From d809f1354a06ba5ff597005aab7550bf9a439e31 Mon Sep 17 00:00:00 2001
From: Kian Parvin <46668016+kian99@users.noreply.github.com>
Date: Wed, 28 Aug 2024 15:55:15 +0200
Subject: [PATCH] tweaks to improve integration testing (#1329)

---
 .github/actions/test-server/action.yaml  | 11 +++++++++--
 compose-common.yaml                      |  2 +-
 internal/jimm/cache.go                   |  6 +++---
 internal/jujuclient/applicationoffers.go |  6 ++++--
 internal/rpc/proxy.go                    |  4 +++-
 local/jimm/setup-service-account.sh      | 13 +++++++++++++
 6 files changed, 33 insertions(+), 9 deletions(-)
 create mode 100755 local/jimm/setup-service-account.sh

diff --git a/.github/actions/test-server/action.yaml b/.github/actions/test-server/action.yaml
index 7fd42a836..a1d2133f1 100644
--- a/.github/actions/test-server/action.yaml
+++ b/.github/actions/test-server/action.yaml
@@ -80,8 +80,11 @@ runs:
       run: echo "name=$CONTROLLER_NAME" >> $GITHUB_OUTPUT
       shell: bash
 
-    - name: Install jimmctl and yq
-      run: sudo snap install jimmctl --channel=3/stable && sudo snap install yq
+    - name: Install jimmctl, jaas plugin and yq
+      run: |
+        sudo snap install jimmctl --channel=3/stable && \
+        sudo snap install jaas --channel=3/stable &&
+        sudo snap install yq
       shell: bash
 
     - name: Authenticate Juju CLI
@@ -97,3 +100,7 @@ runs:
       env:
         JIMM_CONTROLLER_NAME: "jimm"
         CONTROLLER_NAME: ${{ steps.lxd-controller.outputs.name }}
+
+    - name: Provide service account with cloud-credentials
+      run: ./local/jimm/setup-service-account.sh
+      shell: bash
diff --git a/compose-common.yaml b/compose-common.yaml
index 3e905dab0..b1f9727e7 100644
--- a/compose-common.yaml
+++ b/compose-common.yaml
@@ -37,7 +37,7 @@ services:
       JIMM_OAUTH_CLIENT_SECRET: "SwjDofnbDzJDm9iyfUhEp67FfUFMY8L4"
       JIMM_OAUTH_SCOPES: "openid profile email" # Space separated list of scopes
       JIMM_DASHBOARD_FINAL_REDIRECT_URL: "https://jaas.ai" # Example URL
-      JIMM_ACCESS_TOKEN_EXPIRY_DURATION: 1h
+      JIMM_ACCESS_TOKEN_EXPIRY_DURATION: 100h
       JIMM_SECURE_SESSION_COOKIES: false
       JIMM_SESSION_COOKIE_MAX_AGE: 86400
       JIMM_SESSION_SECRET_KEY: Xz2RkR9g87M75xfoumhEs5OmGziIX8D88Rk5YW8FSvkBPSgeK9t5AS9IvPDJ3NnB
diff --git a/internal/jimm/cache.go b/internal/jimm/cache.go
index 01ca55f9c..07fd93563 100644
--- a/internal/jimm/cache.go
+++ b/internal/jimm/cache.go
@@ -44,7 +44,7 @@ func (d *cacheDialer) Dial(ctx context.Context, ctl *dbmodel.Controller, mt name
 		return d.dialer.Dial(ctx, ctl, mt, requiredPermissions)
 	}
 	rc := d.sfg.DoChan(ctl.Name, func() (interface{}, error) {
-		return d.dial(ctx, ctl)
+		return d.dial(ctx, ctl, requiredPermissions)
 	})
 	select {
 	case r := <-rc:
@@ -57,7 +57,7 @@ func (d *cacheDialer) Dial(ctx context.Context, ctl *dbmodel.Controller, mt name
 	}
 }
 
-func (d *cacheDialer) dial(ctx context.Context, ctl *dbmodel.Controller) (interface{}, error) {
+func (d *cacheDialer) dial(ctx context.Context, ctl *dbmodel.Controller, requiredPermissions map[string]string) (interface{}, error) {
 	d.mu.Lock()
 	capi, ok := d.conns[ctl.Name]
 	if ok {
@@ -73,7 +73,7 @@ func (d *cacheDialer) dial(ctx context.Context, ctl *dbmodel.Controller) (interf
 	d.mu.Unlock()
 
 	// We don't have a working connection to the controller, so dial one.
-	api, err := d.dialer.Dial(ctx, ctl, names.ModelTag{}, nil)
+	api, err := d.dialer.Dial(ctx, ctl, names.ModelTag{}, requiredPermissions)
 	if err != nil {
 		return nil, err
 	}
diff --git a/internal/jujuclient/applicationoffers.go b/internal/jujuclient/applicationoffers.go
index 335764453..94e2e7b26 100644
--- a/internal/jujuclient/applicationoffers.go
+++ b/internal/jujuclient/applicationoffers.go
@@ -209,13 +209,15 @@ func (c Connection) GetApplicationOfferConsumeDetails(ctx context.Context, user
 			OfferURLs:     []string{info.Offer.OfferURL},
 			BakeryVersion: v,
 		},
-		UserTag: user.String(),
+		// Do not include a user in the args, Juju will opt to use the user authenticated in the connection.
+		// There is a bug where setting the user tag does not behave as expected.
+		UserTag: "",
 	}
 
 	resp := jujuparams.ConsumeOfferDetailsResults{
 		Results: make([]jujuparams.ConsumeOfferDetailsResult, 1),
 	}
-	err := c.CallHighestFacadeVersion(ctx, "ApplicationOffers", []int{4, 3}, "", "GetConsumeDetails", &args, &resp)
+	err := c.CallHighestFacadeVersion(ctx, "ApplicationOffers", []int{5, 4}, "", "GetConsumeDetails", &args, &resp)
 	if err != nil {
 		return errors.E(op, jujuerrors.Cause(err))
 	}
diff --git a/internal/rpc/proxy.go b/internal/rpc/proxy.go
index 142623a07..60d7db1ce 100644
--- a/internal/rpc/proxy.go
+++ b/internal/rpc/proxy.go
@@ -515,7 +515,9 @@ func checkPermissionsRequired(ctx context.Context, msg *message) (map[string]any
 
 	// Check for errors that may be a result of a bulk request.
 	for _, e := range er.Results {
-		zapctx.Debug(ctx, "received error", zap.Any("error", e))
+		if e.Error != nil {
+			zapctx.Debug(ctx, "received error", zap.Any("error", e.Error))
+		}
 		if e.Error != nil && e.Error.Code == accessRequiredErrorCode {
 			for k, v := range e.Error.Info {
 				accessLevel, ok := v.(string)
diff --git a/local/jimm/setup-service-account.sh b/local/jimm/setup-service-account.sh
new file mode 100755
index 000000000..b18229a0c
--- /dev/null
+++ b/local/jimm/setup-service-account.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# This script is used to setup a service account by adding a set of cloud-credentials.
+# Default values below assume a lxd controller is added to JIMM.
+
+set -eux
+
+SERVICE_ACCOUNT_ID="${SERVICE_ACCOUNT_ID:-test-client-id}"
+CLOUD="${CLOUD:-localhost}"
+CREDENTIAL_NAME="${CREDENTIAL_NAME:-localhost}"
+
+juju add-service-account "$SERVICE_ACCOUNT_ID"
+juju update-service-account-credential "$SERVICE_ACCOUNT_ID" "$CLOUD" "$CREDENTIAL_NAME"