Merge pull request #1387 from canonical/feature-http-proxy

Feature http proxy

cmd/jaas/cmd/addserviceaccount_test.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/canonical/jimm/v3/cmd/jaas/cmd"
 	"github.com/canonical/jimm/v3/internal/cmdtest"
-	"github.com/canonical/jimm/v3/internal/jimmtest"
 	"github.com/canonical/jimm/v3/internal/openfga"
 	ofganames "github.com/canonical/jimm/v3/internal/openfga/names"
 	jimmnames "github.com/canonical/jimm/v3/pkg/names"
@@ -27,7 +26,7 @@ func (s *addServiceAccountSuite) TestAddServiceAccount(c *gc.C) {
 	clientID := "abda51b2-d735-4794-a8bd-49c506baa4af"
 	clientIDWithDomain := clientID + "@serviceaccount"
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	_, err := cmdtesting.RunCommand(c, cmd.NewAddServiceAccountCommandForTesting(s.ClientStore(), bClient), clientID)
 	c.Assert(err, gc.IsNil)
 	tuple := openfga.Tuple{
@@ -43,7 +42,7 @@ func (s *addServiceAccountSuite) TestAddServiceAccount(c *gc.C) {
 	_, err = cmdtesting.RunCommand(c, cmd.NewAddServiceAccountCommandForTesting(s.ClientStore(), bClient), clientID)
 	c.Assert(err, gc.IsNil)
 	// Check that re-running the command for a different user returns an error.
-	bClientBob := jimmtest.NewUserSessionLogin(c, "bob")
+	bClientBob := s.SetupCLIAccess(c, "bob")
 	_, err = cmdtesting.RunCommand(c, cmd.NewAddServiceAccountCommandForTesting(s.ClientStore(), bClientBob), clientID)
 	c.Assert(err, gc.ErrorMatches, "service account already owned")
 }

cmd/jaas/cmd/grant_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/canonical/jimm/v3/cmd/jaas/cmd"
 	"github.com/canonical/jimm/v3/internal/cmdtest"
 	"github.com/canonical/jimm/v3/internal/dbmodel"
-	"github.com/canonical/jimm/v3/internal/jimmtest"
 	"github.com/canonical/jimm/v3/internal/openfga"
 	ofganames "github.com/canonical/jimm/v3/internal/openfga/names"
 	jimmnames "github.com/canonical/jimm/v3/pkg/names"
@@ -32,7 +31,7 @@ func (s *grantSuite) TestGrant(c *gc.C) {
 	clientIdWithDomain := clientID + "@serviceaccount"
 
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	sa, err := dbmodel.NewIdentity(clientIdWithDomain)
 	c.Assert(err, gc.IsNil)
@@ -94,7 +93,7 @@ func (s *grantSuite) TestMissingArgs(c *gc.C) {
 		expectedError: "user/group not specified",
 	}}
 
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	clientStore := s.ClientStore()
 	for _, t := range tests {
 		_, err := cmdtesting.RunCommand(c, cmd.NewGrantCommandForTesting(clientStore, bClient), t.args...)

cmd/jaas/cmd/listserviceaccountcredentials_test.go

@@ -16,7 +16,6 @@ import (
 	"github.com/canonical/jimm/v3/internal/cmdtest"
 	"github.com/canonical/jimm/v3/internal/dbmodel"
 	"github.com/canonical/jimm/v3/internal/jimm"
-	"github.com/canonical/jimm/v3/internal/jimmtest"
 	"github.com/canonical/jimm/v3/internal/openfga"
 )
 
