CSS-4744 - Merge main forward into feature-rebac

.air.toml

@@ -29,6 +29,7 @@ tmp_dir = "tmp"
 
 [log]
   time = false
+  main_only = true
 
 [misc]
   clean_on_exit = false

Dockerfile

@@ -20,7 +20,7 @@ COPY . .
 RUN echo "${GIT_COMMIT}" | tee ./version/commit.txt
 RUN echo "${VERSION}" | tee ./version/version.txt
 RUN --mount=type=ssh source /root/.gvm/scripts/gvm && go mod vendor
-RUN --mount=type=ssh source /root/.gvm/scripts/gvm && go build -o jimmsrv -race -v -a -mod vendor ./cmd/jimmsrv
+RUN --mount=type=ssh source /root/.gvm/scripts/gvm && go build -tags version -o jimmsrv -v -a -mod vendor ./cmd/jimmsrv
 
 # Define a smaller single process image for deployment
 FROM ${DOCKER_REGISTRY}ubuntu:20.04 AS deploy-env

charms/jimm-k8s/src/charm.py

@@ -74,6 +74,7 @@
     "OPENFGA_PORT": "missing openfga relation",
 }
 
+JIMM_SERVICE_NAME = "jimm"
 DATABASE_NAME = "jimm"
 OPENFGA_STORE_NAME = "jimm"
 LOG_FILE = "/var/log/jimm"
@@ -289,7 +290,7 @@ def _update_workload(self, event):
             "summary": "jimm layer",
             "description": "pebble config layer for jimm",
             "services": {
-                "jimm": {
+                JIMM_SERVICE_NAME: {
                     "override": "merge",
                     "summary": "JAAS Intelligent Model Manager",
                     "command": "/root/jimmsrv",
@@ -307,10 +308,10 @@ def _update_workload(self, event):
         }
         container.add_layer("jimm", pebble_layer, combine=True)
         if self._ready():
-            if container.get_service("jimm").is_running():
+            if container.get_service(JIMM_SERVICE_NAME).is_running():
                 container.replan()
             else:
-                container.start("jimm")
+                container.start(JIMM_SERVICE_NAME)
             self.unit.status = ActiveStatus("running")
         else:
             logger.info("workload container not ready - defering")
@@ -321,9 +322,9 @@ def _update_workload(self, event):
         if dashboard_relation and self.unit.is_leader():
             dashboard_relation.data[self.app].update(
                 {
-                    "controller-url": dns_name,
-                    "identity-provider-url": self.config.get("candid-url"),
-                    "is-juju": str(False),
+                    "controller_url": "wss://{}".format(dns_name),
+                    "identity_provider_url": self.config.get("candid-url"),
+                    "is_juju": str(False),
                 }
             )
 
@@ -336,7 +337,7 @@ def _on_stop(self, _):
         try:
             container = self.unit.get_container(WORKLOAD_CONTAINER)
             if container.can_connect():
-                container.stop("jimm")
+                container.stop(JIMM_SERVICE_NAME)
         except Exception as e:
             logger.info("failed to stop the jimm service: {}".format(e))
         self._ready()
@@ -353,9 +354,9 @@ def _on_dashboard_relation_joined(self, event: RelationJoinedEvent):
 
         event.relation.data[self.app].update(
             {
-                "controller-url": dns_name,
-                "identity-provider-url": self.config["candid-url"],
-                "is-juju": str(False),
+                "controller_url": "wss://{}".format(dns_name),
+                "identity_provider_url": self.config["candid-url"],
+                "is_juju": str(False),
             }
         )
 
@@ -391,12 +392,12 @@ def _ready(self):
 
         if container.can_connect():
             plan = container.get_plan()
-            if plan.services.get("jimm") is None:
+            if plan.services.get(JIMM_SERVICE_NAME) is None:
                 logger.error("waiting for service")
                 self.unit.status = WaitingStatus("waiting for service")
                 return False
 
-            env_vars = plan.services.get("jimm").environment
+            env_vars = plan.services.get(JIMM_SERVICE_NAME).environment
 
             for setting, message in REQUIRED_SETTINGS.items():
                 if not env_vars.get(setting, ""):
@@ -405,7 +406,7 @@ def _ready(self):
                     )
                     return False
 
-            if container.get_service("jimm").is_running():
+            if container.get_service(JIMM_SERVICE_NAME).is_running():
                 self.unit.status = ActiveStatus("running")
             else:
                 self.unit.status = WaitingStatus("stopped")
@@ -608,7 +609,7 @@ def _get_dns_name(self, event):
         if not self._state.is_ready():
             event.defer()
             logger.warning("State is not ready")
-            return
+            return None
 
         default_dns_name = "{}.{}-endpoints.{}.svc.cluster.local".format(
             self.unit.name.replace("/", "-"),
@@ -654,15 +655,15 @@ def _on_certificate_expiring(self, event: CertificateExpiringEvent) -> None:
 
         new_csr = generate_csr(
             private_key=private_key.encode(),
-            subject=self.dns_name,
+            subject=dns_name,
         )
         self.certificates.request_certificate_renewal(
             old_certificate_signing_request=old_csr,
             new_certificate_signing_request=new_csr,
         )
         self._state.csr = new_csr.decode()
 
