From 3be45e82e763661a449afe88cf7181c1d4ec435f Mon Sep 17 00:00:00 2001 From: Kian Parvin Date: Tue, 27 Aug 2024 08:30:59 +0200 Subject: [PATCH] tweaks to improve integration testing --- .github/actions/test-server/action.yaml | 11 +++++++++-- compose-common.yaml | 2 +- internal/jimm/cache.go | 6 +++--- internal/jujuclient/applicationoffers.go | 6 ++++-- internal/rpc/proxy.go | 4 +++- local/jimm/setup-service-account.sh | 13 +++++++++++++ 6 files changed, 33 insertions(+), 9 deletions(-) create mode 100755 local/jimm/setup-service-account.sh diff --git a/.github/actions/test-server/action.yaml b/.github/actions/test-server/action.yaml index 7fd42a836..a1d2133f1 100644 --- a/.github/actions/test-server/action.yaml +++ b/.github/actions/test-server/action.yaml @@ -80,8 +80,11 @@ runs: run: echo "name=$CONTROLLER_NAME" >> $GITHUB_OUTPUT shell: bash - - name: Install jimmctl and yq - run: sudo snap install jimmctl --channel=3/stable && sudo snap install yq + - name: Install jimmctl, jaas plugin and yq + run: | + sudo snap install jimmctl --channel=3/stable && \ + sudo snap install jaas --channel=3/stable && + sudo snap install yq shell: bash - name: Authenticate Juju CLI @@ -97,3 +100,7 @@ runs: env: JIMM_CONTROLLER_NAME: "jimm" CONTROLLER_NAME: ${{ steps.lxd-controller.outputs.name }} + + - name: Provide service account with cloud-credentials + run: ./local/jimm/setup-service-account.sh + shell: bash diff --git a/compose-common.yaml b/compose-common.yaml index 3e905dab0..b1f9727e7 100644 --- a/compose-common.yaml +++ b/compose-common.yaml @@ -37,7 +37,7 @@ services: JIMM_OAUTH_CLIENT_SECRET: "SwjDofnbDzJDm9iyfUhEp67FfUFMY8L4" JIMM_OAUTH_SCOPES: "openid profile email" # Space separated list of scopes JIMM_DASHBOARD_FINAL_REDIRECT_URL: "https://jaas.ai" # Example URL - JIMM_ACCESS_TOKEN_EXPIRY_DURATION: 1h + JIMM_ACCESS_TOKEN_EXPIRY_DURATION: 100h JIMM_SECURE_SESSION_COOKIES: false JIMM_SESSION_COOKIE_MAX_AGE: 86400 JIMM_SESSION_SECRET_KEY: Xz2RkR9g87M75xfoumhEs5OmGziIX8D88Rk5YW8FSvkBPSgeK9t5AS9IvPDJ3NnB diff --git a/internal/jimm/cache.go b/internal/jimm/cache.go index 01ca55f9c..07fd93563 100644 --- a/internal/jimm/cache.go +++ b/internal/jimm/cache.go @@ -44,7 +44,7 @@ func (d *cacheDialer) Dial(ctx context.Context, ctl *dbmodel.Controller, mt name return d.dialer.Dial(ctx, ctl, mt, requiredPermissions) } rc := d.sfg.DoChan(ctl.Name, func() (interface{}, error) { - return d.dial(ctx, ctl) + return d.dial(ctx, ctl, requiredPermissions) }) select { case r := <-rc: @@ -57,7 +57,7 @@ func (d *cacheDialer) Dial(ctx context.Context, ctl *dbmodel.Controller, mt name } } -func (d *cacheDialer) dial(ctx context.Context, ctl *dbmodel.Controller) (interface{}, error) { +func (d *cacheDialer) dial(ctx context.Context, ctl *dbmodel.Controller, requiredPermissions map[string]string) (interface{}, error) { d.mu.Lock() capi, ok := d.conns[ctl.Name] if ok { @@ -73,7 +73,7 @@ func (d *cacheDialer) dial(ctx context.Context, ctl *dbmodel.Controller) (interf d.mu.Unlock() // We don't have a working connection to the controller, so dial one. - api, err := d.dialer.Dial(ctx, ctl, names.ModelTag{}, nil) + api, err := d.dialer.Dial(ctx, ctl, names.ModelTag{}, requiredPermissions) if err != nil { return nil, err } diff --git a/internal/jujuclient/applicationoffers.go b/internal/jujuclient/applicationoffers.go index 335764453..94e2e7b26 100644 --- a/internal/jujuclient/applicationoffers.go +++ b/internal/jujuclient/applicationoffers.go @@ -209,13 +209,15 @@ func (c Connection) GetApplicationOfferConsumeDetails(ctx context.Context, user OfferURLs: []string{info.Offer.OfferURL}, BakeryVersion: v, }, - UserTag: user.String(), + // Do not include a user in the args, Juju will opt to use the user authenticated in the connection. + // There is a bug where setting the user tag does not behave as expected. + UserTag: "", } resp := jujuparams.ConsumeOfferDetailsResults{ Results: make([]jujuparams.ConsumeOfferDetailsResult, 1), } - err := c.CallHighestFacadeVersion(ctx, "ApplicationOffers", []int{4, 3}, "", "GetConsumeDetails", &args, &resp) + err := c.CallHighestFacadeVersion(ctx, "ApplicationOffers", []int{5, 4}, "", "GetConsumeDetails", &args, &resp) if err != nil { return errors.E(op, jujuerrors.Cause(err)) } diff --git a/internal/rpc/proxy.go b/internal/rpc/proxy.go index 142623a07..60d7db1ce 100644 --- a/internal/rpc/proxy.go +++ b/internal/rpc/proxy.go @@ -515,7 +515,9 @@ func checkPermissionsRequired(ctx context.Context, msg *message) (map[string]any // Check for errors that may be a result of a bulk request. for _, e := range er.Results { - zapctx.Debug(ctx, "received error", zap.Any("error", e)) + if e.Error != nil { + zapctx.Debug(ctx, "received error", zap.Any("error", e.Error)) + } if e.Error != nil && e.Error.Code == accessRequiredErrorCode { for k, v := range e.Error.Info { accessLevel, ok := v.(string) diff --git a/local/jimm/setup-service-account.sh b/local/jimm/setup-service-account.sh new file mode 100755 index 000000000..b18229a0c --- /dev/null +++ b/local/jimm/setup-service-account.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# This script is used to setup a service account by adding a set of cloud-credentials. +# Default values below assume a lxd controller is added to JIMM. + +set -eux + +SERVICE_ACCOUNT_ID="${SERVICE_ACCOUNT_ID:-test-client-id}" +CLOUD="${CLOUD:-localhost}" +CREDENTIAL_NAME="${CREDENTIAL_NAME:-localhost}" + +juju add-service-account "$SERVICE_ACCOUNT_ID" +juju update-service-account-credential "$SERVICE_ACCOUNT_ID" "$CLOUD" "$CREDENTIAL_NAME"