Merge pull request juju#17373 from Aflynn50/3.4-3.5

juju#17373 Merge up from 3.4. The only conflicts were in the cla Github action which was upgraded, and go.mod which was resolved in favor of the higher versions. Commits merged up in this PR are: - juju#17368 from wallyworld - juju#17340 from ycliuhw - juju#17353 from cderici - juju#17365 from wallyworld - juju#17313 from cderici - juju#17321 from Aflynn50 - juju#17283 from Aflynn50 - juju#17236 from juju/dependabot/go_modules/golang.org/x - juju#17221 from jameinel
SimonRichardson · May 15, 2024 · f7c7d8a · f7c7d8a
2 parents 62599ce + ac2387c
commit f7c7d8a
Show file tree

Hide file tree

Showing 9 changed files with 30 additions and 20 deletions.
diff --git a/.github/workflows/terraform-smoke.yml b/.github/workflows/terraform-smoke.yml
@@ -75,6 +75,7 @@ jobs:
     - name: Set environment to configure provider for test
       run: |
         CONTROLLER=$(juju whoami --format yaml | yq .controller)
+        echo "JUJU_AGENT_VERSION=$(juju show-controller | yq -r .$CONTROLLER.details.agent-version)" >> $GITHUB_ENV
         echo "JUJU_CONTROLLER_ADDRESSES=$(juju show-controller | yq .$CONTROLLER.details.api-endpoints | yq -r '. | join(",")')" >> $GITHUB_ENV
         echo "JUJU_USERNAME=$(juju show-controller | yq .$CONTROLLER.account.user)"  >> $GITHUB_ENV
         echo "JUJU_PASSWORD=$(cat ~/.local/share/juju/accounts.yaml | yq .controllers.$CONTROLLER.password)"  >> $GITHUB_ENV

diff --git a/apiserver/facades/agent/secretsmanager/secrets.go b/apiserver/facades/agent/secretsmanager/secrets.go
@@ -691,10 +691,9 @@ func (s *SecretsManagerAPI) getSecretContent(arg params.GetSecretContentArg) (
 		if md != nil {
 			// If the label has is to be changed by the secret owner, update the secret metadata.
 			// TODO(wallyworld) - the label staying the same should be asserted in a txn.
-			isOwner := true
 			if labelToUpdate != nil && *labelToUpdate != md.Label {
-				var err error
-				if isOwner, err = s.canUpdateAppOwnedOrUnitOwnedSecretLabel(md.OwnerTag); err != nil {
+				isOwner, err := s.canUpdateAppOwnedOrUnitOwnedSecretLabel(md.OwnerTag)
+				if err != nil {
 					return nil, nil, false, errors.Trace(err)
 				}
 				if isOwner {
@@ -709,9 +708,10 @@ func (s *SecretsManagerAPI) getSecretContent(arg params.GetSecretContentArg) (
 			uri = md.URI
 			// We don't update the consumer label in this case since the label comes
 			// from the owner metadata and we don't want to violate uniqueness checks.
-			if isOwner {
-				labelToUpdate = nil
-			}
+			// 1. owners use owner label;
+			// 2. the leader and peer units use the owner label for application-owned secrets.
+			// So, no need to update the consumer label.
+			labelToUpdate = nil
 		}
 	}
 

diff --git a/apiserver/facades/agent/secretsmanager/secrets_test.go b/apiserver/facades/agent/secretsmanager/secrets_test.go
@@ -938,7 +938,7 @@ func (s *SecretsManagerSuite) TestGetSecretContentForAppSecretUpdateLabelNotLead
 		Return(nil, errors.NotFoundf("secret consumer"))
 	s.secretsState.EXPECT().GetSecret(uri).Return(&coresecrets.SecretMetadata{LatestRevision: 668}, nil)
 	s.secretsConsumer.EXPECT().SaveSecretConsumer(
-		uri, names.NewUnitTag("mariadb/0"), &coresecrets.SecretConsumerMetadata{Label: "foo", LatestRevision: 668, CurrentRevision: 668}).Return(nil)
+		uri, names.NewUnitTag("mariadb/0"), &coresecrets.SecretConsumerMetadata{LatestRevision: 668, CurrentRevision: 668}).Return(nil)
 	s.secretsState.EXPECT().GetSecretValue(uri, 668).Return(
 		val, nil, nil,
 	)

