service

package
v0.0.0-...-1592773 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2025 License: AGPL-3.0 Imports: 24 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CloudProvider 

type CloudProvider interface {
	// AllInstances returns all instances currently known to the cloud provider.
	AllInstances(ctx envcontext.ProviderCallContext) ([]instances.Instance, error)
}

CloudProvider defines methods needed from the cloud provider to perform the check.

type CredentialValidationContext 

type CredentialValidationContext struct {
	ControllerUUID string

	Config         *config.Config
	MachineState   MachineState
	MachineService MachineService

	ModelType coremodel.ModelType
	Cloud     cloud.Cloud
	Region    string
}

CredentialValidationContext provides access to artefacts needed to validate a credential for a given model.

type CredentialValidator 

type CredentialValidator interface {
	Validate(
		ctx context.Context,
		validationContext CredentialValidationContext,
		credentialKey corecredential.Key,
		credential *cloud.Credential,
		checkCloudInstances bool,
	) ([]error, error)
}

CredentialValidator instances check that a given credential is valid for any models which want to use it.

func NewCredentialValidator 

func NewCredentialValidator() CredentialValidator

NewCredentialValidator returns the credential validator used in production.

type Machine 

type Machine interface {
	// IsManual returns true if the machine was manually provisioned.
	IsManual() (bool, error)

	// IsContainer returns true if the machine is a container.
	IsContainer() bool

	// Id returns the machine id.
	Id() string
}

Machine defines machine methods needed for the check.

type MachineService 

type MachineService interface {
	// GetMachineUUID returns the UUID of a machine identified by its name.
	GetMachineUUID(ctx context.Context, name machine.Name) (string, error)
	// InstanceID returns the cloud specific instance id for this machine.
	InstanceID(ctx context.Context, mUUID string) (string, error)
}

MachineService defines the methods that the credential service assumes from the Machine service.

type MachineState 

type MachineState interface {
	// AllMachines returns all machines in the model.
	AllMachines() ([]Machine, error)
}

MachineState provides access to all machines.

type ProviderService 

type ProviderService struct {
	// contains filtered or unexported fields
}

ProviderService provides the API for working with credentials. The provider service is a subset of the credentials service, and is used by the provider package to interact with the credentials service. By not exposing the full credentials service, the provider package is not able to modify the credentials entities, only read them.

func NewProviderService 

func NewProviderService(st ProviderState) *ProviderService

NewProviderService returns a new service reference wrapping the input state.

func (*ProviderService) CloudCredential 

func (s *ProviderService) CloudCredential(ctx context.Context, key corecredential.Key) (cloud.Credential, error)

CloudCredential returns the cloud credential for the given tag.

type ProviderState 

type ProviderState interface {
	// CloudCredential returns the cloud credential for the given name, cloud, owner.
	CloudCredential(ctx context.Context, key corecredential.Key) (credential.CloudCredentialResult, error)

	// WatchCredential returns a new NotifyWatcher watching for changes to the specified credential.
	WatchCredential(
		ctx context.Context,
		getWatcher func(string, string, changestream.ChangeType) (watcher.NotifyWatcher, error),
		key corecredential.Key,
	) (watcher.NotifyWatcher, error)
}

ProviderState describes retrieval and persistence methods for storage.

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service provides the API for working with credentials.

func NewService 

func NewService(st State, logger logger.Logger) *Service

NewService returns a new service reference wrapping the input state.

func (*Service) AllCloudCredentialsForOwner 

func (s *Service) AllCloudCredentialsForOwner(ctx context.Context, owner user.Name) (map[corecredential.Key]cloud.Credential, error)

AllCloudCredentialsForOwner returns all cloud credentials stored on the controller for a given owner.

func (*Service) CheckAndRevokeCredential 

func (s *Service) CheckAndRevokeCredential(ctx context.Context, key corecredential.Key, force bool) error

CheckAndRevokeCredential removes the credential after first checking that any models which use the credential can still access the cloud resources. If force is true, update the credential even if there are issues validating the credential. TODO(wallyworld) - we need a strategy to handle changes which occur after the affected models have been read but before validation can complete.

func (*Service) CheckAndUpdateCredential 

func (s *Service) CheckAndUpdateCredential(ctx context.Context, key corecredential.Key, cred cloud.Credential, force bool) ([]UpdateCredentialModelResult, error)

CheckAndUpdateCredential updates the credential after first checking that any models which use the credential can still access the cloud resources. If force is true, update the credential even if there are issues validating the credential. TODO(wallyworld) - the validation getter can be set during service construction once dqlite is used everywhere. Note - it is expected that `WithValidationContextGetter` is called to set up the service to have a non-nil validationContextGetter prior to calling this function, or else an error will be returned. TODO(wallyworld) - we need a strategy to handle changes which occur after the affected models have been read but before validation can complete.

func (*Service) CloudCredential 

func (s *Service) CloudCredential(ctx context.Context, key corecredential.Key) (cloud.Credential, error)

CloudCredential returns the cloud credential for the given tag.

func (*Service) CloudCredentialsForOwner 

func (s *Service) CloudCredentialsForOwner(ctx context.Context, owner user.Name, cloudName string) (map[string]cloud.Credential, error)

CloudCredentialsForOwner returns the owner's cloud credentials for a given cloud, keyed by credential name.

