Merge pull request #552 from kian99/CSS-9769-generic-access-crud

CSS-9769 Generic access resource crud
juju · Sep 12, 2024 · f008b48 · f008b48
2 parents 19e0845 + 03f53fb
commit f008b48
Show file tree

Hide file tree

Showing 10 changed files with 822 additions and 53 deletions.
diff --git a/internal/juju/client.go b/internal/juju/client.go
@@ -10,6 +10,7 @@ import (
 	"sync"
 	"time"
 
+	jaasApi "github.com/canonical/jimm-go-sdk/v3/api"
 	"github.com/hashicorp/terraform-plugin-log/tflog"
 	"github.com/juju/errors"
 	"github.com/juju/juju/api"
@@ -77,6 +78,9 @@ type sharedClient struct {
 
 	// subCtx is the context created with the new tflog subsystem for applications.
 	subCtx context.Context
+
+	checkJAASOnce sync.Once
+	isJAAS        bool
 }
 
 // NewClient returns a client which can talk to the juju controller
@@ -113,27 +117,29 @@ func NewClient(ctx context.Context, config ControllerConfiguration) (*Client, er
 	}, nil
 }
 
-var checkJAASOnce sync.Once
-var isJAAS bool
-
 // IsJAAS checks if the controller is a JAAS controller.
-// It does this by checking whether it offers the "JIMM" facade which
-// will only ever be offered by JAAS. The method accepts a default value
-// and doesn't return an error because callers are not expected to fail if
-// they can't determine whether they are connecting to JAAS.
+// It does this by checking whether a JIMM specific call can be made.
+// The method accepts a default value and doesn't return an error
+// because callers are not expected to fail if they can't determine
+// whether they are connecting to JAAS.
 //
 // IsJAAS uses a synchronisation object to only perform the check once and return the same result.
 func (sc *sharedClient) IsJAAS(defaultVal bool) bool {
-	checkJAASOnce.Do(func() {
+	sc.checkJAASOnce.Do(func() {
+		sc.isJAAS = defaultVal
 		conn, err := sc.GetConnection(nil)
 		if err != nil {
-			isJAAS = defaultVal
 			return
 		}
 		defer conn.Close()
-		isJAAS = conn.BestFacadeVersion("JIMM") != 0
+		jc := jaasApi.NewClient(conn)
+		_, err = jc.ListControllers()
+		if err == nil {
+			sc.isJAAS = true
+			return
+		}
 	})
-	return isJAAS
+	return sc.isJAAS
 }
 
 // GetConnection returns a juju connection for use creating juju

diff --git a/internal/juju/jaas.go b/internal/juju/jaas.go
@@ -52,6 +52,22 @@ func toAPITuple(tuple JaasTuple) params.RelationshipTuple {
 	}
 }
 
+func toJaasTuples(tuples []params.RelationshipTuple) []JaasTuple {
+	out := make([]JaasTuple, 0, len(tuples))
+	for _, tuple := range tuples {
+		out = append(out, toJaasTuple(tuple))
+	}
+	return out
+}
+
+func toJaasTuple(tuple params.RelationshipTuple) JaasTuple {
+	return JaasTuple{
+		Object:   tuple.Object,
+		Relation: tuple.Relation,
+		Target:   tuple.TargetObject,
+	}
+}
+
 // AddRelations attempts to create the provided slice of relationship tuples.
 // An empty slice of tuples will return an error.
 func (jc *jaasClient) AddRelations(tuples []JaasTuple) error {
@@ -90,7 +106,7 @@ func (jc *jaasClient) DeleteRelations(tuples []JaasTuple) error {
 
