce in addition to doing what Destroy() does,
	// when force is passed in as 'true', forces th destruction of remote application,
	// ignoring errors.
	DestroyWithForce(force bool, maxWait time.Duration) (opErrs []error, err error)

	// Name returns the name of the remote application.
	Name() string

	// Tag returns the remote applications's tag.
	Tag() names.Tag

	// URL returns the offer URL, at which the application is offered.
	URL() (string, bool)

	// OfferUUID returns the UUID of the offer.
	OfferUUID() string

	// SourceModel returns the tag of the model hosting the remote application.
	SourceModel() names.ModelTag

	// Macaroon returns the macaroon used for authentication.
	Macaroon() (*macaroon.Macaroon, error)

	// Status returns the status of the remote application.
	Status() (status.StatusInfo, error)

	// IsConsumerProxy returns whether application is created
	// from a registration operation by a consuming model.
	IsConsumerProxy() bool

	// ConsumeVersion increments each time a new saas proxy
	// for the same offer is created.
	ConsumeVersion() int

	// Life returns the lifecycle state of the application.
	Life() state.Life

	// SetStatus sets the status of the remote application.
	SetStatus(info status.StatusInfo) error

	// TerminateOperation returns an operation that will set this
	// remote application to terminated and leave it in a state
	// enabling it to be removed cleanly.
	TerminateOperation(string) state.ModelOperation

	// DestroyOperation returns a model operation to destroy remote application.
	DestroyOperation(bool) state.ModelOperation
}

RemoteApplication represents the state of an application hosted in an external (remote) model.

type Unit 

type Unit interface {
	// Status returns the status of the unit.
	Status() (status.StatusInfo, error)
}

Unit represents the state of a unit hosted in the local model.

type WrappedUnitsWatcher 

type WrappedUnitsWatcher struct {
	common.RelationUnitsWatcher
	RelationToken    string
	ApplicationToken string
}

WrappedUnitsWatcher is a relation units watcher that remembers details about the relation it came from so changes can be expanded for sending outside this model.

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.