@@ -102,7 +101,7 @@ aws    foo
 	}
 	for _, test := range testCases {
 		c.Log(test.about)
-		bClient := jimmtest.NewUserSessionLogin(c, "alice")
+		bClient := s.SetupCLIAccess(c, "alice")
 		var result *jujucmd.Context
 		if test.showSecrets {
 			result, err = cmdtesting.RunCommand(c, cmd.NewListServiceAccountCredentialsCommandForTesting(s.ClientStore(), bClient), clientID, "--format", test.format, "--show-secrets")

cmd/jaas/cmd/updatecredentials_test.go

@@ -16,7 +16,6 @@ import (
 	"github.com/canonical/jimm/v3/internal/cmdtest"
 	"github.com/canonical/jimm/v3/internal/dbmodel"
 	"github.com/canonical/jimm/v3/internal/jimm"
-	"github.com/canonical/jimm/v3/internal/jimmtest"
 	"github.com/canonical/jimm/v3/internal/openfga"
 	ofganames "github.com/canonical/jimm/v3/internal/openfga/names"
 	jimmnames "github.com/canonical/jimm/v3/pkg/names"
@@ -35,7 +34,7 @@ func (s *updateCredentialsSuite) TestUpdateCredentialsWithLocalCredentials(c *gc
 	clientIDWithDomain := clientID + "@serviceaccount"
 
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	sa, err := dbmodel.NewIdentity(clientIDWithDomain)
 	c.Assert(err, gc.IsNil)
@@ -90,7 +89,7 @@ func (s *updateCredentialsSuite) TestUpdateCredentialsWithLocalCredentials(c *gc
 }
 
 func (s *updateCredentialsSuite) TestCloudNotInLocalStore(c *gc.C) {
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	_, err := cmdtesting.RunCommand(c, cmd.NewUpdateCredentialsCommandForTesting(s.ClientStore(), bClient),
 		"00000000-0000-0000-0000-000000000000",
 		"non-existing-cloud",
@@ -101,7 +100,7 @@ func (s *updateCredentialsSuite) TestCloudNotInLocalStore(c *gc.C) {
 }
 
 func (s *updateCredentialsSuite) TestCredentialNotInLocalStore(c *gc.C) {
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	clientStore := s.ClientStore()
 	err := clientStore.UpdateCredential("some-cloud", jujucloud.CloudCredential{
@@ -144,7 +143,7 @@ func (s *updateCredentialsSuite) TestUpdateServiceAccountCredentialFromControlle
 	}
 	_, err = s.JIMM.UpdateCloudCredential(ctx, u, updateArgs)
 	c.Assert(err, gc.IsNil)
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	cmdContext, err := cmdtesting.RunCommand(c, cmd.NewUpdateCredentialsCommandForTesting(s.ClientStore(), bClient), clientID, "aws", "foo")
 	c.Assert(err, gc.IsNil)
 	c.Assert(cmdtesting.Stdout(cmdContext), gc.Equals, `credentialtag: cloudcred-aws_abda51b2-d735-4794-a8bd-49c506baa4af@serviceaccount_foo
@@ -192,7 +191,7 @@ func (s *updateCredentialsSuite) TestMissingArgs(c *gc.C) {
 		expectedError: "too many args",
 	}}
 
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	clientStore := s.ClientStore()
 	for _, t := range tests {
 		_, err := cmdtesting.RunCommand(c, cmd.NewUpdateCredentialsCommandForTesting(clientStore, bClient), t.args...)

cmd/jimmctl/cmd/addcloudtocontroller_test.go

@@ -17,7 +17,6 @@ import (
 	"github.com/canonical/jimm/v3/internal/cmdtest"
 	"github.com/canonical/jimm/v3/internal/dbmodel"
 	"github.com/canonical/jimm/v3/internal/errors"
-	"github.com/canonical/jimm/v3/internal/jimmtest"
 	"github.com/canonical/jimm/v3/internal/openfga"
 	ofganames "github.com/canonical/jimm/v3/internal/openfga/names"
 )
@@ -166,7 +165,7 @@ clouds:
 		c.Log(test.about)
 		tmpfile, cleanupFunc := writeTempFile(c, test.cloudInfo)
 
-		bClient := jimmtest.NewUserSessionLogin(c, "bob@canonical.com")
+		bClient := s.SetupCLIAccess(c, "bob@canonical.com")
 		// Running the command succeeds
 		newCmd := cmd.NewAddCloudToControllerCommandForTesting(s.ClientStore(), bClient, test.cloudByNameFunc)
 		var err error

cmd/jimmctl/cmd/addcontroller_test.go

@@ -37,7 +37,7 @@ func (s *addControllerSuite) TestAddControllerSuperuser(c *gc.C) {
 	defer os.RemoveAll(tmpdir)
 
