Merge branch '2.9' into merge-2.9-20220105

sdg0919 · Jan 6, 2022 · d471e3d · d471e3d
2 parents 3f3976b + 672fe14
commit d471e3d
Show file tree

Hide file tree

Showing 46 changed files with 332 additions and 146 deletions.
diff --git a/acceptancetests/jujupy/k8s_provider/base.py b/acceptancetests/jujupy/k8s_provider/base.py
@@ -33,7 +33,6 @@
 from jujupy.client import temp_bootstrap_env
 from jujupy.utility import ensure_dir, until_timeout
 
-
 logger = logging.getLogger(__name__)
 
 
@@ -209,15 +208,13 @@ def assert_rbac_config(self):
         if self.enable_rbac and not rbac_enabled_in_cluster:
             raise Exception("RBAC is required but it's NOT enabled in the cluster")
         if not self.enable_rbac and rbac_enabled_in_cluster:
-            raise Exception("RBAC is unexpectedly enabled in the cluster")
+            raise Exception("RBAC is NOT required but it's enabled in the cluster")
 
-    def check_rbac_enable(self):
-        timeout = 180
-        cmd = ['/bin/sh', '-c', f'{" ".join(self._kubectl_bin)} run --timeout={timeout}s tmp-shell --restart=Never --rm -i --tty --image bitnami/kubectl:latest -- auth can-i create pods; exit 0']
-        o = self.sh(*cmd, timeout=timeout)
-        logger.info('checking RBAC by run "%s" -> %s', ' '.join(cmd), o)
-        # The default SA in the default namespace does NOT have permission to create pods when RBAC is enabled.
-        return 'no' in o.split()
+    def check_rbac_enable(self, timeout=10):
+        cmd = [f'{" ".join(self._kubectl_bin)} auth can-i create pods --as=poorguy']
+        output = self.sh(*cmd, timeout=timeout, no_check=True)
+        logger.info('checking RBAC by run "%s" -> %s', ' '.join(cmd), output)
+        return 'no' in [item.strip() for item in output.split()]
 
     def kubectl(self, *args):
         return self.sh(*(self._kubectl_bin + args))
@@ -234,9 +231,11 @@ def patch_configmap(self, namespace, cm_name, key, value):
         cm['data'] = data
         self.kubectl_apply(json.dumps(cm))
 
-    def sh(self, *args, shell=False, ignore_quote=False, timeout=None):
+    def sh(self, *args, shell=False, ignore_quote=False, timeout=None, no_check=False):
         args = [quote(str(arg)) if shell and not ignore_quote else str(arg) for arg in args]
         logger.debug('sh -> %s', ' '.join(args))
+        if no_check:
+            return subprocess.getoutput(' '.join(args))
         return subprocess.check_output(
             # cmd should be a list of str.
             args,

diff --git a/api/applicationoffers/client.go b/api/applicationoffers/client.go
@@ -32,7 +32,7 @@ func NewClient(st base.APICallCloser) *Client {
 }
 
 // Offer prepares application's endpoints for consumption.
-func (c *Client) Offer(modelUUID, application string, endpoints []string, offerName string, desc string) ([]params.ErrorResult, error) {
+func (c *Client) Offer(modelUUID, application string, endpoints []string, owner, offerName, desc string) ([]params.ErrorResult, error) {
 	// TODO(wallyworld) - support endpoint aliases
 	ep := make(map[string]string)
 	for _, name := range endpoints {
@@ -45,6 +45,7 @@ func (c *Client) Offer(modelUUID, application string, endpoints []string, offerN
 			ApplicationDescription: desc,
 			Endpoints:              ep,
 			OfferName:              offerName,
+			OwnerTag:               names.NewUserTag(owner).String(),
 		},
 	}
 	out := params.ErrorResults{}

diff --git a/api/applicationoffers/client_test.go b/api/applicationoffers/client_test.go
@@ -33,6 +33,7 @@ func (s *crossmodelMockSuite) TestOffer(c *gc.C) {
 	endPointB := "endPointB"
 	offer := "offer"
 	desc := "desc"
+	owner := "fred"
 