-        self._update_workload()
+        self._update_workload(event)
 
     @requires_state_setter
     def _on_certificate_revoked(self, event: CertificateRevokedEvent) -> None:
@@ -687,7 +688,7 @@ def _on_certificate_revoked(self, event: CertificateRevokedEvent) -> None:
         del self._state.chain
 
         self.unit.status = WaitingStatus("Waiting for new certificate")
-        self._update_workload()
+        self._update_workload(event)
 
     @requires_state_setter
     def _on_ingress_ready(self, event: IngressPerAppReadyEvent):

charms/jimm-k8s/tests/unit/test_charm.py

@@ -269,11 +269,11 @@ def test_dashboard_relation_joined(self):
 
         self.assertTrue(data)
         self.assertEqual(
-            data["controller-url"],
-            "juju-jimm-k8s-0.juju-jimm-k8s-endpoints.None.svc.cluster.local",
+            data["controller_url"],
+            "wss://juju-jimm-k8s-0.juju-jimm-k8s-endpoints.None.svc.cluster.local",
         )
-        self.assertEqual(data["identity-provider-url"], "https://candid.example.com")
-        self.assertEqual(data["is-juju"], "False")
+        self.assertEqual(data["identity_provider_url"], "https://candid.example.com")
+        self.assertEqual(data["is_juju"], "False")
 
     @patch("src.charm.JimmOperatorCharm._get_network_address")
     @patch("socket.gethostname")