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	ctx, err := cmdtesting.RunCommand(c, cmd.NewAddControllerCommandForTesting(s.ClientStore(), bClient), tmpfile)
 	c.Assert(err, gc.IsNil)
 	c.Assert(cmdtesting.Stdout(ctx), gc.Matches, `name: controller-1
@@ -100,7 +100,7 @@ func (s *addControllerSuite) TestAddController(c *gc.C) {
 	defer os.RemoveAll(tmpdir)
 
 	// bob is not superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewAddControllerCommandForTesting(s.ClientStore(), bClient), tmpfile)
 	c.Assert(err, gc.ErrorMatches, `unauthorized \(unauthorized access\)`)
 }

cmd/jimmctl/cmd/crossmodelquery_test.go

@@ -23,9 +23,7 @@ type crossModelQuerySuite struct {
 var _ = gc.Suite(&crossModelQuerySuite{})
 
 func (s *crossModelQuerySuite) TestCrossModelQueryCommand(c *gc.C) {
-	// Test setup.
-	store := s.ClientStore()
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	s.AddController(c, "controller-2", s.APIInfo(c))
 	cct := names.NewCloudCredentialTag(jimmtest.TestCloudName + "/alice@canonical.com/cred")
@@ -44,7 +42,7 @@ func (s *crossModelQuerySuite) TestCrossModelQueryCommand(c *gc.C) {
 	})
 
 	// Test.
-	cmdCtx, err := cmdtesting.RunCommand(c, cmd.NewCrossModelQueryCommandForTesting(store, bClient), ".")
+	cmdCtx, err := cmdtesting.RunCommand(c, cmd.NewCrossModelQueryCommandForTesting(s.ClientStore(), bClient), ".")
 	c.Assert(err, gc.IsNil)
 
 	topLevel := make(map[string]any)

cmd/jimmctl/cmd/grantauditlogaccess_test.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/canonical/jimm/v3/cmd/jimmctl/cmd"
 	"github.com/canonical/jimm/v3/internal/cmdtest"
-	"github.com/canonical/jimm/v3/internal/jimmtest"
 )
 
 type grantAuditLogAccessSuite struct {
@@ -19,14 +18,14 @@ var _ = gc.Suite(&grantAuditLogAccessSuite{})
 
 func (s *grantAuditLogAccessSuite) TestGrantAuditLogAccessSuperuser(c *gc.C) {
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	_, err := cmdtesting.RunCommand(c, cmd.NewGrantAuditLogAccessCommandForTesting(s.ClientStore(), bClient), "bob@canonical.com")
 	c.Assert(err, gc.IsNil)
 }
 
 func (s *grantAuditLogAccessSuite) TestGrantAuditLogAccess(c *gc.C) {
 	// bob is not superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewGrantAuditLogAccessCommandForTesting(s.ClientStore(), bClient), "bob@canonical.com")
 	c.Assert(err, gc.ErrorMatches, `unauthorized \(unauthorized access\)`)
 }

cmd/jimmctl/cmd/group_test.go

@@ -14,7 +14,6 @@ import (
 	"github.com/canonical/jimm/v3/cmd/jimmctl/cmd"
 	"github.com/canonical/jimm/v3/internal/cmdtest"
 	"github.com/canonical/jimm/v3/internal/dbmodel"
-	"github.com/canonical/jimm/v3/internal/jimmtest"
 	"github.com/canonical/jimm/v3/pkg/api/params"
 )
 
@@ -26,7 +25,7 @@ var _ = gc.Suite(&groupSuite{})
 
 func (s *groupSuite) TestAddGroupSuperuser(c *gc.C) {
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	ctx, err := cmdtesting.RunCommand(c, cmd.NewAddGroupCommandForTesting(s.ClientStore(), bClient), "test-group")
 	c.Assert(err, gc.IsNil)
 