 	msg := "fail"
 	apiCaller := basetesting.APICallerFunc(
@@ -54,6 +55,7 @@ func (s *crossmodelMockSuite) TestOffer(c *gc.C) {
 			c.Assert(offer.ApplicationName, gc.Equals, application)
 			c.Assert(offer.Endpoints, jc.DeepEquals, map[string]string{endPointA: endPointA, endPointB: endPointB})
 			c.Assert(offer.OfferName, gc.Equals, offer.OfferName)
+			c.Assert(offer.OwnerTag, gc.Equals, "user-"+owner)
 			c.Assert(offer.ApplicationDescription, gc.Equals, desc)
 
 			if results, ok := result.(*params.ErrorResults); ok {
@@ -68,7 +70,7 @@ func (s *crossmodelMockSuite) TestOffer(c *gc.C) {
 		})
 
 	client := applicationoffers.NewClient(apiCaller)
-	results, err := client.Offer("uuid", application, []string{endPointA, endPointB}, offer, desc)
+	results, err := client.Offer("uuid", application, []string{endPointA, endPointB}, owner, offer, desc)
 	c.Assert(err, jc.ErrorIsNil)
 	c.Assert(results, gc.HasLen, 2)
 	c.Assert(results, jc.DeepEquals,
@@ -93,7 +95,7 @@ func (s *crossmodelMockSuite) TestOfferFacadeCallError(c *gc.C) {
 			return errors.New(msg)
 		})
 	client := applicationoffers.NewClient(apiCaller)
-	results, err := client.Offer("", "", nil, "", "")
+	results, err := client.Offer("", "", nil, "fred", "", "")
 	c.Assert(errors.Cause(err), gc.ErrorMatches, msg)
 	c.Assert(results, gc.IsNil)
 }

diff --git a/api/facadeversions.go b/api/facadeversions.go
@@ -19,7 +19,7 @@ var facadeVersions = map[string]int{
 	"AllWatcher":                   1,
 	"Annotations":                  2,
 	"Application":                  13,
-	"ApplicationOffers":            3,
+	"ApplicationOffers":            4,
 	"ApplicationScaler":            1,
 	"Backups":                      3,
 	"Block":                        2,

diff --git a/apiserver/allfacades.go b/apiserver/allfacades.go
@@ -146,7 +146,7 @@ func AllFacades() *facade.Registry {
 
 	reg("Application", 13, application.NewFacadeV13)
 
-	reg("ApplicationOffers", 3, applicationoffers.NewOffersAPIV3)
+	reg("ApplicationOffers", 4, applicationoffers.NewOffersAPIV4)
 	reg("ApplicationScaler", 1, applicationscaler.NewAPI)
 	reg("Backups", 3, backups.NewFacadeV3)
 	reg("Block", 2, block.NewAPI)

diff --git a/apiserver/common/relationunitswatcher.go b/apiserver/common/relationunitswatcher.go
@@ -26,7 +26,7 @@ type RelationUnitsWatcher interface {
 	Err() error
 }
 
-// NewRelationUnitsWatcherFromState wraps a state-level
+// RelationUnitsWatcherFromState wraps a state-level
 // RelationUnitsWatcher in an equivalent apiserver-level one, taking
 // responsibility for the source watcher's lifetime.
 func RelationUnitsWatcherFromState(source state.RelationUnitsWatcher) (RelationUnitsWatcher, error) {

diff --git a/apiserver/facades/client/application/application_unit_test.go b/apiserver/facades/client/application/application_unit_test.go
@@ -28,7 +28,6 @@ import (
 	"github.com/juju/juju/caas"
 	k8s "github.com/juju/juju/caas/kubernetes/provider"
 	k8sconstants "github.com/juju/juju/caas/kubernetes/provider/constants"
-	"github.com/juju/juju/controller"
 	coreapplication "github.com/juju/juju/core/application"
 	coreassumes "github.com/juju/juju/core/assumes"
 	corecharm "github.com/juju/juju/core/charm"
@@ -38,7 +37,6 @@ import (
 	"github.com/juju/juju/core/network"
 	"github.com/juju/juju/core/status"
 	"github.com/juju/juju/environs"
-	"github.com/juju/juju/feature"
 	"github.com/juju/juju/state"
 	"github.com/juju/juju/storage"
 	"github.com/juju/juju/storage/provider"
@@ -2242,13 +2240,6 @@ func (s *ApplicationSuite) TestSetCharmAssumesNotSatisfied(c *gc.C) {
 		},
 	}
 