func (*Service) InvalidateCredential 

func (s *Service) InvalidateCredential(ctx context.Context, key corecredential.Key, reason string) error

InvalidateCredential marks the cloud credential for the given name, cloud, owner as invalid.

func (*Service) RemoveCloudCredential 

func (s *Service) RemoveCloudCredential(ctx context.Context, key corecredential.Key) error

RemoveCloudCredential removes a cloud credential with the given tag.

func (*Service) UpdateCloudCredential 

func (s *Service) UpdateCloudCredential(ctx context.Context, key corecredential.Key, cred cloud.Credential) error

UpdateCloudCredential adds or updates a cloud credential with the given tag.

func (*Service) WithLegacyRemover 

func (s *Service) WithLegacyRemover(remover func(tag names.CloudCredentialTag) error) *Service

WithLegacyRemover configures the service to use the specified function to remove credential details from mongo. TODO(wallyworld) - remove when models are out of mongo

func (*Service) WithLegacyUpdater 

func (s *Service) WithLegacyUpdater(updater func(tag names.CloudCredentialTag) error) *Service

WithLegacyUpdater configures the service to use the specified function to update credential details in mongo. TODO(wallyworld) - remove when models are out of mongo

type State 

type State interface {
	ProviderState

	// UpsertCloudCredential adds or updates a cloud credential with the given name, cloud, owner.
	// If the credential already exists, the existing credential's value of Invalid is returned.
	UpsertCloudCredential(ctx context.Context, key corecredential.Key, credential credential.CloudCredentialInfo) (*bool, error)

	// InvalidateCloudCredential marks the cloud credential for the given name, cloud, owner as invalid.
	InvalidateCloudCredential(ctx context.Context, key corecredential.Key, reason string) error

	// CloudCredentialsForOwner returns the owner's cloud credentials for a given cloud,
	// keyed by credential name.
	CloudCredentialsForOwner(ctx context.Context, owner user.Name, cloudName string) (map[string]credential.CloudCredentialResult, error)

	// AllCloudCredentialsForOwner returns all cloud credentials stored on the controller
	// for a given owner.
	AllCloudCredentialsForOwner(ctx context.Context, owner user.Name) (map[corecredential.Key]credential.CloudCredentialResult, error)

	// RemoveCloudCredential removes a cloud credential with the given name, cloud, owner.
	RemoveCloudCredential(ctx context.Context, key corecredential.Key) error

	// ModelsUsingCloudCredential returns a map of uuid->name for models which use the credential.
	ModelsUsingCloudCredential(ctx context.Context, key corecredential.Key) (map[coremodel.UUID]string, error)
}

State describes retrieval and persistence methods for credentials.

type UpdateCredentialModelResult 

type UpdateCredentialModelResult struct {
	// ModelUUID contains model's UUID.
	ModelUUID coremodel.UUID

	// ModelName contains model name.
	ModelName string

	// Errors contains the errors accumulated while trying to update a credential.
	Errors []error
}

UpdateCredentialModelResult holds details of a model which was affected by a credential update, and any errors encountered validating the credential.

type ValidationContextGetter 

type ValidationContextGetter func(ctx context.Context, modelUUID coremodel.UUID) (CredentialValidationContext, error)

ValidationContextGetter returns the artefacts for a specified model, used to make credential validation calls.

type WatchableProviderService 

type WatchableProviderService struct {
	ProviderService
	// contains filtered or unexported fields
}

WatchableProviderService provides the API for working with credentials and the ability to create watchers.

func NewWatchableProviderService 

func NewWatchableProviderService(st ProviderState, watcherFactory WatcherFactory) *WatchableProviderService

NewWatchableProviderService returns a new service reference wrapping the input state.

func (*WatchableProviderService) WatchCredential 

func (s *WatchableProviderService) WatchCredential(ctx context.Context, key corecredential.Key) (watcher.NotifyWatcher, error)

WatchCredential returns a watcher that observes changes to the specified credential.

type WatchableService 

type WatchableService struct {
	Service
	// contains filtered or unexported fields
}

WatchableService provides the API for working with credentials and the ability to create watchers.

func NewWatchableService 

func NewWatchableService(st State, watcherFactory WatcherFactory, logger logger.Logger) *WatchableService

NewWatchableService returns a new service reference wrapping the input state.

func (*WatchableService) WatchCredential 

func (s *WatchableService) WatchCredential(ctx context.Context, key corecredential.Key) (watcher.NotifyWatcher, error)

WatchCredential returns a watcher that observes changes to the specified credential.

func (*WatchableService) WithLegacyRemover 

func (s *WatchableService) WithLegacyRemover(remover func(tag names.CloudCredentialTag) error) *WatchableService

WithLegacyRemover configures the service to use the specified function to remove credential details from mongo. TODO(wallyworld) - remove when models are out of mongo

func (*WatchableService) WithLegacyUpdater 

func (s *WatchableService) WithLegacyUpdater(updater func(tag names.CloudCredentialTag) error) *WatchableService

WithLegacyUpdater configures the service to use the specified function to update credential details in mongo. TODO(wallyworld) - remove when models are out of mongo

type WatcherFactory 

type WatcherFactory interface {
	NewValueWatcher(
		namespace, uuid string, changeMask changestream.ChangeType,
	) (watcher.NotifyWatcher, error)
}

WatcherFactory instances return a watcher for a specified credential UUID,

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.