@@ -40,15 +39,15 @@ func (s *groupSuite) TestAddGroupSuperuser(c *gc.C) {
 }
 
 func (s *groupSuite) TestAddGroup(c *gc.C) {
-	// Unauthorised add (bob is not superuser)
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	// bob is not superuser
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewAddGroupCommandForTesting(s.ClientStore(), bClient), "test-group")
 	c.Assert(err, gc.ErrorMatches, `unauthorized \(unauthorized access\)`)
 }
 
 func (s *groupSuite) TestRenameGroupSuperuser(c *gc.C) {
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	groupEntry, err := s.JimmCmdSuite.JIMM.Database.AddGroup(context.TODO(), "test-group")
 	c.Assert(err, gc.IsNil)
@@ -66,14 +65,14 @@ func (s *groupSuite) TestRenameGroupSuperuser(c *gc.C) {
 
 func (s *groupSuite) TestRenameGroup(c *gc.C) {
 	// bob is not superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewRenameGroupCommandForTesting(s.ClientStore(), bClient), "test-group", "renamed-group")
 	c.Assert(err, gc.ErrorMatches, `unauthorized \(unauthorized access\)`)
 }
 
 func (s *groupSuite) TestRemoveGroupSuperuser(c *gc.C) {
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	_, err := s.JimmCmdSuite.JIMM.Database.AddGroup(context.TODO(), "test-group")
 	c.Assert(err, gc.IsNil)
@@ -88,22 +87,22 @@ func (s *groupSuite) TestRemoveGroupSuperuser(c *gc.C) {
 
 func (s *groupSuite) TestRemoveGroupWithoutFlag(c *gc.C) {
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	_, err := cmdtesting.RunCommand(c, cmd.NewRemoveGroupCommandForTesting(s.ClientStore(), bClient), "test-group")
 	c.Assert(err.Error(), gc.Matches, "Failed to read from input.")
 }
 
 func (s *groupSuite) TestRemoveGroup(c *gc.C) {
 	// bob is not superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewRemoveGroupCommandForTesting(s.ClientStore(), bClient), "test-group", "-y")
 	c.Assert(err, gc.ErrorMatches, `unauthorized \(unauthorized access\)`)
 }
 
 func (s *groupSuite) TestListGroupsSuperuser(c *gc.C) {
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	for i := 0; i < 3; i++ {
 		_, err := s.JimmCmdSuite.JIMM.Database.AddGroup(context.TODO(), fmt.Sprint("test-group", i))
@@ -120,7 +119,7 @@ func (s *groupSuite) TestListGroupsSuperuser(c *gc.C) {
 
 func (s *groupSuite) TestListGroupsLimitSuperuser(c *gc.C) {
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 
 	for i := 0; i < 3; i++ {
 		_, err := s.JimmCmdSuite.JIMM.Database.AddGroup(context.TODO(), fmt.Sprint("test-group", i))
@@ -140,7 +139,7 @@ func (s *groupSuite) TestListGroupsLimitSuperuser(c *gc.C) {
 
 func (s *groupSuite) TestListGroups(c *gc.C) {
 	// bob is not superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewListGroupsCommandForTesting(s.ClientStore(), bClient), "test-group")
 	c.Assert(err, gc.ErrorMatches, `unauthorized \(unauthorized access\)`)
 }

cmd/jimmctl/cmd/importcloudcredentials_test.go

@@ -13,7 +13,6 @@ import (
 	"github.com/canonical/jimm/v3/cmd/jimmctl/cmd"
 	"github.com/canonical/jimm/v3/internal/cmdtest"
 	"github.com/canonical/jimm/v3/internal/dbmodel"
-	"github.com/canonical/jimm/v3/internal/jimmtest"
 )
 
 type importCloudCredentialsSuite struct {
@@ -65,7 +64,7 @@ func (s *importCloudCredentialsSuite) TestImportCloudCredentials(c *gc.C) {
 	c.Assert(err, gc.IsNil)
 