-	// Enable controller flag so we can enforce "assumes" blocks
-	ctrlCfg := coretesting.FakeControllerConfig()
-	ctrlCfg[controller.Features] = []interface{}{
-		feature.CharmAssumes,
-	}
-	s.backend.controllerCfg = &ctrlCfg
-
 	// Try to upgrade the charm
 	err := s.api.SetCharm(params.ApplicationSetCharm{
 		ApplicationName: "postgresql",
@@ -2269,13 +2260,6 @@ func (s *ApplicationSuite) TestSetCharmAssumesNotSatisfiedWithForce(c *gc.C) {
 		},
 	}
 
-	// Enable controller flag so we can enforce "assumes" blocks
-	ctrlCfg := coretesting.FakeControllerConfig()
-	ctrlCfg[controller.Features] = []interface{}{
-		feature.CharmAssumes,
-	}
-	s.backend.controllerCfg = &ctrlCfg
-
 	// Try to upgrade the charm
 	err := s.api.SetCharm(params.ApplicationSetCharm{
 		ApplicationName: "postgresql",

diff --git a/apiserver/facades/client/application/deploy.go b/apiserver/facades/client/application/deploy.go
@@ -20,7 +20,6 @@ import (
 	"github.com/juju/juju/core/instance"
 	"github.com/juju/juju/environs"
 	"github.com/juju/juju/environs/bootstrap"
-	"github.com/juju/juju/feature"
 	"github.com/juju/juju/state"
 	"github.com/juju/juju/state/stateenvirons"
 	"github.com/juju/juju/storage"
@@ -216,15 +215,6 @@ func assertCharmAssumptions(assumesExprTree *assumes.ExpressionTree, model Model
 		return nil
 	}
 
-	ctrlCfg, err := ctrlCfgGetter()
-	if err != nil {
-		return errors.Trace(err)
-	}
-
-	if !ctrlCfg.Features().Contains(feature.CharmAssumes) {
-		return nil
-	}
-
 	featureSet, err := supportedFeaturesGetter(model, environs.New)
 	if err != nil {
 		return errors.Annotate(err, "querying feature set supported by the model")

diff --git a/apiserver/facades/client/application/deploy_test.go b/apiserver/facades/client/application/deploy_test.go
@@ -10,7 +10,6 @@ import (
 	"github.com/juju/collections/set"
 	"github.com/juju/errors"
 	"github.com/juju/juju/controller"
-	"github.com/juju/juju/feature"
 	"github.com/juju/juju/testcharms"
 	coretesting "github.com/juju/juju/testing"
 	jc "github.com/juju/testing/checkers"
@@ -489,12 +488,7 @@ func (s *DeployLocalSuite) TestDeployWithUnmetCharmRequirements(c *gc.C) {
 	charm, err := testing.PutCharm(s.State, curl, ch)
 	c.Assert(err, jc.ErrorIsNil)
 
-	// Enable controller flag so we can enforce "assumes" blocks
-	ctrlCfg := coretesting.FakeControllerConfig()
-	ctrlCfg[controller.Features] = []interface{}{
-		feature.CharmAssumes,
-	}
-	var f = fakeDeployer{controllerCfg: &ctrlCfg}
+	var f = fakeDeployer{}
 
 	model, err := s.State.Model()
 	c.Assert(err, jc.ErrorIsNil)
@@ -515,12 +509,7 @@ func (s *DeployLocalSuite) TestDeployWithUnmetCharmRequirementsAndForce(c *gc.C)
 	charm, err := testing.PutCharm(s.State, curl, ch)
 	c.Assert(err, jc.ErrorIsNil)
 