charms/jimm/README.md

@@ -43,6 +43,7 @@ juju deploy openfga
 juju add-relation juju-jimm:openfga postgresql:openfga
 ```
 
+
 ## Developing
 
 Create and activate a virtualenv with the development requirements:

charms/jimm/charmcraft.yaml

@@ -7,10 +7,12 @@ parts:
       - ./templates
       - ./files
       - README.md
-    charm-python-packages:
-      - setuptools
+    charm-python-packages: [setuptools]
+    charm-binary-python-packages:
+      - Jinja2 >= 2.11.3
+      - markupsafe >= 2.0.1
+      - pydantic == 1.10.*
       - cosl
-      - pydantic==1.10
 bases:
   # Ensure run-on is the same or newer than build-on
   # since jimm-server is a Go binary using CGO dependencies

charms/jimm/lib/charms/grafana_agent/v0/cos_agent.py

@@ -191,7 +191,7 @@ class _MetricsEndpointDict(TypedDict):
 LIBAPI = 0
 LIBPATCH = 3
 
-PYDEPS = ["cosl", "pydantic==1.10"]
+PYDEPS = ["cosl", "pydantic == 1.10.*"]
 
 DEFAULT_RELATION_NAME = "cos-agent"
 DEFAULT_PEER_RELATION_NAME = "peers"

charms/jimm/metadata.yaml

@@ -22,7 +22,7 @@ issues: https://github.com/canonical/jimm/issues
 
 description: |
   JIMM is a juju controller, used in conjunction with the JaaS dashboard to provide a seamless way
-  to manage models, regardless of where their controllers reside or what cloud they may be running on. 
+  to manage models, regardless of where their controllers reside or what cloud they may be running on.
 
 provides:
   website:

charms/jimm/requirements.txt

@@ -3,5 +3,5 @@ Jinja2 >= 2.11.3
 ops >= 2.0.0
 charmhelpers >= 0.20.22
 hvac >= 0.11.0
-pydantic == 1.10
+pydantic == 1.10.*
 cosl

charms/jimm/src/charm.py

@@ -142,7 +142,6 @@ def _on_config_changed(self, _):
 
         with open(self._env_filename(), "wt") as f:
             f.write(self._render_template("jimm.env", **args))
-
         if self._ready():
             self.restart()
         self._on_update_status(None)
@@ -151,7 +150,7 @@ def _on_config_changed(self, _):
         if dashboard_relation:
             dashboard_relation.data[self.app].update(
                 {
-                    "controller-url": self.config["dns-name"],
+                    "controller-url": "wss://{}".format(self.config["dns-name"]),
                     "identity-provider-url": self.config["candid-url"],
                     "is-juju": str(False),
                 }
@@ -399,9 +398,9 @@ def _snap(self, *args):
     def _on_dashboard_relation_joined(self, event):
         event.relation.data[self.app].update(
             {
-                "controller-url": self.config["dns-name"],
-                "identity-provider-url": self.config["candid-url"],
-                "is-juju": str(False),
+                "controller_url": "wss://{}".format(self.config["dns-name"]),
+                "identity_provider_url": self.config["candid-url"],
+                "is_juju": str(False),
             }
         )
 

charms/jimm/tests/test_charm.py

@@ -510,7 +510,7 @@ def test_dashboard_relation_joined(self):
             harness.charm._agent_filename = tmp.name
             harness.update_config(
                 {
-                    "dns-name": "https://jimm.example.com",
+                    "dns-name": "jimm.example.com",
                     "candid-agent-username": "username@candid",
                     "candid-agent-private-key": "agent-private-key",
                     "candid-agent-public-key": "agent-public-key",
@@ -526,9 +526,9 @@ def test_dashboard_relation_joined(self):
         harness.add_relation_unit(id, "juju-dashboard/0")
         data = harness.get_relation_data(id, "juju-jimm")
         self.assertTrue(data)
-        self.assertEqual(data["controller-url"], "https://jimm.example.com")
-        self.assertEqual(data["identity-provider-url"], "https://candid.example.com")
-        self.assertEqual(data["is-juju"], "False")
+        self.assertEqual(data["controller_url"], "wss://jimm.example.com")
+        self.assertEqual(data["identity_provider_url"], "https://candid.example.com")
+        self.assertEqual(data["is_juju"], "False")
 
     def test_openfga_relation_changed(self):
         id = self.harness.add_relation("openfga", "openfga")

charms/jimm/tox.ini

@@ -9,7 +9,6 @@ envlist = lint, unit
 [vars]
 src_path = {toxinidir}/src/
 tst_path = {toxinidir}/tests/
-;lib_path = {toxinidir}/lib/charms/operator_name_with_underscores
 all_path = {[vars]src_path} {[vars]tst_path} 
 
 [testenv]

cmd/jimmctl/cmd/modelstatus.go

@@ -63,7 +63,7 @@ func (c *modelStatusCommand) SetFlags(f *gnuflag.FlagSet) {
 
 // Init implements the cmd.Command interface.
 func (c *modelStatusCommand) Init(args []string) error {
-	if len(args) < 0 {
+	if len(args) < 1 {
 		return errors.E("missing model uuid")
 	}
 	c.modelUUID, args = args[0], args[1:]

cmd/jimmsrv/main.go

@@ -15,6 +15,7 @@ import (
 	"go.uber.org/zap"
 
 	"github.com/CanonicalLtd/jimm"
+	"github.com/CanonicalLtd/jimm/version"
 )
 
 func main() {
@@ -32,6 +33,10 @@ func main() {
 
 // start initialises the jimmsrv service.
 func start(ctx context.Context, s *service.Service) error {
+	zapctx.Info(ctx, "jimm info",
+		zap.String("version", version.VersionInfo.Version),
+		zap.String("commit", version.VersionInfo.GitCommit),
+	)
 	if logLevel := os.Getenv("JIMM_LOG_LEVEL"); logLevel != "" {
 		if err := zapctx.LogLevel.UnmarshalText([]byte(logLevel)); err != nil {
 			zapctx.Error(ctx, "cannot set log level", zap.Error(err))

docker-compose.yaml

@@ -33,6 +33,7 @@ services:
     ports:
       - 17070:80
     environment:
+      JIMM_LOG_LEVEL: "debug"
       JIMM_UUID: "3217dbc9-8ea9-4381-9e97-01eab0b3f6bb"
       JIMM_DSN: "postgresql://jimm:jimm@db/jimm"
       CANDID_URL: "http://0.0.0.0:8081" # For external client redirects (in the case of compose and running outside)
@@ -78,9 +79,9 @@ services:
         condition: service_healthy
     labels:
       traefik.enable: true
-      traefik.http.routers.httpd.rule: Host(`jimm.localhost`)
-      traefik.http.routers.httpd.entrypoints: websecure
-      traefik.http.routers.httpd.tls: true
+      traefik.http.routers.jimm.rule: Host(`jimm.localhost`)
+      traefik.http.routers.jimm.entrypoints: websecure
+      traefik.http.routers.jimm.tls: true
 
   db:
     image: postgres
@@ -134,8 +135,6 @@ services:
     image: candid:latest
     container_name: candid
     entrypoint: "/candid.sh"
-    command: ""
-    # command: "/etc/candid/config.yaml && echo 'hi' && ls"
     expose:
       - 8081
     ports:

internal/dashboard/dashboard.go

@@ -31,7 +31,7 @@ const (
 // handler will redirect to that URL. If the location is a path on the disk
 // then the handler will serve the files from that path. Otherwise a
 // NotFoundHandler will be returned.
-func Handler(ctx context.Context, loc string) http.Handler {
+func Handler(ctx context.Context, loc string, publicDNSname string) http.Handler {
 	mux := http.NewServeMux()
 
 	u, err := url.Parse(loc)
@@ -85,6 +85,7 @@ func Handler(ctx context.Context, loc string) http.Handler {
 				continue
 			}
 			var w bytes.Buffer
+			configParams["baseControllerURL"] = publicDNSname
 			if err := t.Execute(&w, configParams); err != nil {
 				zapctx.Error(ctx, "error executing config.js.go", zap.Error(err))
 				continue
@@ -118,7 +119,6 @@ func Handler(ctx context.Context, loc string) http.Handler {
 				)
 				continue
 			}
-
 			type guiArchiveVersion struct {
 				// Version holds the Juju GUI version number.
 				Version version.Number `json:"version"`