* daemon,o/devicestate: move user creation and removal helpers to o/devicestate
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* daemon,o/devicestate: move user create,remove tests to o/devicestate
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* daemon: add new tests for user create,remove requests
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* o/devicestate: removed unused variable in users test
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* o/devicestate: move users test export to common export
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* o/devicestate: remove left behind commented code
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* o/devicestate: clean syntax in user helper
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* daemon: use testutil.Backup() in api export tests
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* o/devicestate: use testutil.Backup() in api export tests
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* daemon: cleanup user tests
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestate: join helper variables for mocking
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestate: remove extra line in addUser function
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestat: rename internal_err -> internalErr
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestate: change addUser fnc signature
addUser adds single user. Change function signarure to return single UserResponse
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestate: update error handling in CreateUser
Update error handling after merge from master
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestate: remove accidental file from merge conflict
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* daemon,overlord: user error wrapper for user account actions
CreateUser, RemoveUser can fail for multiple reasons.
There is a need to distinguish between internal error and bad request.
Use UserError structure to wrap/ return error information.
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* daemon,overlord: address review issues
- renaming UserResponse to CreatedUser
- fix typos
- fix error wrapping
- rename ue to error
- code cleanup
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestate: rework createUserOpts helper for user creation
- remove unused and confusing safe flag for create user operations
- remove state from struct and pass it as function argument
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestate: add test for missing email in user creation
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* daemon,overlord: split CreateUser function for known and unknown users
Split CreateUser functionality into two new functions
- CreateKnownUsers for creation of known users
- CreateUser for creation of user defined by email
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord: use new auth.NewUserData structure
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
* overlord/devicestate,daemon: review feedback
Reorder functions, drop wrapping internal errors, assume state lock on function entry to match the style in managers
* daemon,overlord/devicestate: review feedback
add missing unit test, remove devicemanager parameter, fix doc string
* daemon: review feedback
simplify some else conditions, rename function and variable
* overlord/devicestate: review feedback
move createUser down to the structure it belongs to
* daemon: review feedback + changes to how we return users
simplify a lot of the methods, change to pointer instead so we can return nil's instead of empty structures. Remove the option structure for creating new users, update some docs
* daemon: review feedback
rename doUserWrapper/doCreateUser
* daemon: restore tests, restore the backwards compatible way of creating users
* daemon,overlord: review feedback
rewrite testPostCreateUserFromAssertion, it was no longer valid after code seperation, instead focus on testing the code in api_users.go
update checks in users_test.go, one was invalid (overwritten), rest was missing verification of calling
* daemon,overlord/devicestate: review feedback
redo some of the error messages, move the logic check for creating known users in compat-mode, update comments a bit
Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>
Co-authored-by: Philip Meulengracht <the_meulengracht@hotmail.com>
This commit adds a comment to ssh keys writen to ~/.authorized_keys
that come from the store. This will enable us in the future to
update keys that come from the store because we now have the
information what keys got added by snapd and which were added by
other means.
have a family fo apiBaseSuite.expect*Access methods for this
the default expectation is read=open,write=authenticated
maybe we want something different
these test a daemon request and check the expected response type
before returning the response for further specific checks
this simplifies away some checks in the tests but the bigger win is
avoiding the .(*daemon.Resp) casts everywhere, in particular
this will reduce the number of affected places if we change
somewhat the internal types used to produce responses
Occasionally in the Github test runs we observe this problem:
----------------------------------------------------------------------
PANIC: api_users_test.go:1074: userSuite.TestPostCreateUserFromAssertionNoModel
... Panic: cannot add test assertions: model assertion timestamp "2021-03-23 22:31:21 +0000 UTC" outside of signing key validity (key valid since "2021-03-23 22:31:22 +0000 UTC") (PC=0x439C58)
/snap/go/7221/src/runtime/panic.go:965
in gopanic
/home/runner/work/snapd/snapd/src/github.com/snapcore/snapd/overlord/assertstate/assertstatetest/add_many.go:38
in AddMany
api_users_test.go:1088
in userSuite.TestPostCreateUserFromAssertionNoModel
/snap/go/7221/src/reflect/value.go:337
in Value.Call
/snap/go/7221/src/runtime/asm_amd64.s:1371
in goexit
OOPS: 444 passed, 1 PANICKED
--- FAIL: Test (11.20s)
FAIL
FAIL github.com/snapcore/snapd/daemon 11.374s
The offending tests generates the model of a mocked my-brand whic gets sine with
they brand key, before the account key assertion of a given brand is generated.
If the code happens to run at the second boundary, it is possible that the model
timestamp will be before the account key assertion timestamp.
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
the option if set to false disables automatic user creation on assertion
auto-import
it is processed early which means its setting available
before snapd starts serving users API requests