-	// Enable controller flag so we can enforce "assumes" blocks
-	ctrlCfg := coretesting.FakeControllerConfig()
-	ctrlCfg[controller.Features] = []interface{}{
-		feature.CharmAssumes,
-	}
-	var f = fakeDeployer{controllerCfg: &ctrlCfg}
+	var f = fakeDeployer{}
 
 	model, err := s.State.Model()
 	c.Assert(err, jc.ErrorIsNil)

diff --git a/apiserver/facades/client/applicationoffers/applicationoffers.go b/apiserver/facades/client/applicationoffers/applicationoffers.go
@@ -67,8 +67,8 @@ func createOffersAPI(
 	return api, nil
 }
 
-// NewOffersAPIV3 returns a new application offers OffersAPIV3 facade.
-func NewOffersAPIV3(ctx facade.Context) (*OffersAPI, error) {
+// NewOffersAPIV4 returns a new application offers OffersAPIV4 facade.
+func NewOffersAPIV4(ctx facade.Context) (*OffersAPI, error) {
 	environFromModel := func(modelUUID string) (environs.Environ, error) {
 		st, err := ctx.StatePool().Get(modelUUID)
 		if err != nil {
@@ -109,7 +109,7 @@ func NewOffersAPIV3(ctx facade.Context) (*OffersAPI, error) {
 func (api *OffersAPI) Offer(all params.AddApplicationOffers) (params.ErrorResults, error) {
 	result := make([]params.ErrorResult, len(all.Offers))
 
-	user := api.Authorizer.GetAuthTag().(names.UserTag)
+	apiUser := api.Authorizer.GetAuthTag().(names.UserTag)
 	for i, one := range all.Offers {
 		modelTag, err := names.ParseModelTag(one.ModelTag)
 		if err != nil {
@@ -123,12 +123,21 @@ func (api *OffersAPI) Offer(all params.AddApplicationOffers) (params.ErrorResult
 		}
 		defer releaser()
 
-		if err := api.checkAdmin(user, backend); err != nil {
+		if err := api.checkAdmin(apiUser, backend); err != nil {
 			result[i].Error = apiservererrors.ServerError(err)
 			continue
 		}
 
-		applicationOfferParams, err := api.makeAddOfferArgsFromParams(user, backend, one)
+		owner := apiUser
+		// The V4 version of the api includes the offer owner in the params.
+		if one.OwnerTag != "" {
+			var err error
+			if owner, err = names.ParseUserTag(one.OwnerTag); err != nil {
+				result[i].Error = apiservererrors.ServerError(err)
+				continue
+			}
+		}
+		applicationOfferParams, err := api.makeAddOfferArgsFromParams(owner, backend, one)
 		if err != nil {
 			result[i].Error = apiservererrors.ServerError(err)
 			continue

diff --git a/apiserver/facades/client/applicationoffers/applicationoffers_test.go b/apiserver/facades/client/applicationoffers/applicationoffers_test.go
@@ -75,13 +75,14 @@ func (s *applicationOffersSuite) assertOffer(c *gc.C, expectedErr error) {
 		OfferName:       "offer-test",
 		ApplicationName: applicationName,
 		Endpoints:       map[string]string{"db": "db"},
+		OwnerTag:        "user-fred",
 	}
 	all := params.AddApplicationOffers{Offers: []params.AddApplicationOffer{one}}
 	s.applicationOffers.addOffer = func(offer jujucrossmodel.AddApplicationOfferArgs) (*jujucrossmodel.ApplicationOffer, error) {
 		c.Assert(offer.OfferName, gc.Equals, one.OfferName)
 		c.Assert(offer.ApplicationName, gc.Equals, one.ApplicationName)
 		c.Assert(offer.ApplicationDescription, gc.Equals, "A pretty popular blog engine")
-		c.Assert(offer.Owner, gc.Equals, "admin")
+		c.Assert(offer.Owner, gc.Equals, "fred")
 		c.Assert(offer.HasRead, gc.DeepEquals, []string{"everyone@external"})
 		return &jujucrossmodel.ApplicationOffer{}, nil
 	}

diff --git a/apiserver/facades/client/modelmanager/modelinfo_test.go b/apiserver/facades/client/modelmanager/modelinfo_test.go
@@ -32,7 +32,6 @@ import (
 	environscloudspec "github.com/juju/juju/environs/cloudspec"
 	"github.com/juju/juju/environs/config"
 	"github.com/juju/juju/environs/context"
-	"github.com/juju/juju/feature"
 	"github.com/juju/juju/state"
 	coretesting "github.com/juju/juju/testing"
 	"github.com/juju/juju/version"
@@ -103,19 +102,10 @@ func (s *modelInfoSuite) SetUpTest(c *gc.C) {
 	}
 	s.st.controllerModel = controllerModel
 
