fix(daemon): require admin access for POSTs and file pull API (#406)
Most of this was introduced in PR #358, when we ported the AccessChecker
changes from snapd, but accidentally set all the WriteAccess fields to
UserAccess{} instead of AdminAccess{}. Previously there was a
r.Method=="GET" check in Command.canAccess that handled this case.
Additionally:
- We lock down the files "pull" API to require admin. Even though it's a
read (GET), this meant any user could potentially read sensitive files.
- We lock down the task-websocket endpoint to admin. This is a GET
endpoint, but these websockets are used by exec to send stdin/out/err
and commands to the exec'd process, so they should require admin too.
I've added some tests for these to ensure we don't accidentally change
them in future, without noticing. How valuable these tests are I'm not
sure, as they only cover a subset of the API endpoints, but it seems
better than nothing.
fix(daemon): improve health state lock test, remove LockCount (#373)
As Harry pointed out at https://github.com/canonical/pebble/pull/369#discussion_r1505423350,
there's a much simpler way to test this without needing a new State
method like LockCount. Just acquire the state lock, then call the
endpoint. If it times out, we know it was trying to acquire the lock.
In addition, fix an issue where the health endpoint would still hold the
state lock if it returned an error. Fix those and add a test for that
too.
fix(help): DefaultDir to personality, allow overriding header and footer (#397)
Just like `ProgramName` and `DisplayName` can already be customized via
public vars in the `cmd` package, `DefaultDir` also looks like a perfect
candidate to customize this way (and assembling the help text can then
be done using `{{.DefaultDir}}`).
In addition, `cli.HelpHeader` and `cli.HelpFooter` are made public, so
that they can be extended and overridden.