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	_, err = cmdtesting.RunCommand(c, cmd.NewImportCloudCredentialsCommandForTesting(s.ClientStore(), bClient), tmpfile)
 	c.Assert(err, gc.IsNil)
 

cmd/jimmctl/cmd/importmodel_test.go

@@ -43,7 +43,7 @@ func (s *importModelSuite) TestImportModelSuperuser(c *gc.C) {
 	defer m.Close()
 
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	_, err = cmdtesting.RunCommand(c, cmd.NewImportModelCommandForTesting(s.ClientStore(), bClient), "controller-1", m.ModelUUID())
 	c.Assert(err, gc.IsNil)
 
@@ -72,7 +72,7 @@ func (s *importModelSuite) TestImportModelFromLocalUser(c *gc.C) {
 	c.Assert(err, gc.Equals, nil)
 
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	_, err = cmdtesting.RunCommand(c, cmd.NewImportModelCommandForTesting(s.ClientStore(), bClient), "controller-1", mt.Id(), "--owner", "alice@canonical.com")
 	c.Assert(err, gc.IsNil)
 
@@ -103,31 +103,31 @@ func (s *importModelSuite) TestImportModelUnauthorized(c *gc.C) {
 	defer m.Close()
 
 	// bob is not superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err = cmdtesting.RunCommand(c, cmd.NewImportModelCommandForTesting(s.ClientStore(), bClient), "controller-1", m.ModelUUID())
 	c.Assert(err, gc.ErrorMatches, `unauthorized \(unauthorized access\)`)
 }
 
 func (s *importModelSuite) TestImportModelNoController(c *gc.C) {
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewImportModelCommandForTesting(s.ClientStore(), bClient))
 	c.Assert(err, gc.ErrorMatches, `controller not specified`)
 }
 
 func (s *importModelSuite) TestImportModelNoModelUUID(c *gc.C) {
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewImportModelCommandForTesting(s.ClientStore(), bClient), "controller-id")
 	c.Assert(err, gc.ErrorMatches, `model uuid not specified`)
 }
 
 func (s *importModelSuite) TestImportModelInvalidModelUUID(c *gc.C) {
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewImportModelCommandForTesting(s.ClientStore(), bClient), "controller-id", "not-a-uuid")
 	c.Assert(err, gc.ErrorMatches, `invalid model uuid`)
 }
 
 func (s *importModelSuite) TestImportModelTooManyArgs(c *gc.C) {
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewImportModelCommandForTesting(s.ClientStore(), bClient), "controller-id", "not-a-uuid", "spare-argument")
 	c.Assert(err, gc.ErrorMatches, `too many args`)
 }

cmd/jimmctl/cmd/listauditevents_test.go

@@ -27,7 +27,7 @@ func (s *listAuditEventsSuite) TestListAuditEventsSuperuser(c *gc.C) {
 	s.AddModel(c, names.NewUserTag("charlie@canonical.com"), "model-2", names.NewCloudTag(jimmtest.TestCloudName), jimmtest.TestCloudRegionName, cct)
 
 	// alice is superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "alice")
+	bClient := s.SetupCLIAccess(c, "alice")
 	context, err := cmdtesting.RunCommand(c, cmd.NewListAuditEventsCommandForTesting(s.ClientStore(), bClient))
 	c.Assert(err, gc.IsNil)
 	c.Assert(cmdtesting.Stdout(context), gc.Matches,
@@ -66,7 +66,7 @@ func (s *listAuditEventsSuite) TestListAuditEventsStatus(c *gc.C) {
 	s.AddModel(c, names.NewUserTag("charlie@canonical.com"), "model-2", names.NewCloudTag(jimmtest.TestCloudName), jimmtest.TestCloudRegionName, cct)
 
 	// bob is not superuser
-	bClient := jimmtest.NewUserSessionLogin(c, "bob")
+	bClient := s.SetupCLIAccess(c, "bob")
 	_, err := cmdtesting.RunCommand(c, cmd.NewListAuditEventsCommandForTesting(s.ClientStore(), bClient))
 	c.Assert(err, gc.ErrorMatches, `unauthorized \(unauthorized access\)`)
 }