-	// TODO(achilleasa): as the supported features reporting is behind a
-	// flag we need to set it here so we can test the actual code. This
-	// should be removed once the feature goes live.
-	ctrlCfg := coretesting.FakeControllerConfig()
-	ctrlCfg[controller.Features] = []interface{}{
-		feature.CharmAssumes,
-	}
 	s.ctlrSt = &mockState{
 		model:           controllerModel,
 		controllerModel: controllerModel,
-		controllerCfg:   &ctrlCfg,
 	}
-	s.st.controllerCfg = &ctrlCfg
 
 	s.st.model = &mockModel{
 		owner:          names.NewUserTag("bob@local"),
@@ -278,7 +268,6 @@ func (s *modelInfoSuite) TestModelInfo(c *gc.C) {
 		{"ControllerNodes", nil},
 		{"HAPrimaryMachine", nil},
 		{"LatestMigration", nil},
-		{"ControllerConfig", nil},
 		{"CloudCredential", []interface{}{names.NewCloudCredentialTag("some-cloud/bob/some-credential")}},
 	})
 }

diff --git a/apiserver/facades/client/modelmanager/modelmanager.go b/apiserver/facades/client/modelmanager/modelmanager.go
@@ -34,7 +34,6 @@ import (
 	"github.com/juju/juju/environs/config"
 	"github.com/juju/juju/environs/context"
 	"github.com/juju/juju/environs/space"
-	"github.com/juju/juju/feature"
 	"github.com/juju/juju/state"
 	"github.com/juju/juju/state/stateenvirons"
 	"github.com/juju/juju/tools"
@@ -1057,30 +1056,21 @@ func (m *ModelManagerAPI) getModelInfo(tag names.ModelTag) (params.ModelInfo, er
 		}
 	}
 
-	// TODO(achilleasa): remove this check when we are ready to roll out
-	// support for "assumes" expressions.
-	ctrlConf, err := st.ControllerConfig()
+	fs, err := supportedFeaturesGetter(model, environs.New)
 	if err != nil {
 		return params.ModelInfo{}, err
 	}
-
-	if ctrlConf.Features().Contains(feature.CharmAssumes) {
-		fs, err := supportedFeaturesGetter(model, environs.New)
-		if err != nil {
-			return params.ModelInfo{}, err
+	for _, feat := range fs.AsList() {
+		mappedFeat := params.SupportedFeature{
+			Name:        feat.Name,
+			Description: feat.Description,
 		}
-		for _, feat := range fs.AsList() {
-			mappedFeat := params.SupportedFeature{
-				Name:        feat.Name,
-				Description: feat.Description,
-			}
 
-			if feat.Version != nil {
-				mappedFeat.Version = feat.Version.String()
-			}
-
-			info.SupportedFeatures = append(info.SupportedFeatures, mappedFeat)
+		if feat.Version != nil {
+			mappedFeat.Version = feat.Version.String()
 		}
+
+		info.SupportedFeatures = append(info.SupportedFeatures, mappedFeat)
 	}
 	return info, nil
 }

diff --git a/apiserver/facades/client/modelmanager/modelmanager_test.go b/apiserver/facades/client/modelmanager/modelmanager_test.go
@@ -287,7 +287,6 @@ func (s *modelManagerSuite) TestCreateModelArgs(c *gc.C) {
 		"ControllerNodes",
 		"HAPrimaryMachine",
 		"LatestMigration",
-		"ControllerConfig",
 	)
 
 	// Check that Model.LastModelConnection is called three times
@@ -460,7 +459,6 @@ func (s *modelManagerSuite) TestCreateCAASModelArgs(c *gc.C) {
 		"ControllerNodes",
 		"HAPrimaryMachine",
 		"LatestMigration",
-		"ControllerConfig",
 	)
 	s.caasBroker.CheckCallNames(c, "Create")