 // ReadRelations attempts to read relations that match the criteria defined by `tuple`.
 // An nil tuple pointer is invalid and will return an error.
-func (jc *jaasClient) ReadRelations(ctx context.Context, tuple *JaasTuple) ([]params.RelationshipTuple, error) {
+func (jc *jaasClient) ReadRelations(ctx context.Context, tuple *JaasTuple) ([]JaasTuple, error) {
 	if tuple == nil {
 		return nil, errors.New("read relation tuple is nil")
 	}
@@ -102,7 +118,7 @@ func (jc *jaasClient) ReadRelations(ctx context.Context, tuple *JaasTuple) ([]pa
 	defer func() { _ = conn.Close() }()
 
 	client := jc.getJaasApiClient(conn)
-	relations := make([]params.RelationshipTuple, 0)
+	relations := make([]JaasTuple, 0)
 	req := &params.ListRelationshipTuplesRequest{Tuple: toAPITuple(*tuple)}
 	for {
 		resp, err := client.ListRelationshipTuples(req)
@@ -114,7 +130,7 @@ func (jc *jaasClient) ReadRelations(ctx context.Context, tuple *JaasTuple) ([]pa
 			jc.Errorf(err, "call to ListRelationshipTuples contained error(s)")
 			return nil, errors.New(resp.Errors[0])
 		}
-		relations = append(relations, resp.Tuples...)
+		relations = append(relations, toJaasTuples(resp.Tuples)...)
 		if resp.ContinuationToken == "" {
 			return relations, nil
 		}

diff --git a/internal/juju/jaas_test.go b/internal/juju/jaas_test.go
@@ -120,6 +120,7 @@ func (s *JaasSuite) TestReadRelations() {
 	relations, err := client.ReadRelations(context.Background(), &tuple)
 	s.Require().NoError(err)
 	s.Require().Len(relations, 2)
+	s.Require().Equal(relations, []JaasTuple{tuple, tuple})
 }
 
 func (s *JaasSuite) TestReadRelationsEmptyTuple() {

diff --git a/internal/provider/expect_recreated_resource_test.go b/internal/provider/expect_recreated_resource_test.go
@@ -0,0 +1,47 @@
+// Copyright 2024 Canonical Ltd.
+// Licensed under the Apache License, Version 2.0, see LICENCE file for details.
+
+package provider
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	tfjson "github.com/hashicorp/terraform-json"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+)
+
+var _ plancheck.PlanCheck = expectRecreatedResource{}
+
+type expectRecreatedResource struct {
+	resourceName string
+}
+
+// CheckPlan implements the plan check logic.
+func (e expectRecreatedResource) CheckPlan(ctx context.Context, req plancheck.CheckPlanRequest, resp *plancheck.CheckPlanResponse) {
+	var result []error
+
+	for _, rc := range req.Plan.ResourceChanges {
+		if rc.Address == e.resourceName {
+			changes := rc.Change.Actions
+			if len(changes) != 2 {
+				result = append(result, fmt.Errorf("2 changes for resource %s expected (delete and create): %d found", rc.Address, len(changes)))
+				continue
+			}
+			if changes[0] != tfjson.ActionDelete && changes[1] != tfjson.ActionCreate {
+				result = append(result, fmt.Errorf("expected delete then create for resource %s, but found planned action(s): %v", rc.Address, rc.Change.Actions))
+			}
+		}
+	}
+
+	resp.Error = errors.Join(result...)
+}
+
+// expectRecreatedResource returns a plan check that asserts a delete and create change are present.
+// All output and resource changes found will be aggregated and returned in a plan check error.
+func ExpectRecreatedResource(resourceName string) plancheck.PlanCheck {
+	return expectRecreatedResource{
+		resourceName: resourceName,
+	}
+}
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -378,6 +378,7 @@ func (p *jujuProvider) Resources(_ context.Context) []func() resource.Resource {
 		func() resource.Resource { return NewUserResource() },
 		func() resource.Resource { return NewSecretResource() },
 		func() resource.Resource { return NewAccessSecretResource() },
+		func() resource.Resource { return NewJAASAccessModelResource() },
 	}
 }
 

diff --git a/internal/provider/provider_test.go b/internal/provider/provider_test.go
@@ -261,3 +261,13 @@ func TestFrameworkProviderSchema(t *testing.T) {
 	assert.Equal(t, resp.Diagnostics.HasError(), false)
 	assert.Len(t, resp.Schema.Attributes, 6)
 }
+
+func expectedResourceOwner() string {
+	// Only 1 field is expected to be populated.
+	username := os.Getenv(JujuUsernameEnvKey)
+	clientId := os.Getenv(JujuClientIDEnvKey)
+	if clientId != "" {
+		clientId = clientId + "@serviceaccount"
+	}
+	return username + clientId
+}