diff --git a/apiserver/watcher.go b/apiserver/watcher.go
@@ -1419,20 +1419,23 @@ func (w *srvSecretsRevisionWatcher) translateChanges(changes []string) ([]params
 		return nil, nil
 	}
 	secrets := state.NewSecrets(w.st)
-	result := make([]params.SecretRevisionChange, len(changes))
-	for i, uriStr := range changes {
+	result := make([]params.SecretRevisionChange, 0, len(changes))
+	for _, uriStr := range changes {
 		uri, err := coresecrets.ParseURI(uriStr)
 		if err != nil {
 			return nil, errors.Trace(err)
 		}
 		md, err := secrets.GetSecret(uri)
+		if errors.Is(err, errors.NotFound) {
+			continue
+		}
 		if err != nil {
 			return nil, errors.Trace(err)
 		}
-		result[i] = params.SecretRevisionChange{
+		result = append(result, params.SecretRevisionChange{
 			URI:      uri.String(),
 			Revision: md.LatestRevision,
-		}
+		})
 	}
 	return result, nil
 }
diff --git a/go.mod b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/juju/mutex/v2 v2.0.0
 	github.com/juju/names/v5 v5.0.0
 	github.com/juju/naturalsort v1.0.0
-	github.com/juju/os/v2 v2.2.3
+	github.com/juju/os/v2 v2.2.4
 	github.com/juju/packaging/v3 v3.0.0
 	github.com/juju/persistent-cookiejar v1.0.0
 	github.com/juju/proxy v1.0.0
@@ -106,7 +106,7 @@ require (
 	github.com/vmware/govmomi v0.34.1
 	go.uber.org/mock v0.4.0
 	golang.org/x/crypto v0.21.0
-	golang.org/x/net v0.22.0
+	golang.org/x/net v0.23.0
 	golang.org/x/oauth2 v0.15.0
 	golang.org/x/sync v0.5.0
 	golang.org/x/sys v0.18.0

diff --git a/go.sum b/go.sum
@@ -547,8 +547,8 @@ github.com/juju/names/v5 v5.0.0 h1:3IkRTUaniNXsgjy4lNqbJx7dVdsONlzuH6YMYT7uXss=
 github.com/juju/names/v5 v5.0.0/go.mod h1:PkvHbErUTniKvLu1ejJ5m/AbXOW55MFn1jsGVEbVXk8=
 github.com/juju/naturalsort v1.0.0 h1:kGmUUy3h8mJ5/SJYaqKOBR3f3owEd5R52Lh+Tjg/dNM=
 github.com/juju/naturalsort v1.0.0/go.mod h1:Zqa/vGkXr78k47zM6tFmU9phhxKz/PIdqBzpLhJ86zc=
-github.com/juju/os/v2 v2.2.3 h1:5SnGWfzFTXcFwu/sd9qEEf/No3UZxivOjJuWmsHI4N4=
-github.com/juju/os/v2 v2.2.3/go.mod h1:xGfP9I+Xb/A03NcGBsoJgwr084hPckkQHecaHuV3wBQ=
+github.com/juju/os/v2 v2.2.4 h1:8vfmTAYzEwz4bQb8zPOVHa+RstYCn9VFfFQgb8jQqiI=
+github.com/juju/os/v2 v2.2.4/go.mod h1:igGQLjgRSwUery5ZhV/1pZjZkMwnfkAwWCwh5ZfIg+c=
 github.com/juju/packaging/v3 v3.0.0 h1:ZzuHhR8Ql9z2oeQ0m73x6k58PW65Cgk5wR9Yc1exoOI=
 github.com/juju/packaging/v3 v3.0.0/go.mod h1:WXh/SXqh1du8SFzwb1KC+yZuV4Qc4alWP3MEPqFX9Lw=
 github.com/juju/persistent-cookiejar v1.0.0 h1:Ag7+QLzqC2m+OYXy2QQnRjb3gTkEBSZagZ6QozwT3EQ=
@@ -1061,8 +1061,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
-golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
-golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

diff --git a/provider/gce/google/conn.go b/provider/gce/google/conn.go
@@ -131,7 +131,6 @@ type service interface {
 // Otherwise a panic will result.
 type Connection struct {
 	service   service
-	region    string
 	projectID string
 }
 
@@ -148,7 +147,6 @@ func Connect(ctx context.Context, connCfg ConnectionConfig, creds *Credentials)
 
 	conn := &Connection{
 		service:   &rawConn{raw},
-		region:    connCfg.Region,
 		projectID: connCfg.ProjectID,
 	}
 	return conn, nil

diff --git a/provider/gce/google/testing_test.go b/provider/gce/google/testing_test.go
@@ -59,7 +59,6 @@ func (s *BaseSuite) SetUpTest(c *gc.C) {
 	fake := &fakeConn{}
 	s.Conn = &Connection{
 		service:   fake,
-		region:    "a",
 		projectID: "spam",
 	}
 	s.FakeConn = fake

diff --git a/tests/suites/controllercharm/prometheus.sh b/tests/suites/controllercharm/prometheus.sh
@@ -49,18 +49,27 @@ run_prometheus_multiple_units() {
 	retry 'check_prometheus_targets p1 1' 15
 
 	juju remove-unit p1 --num-units 1
+	# Wait until the application p1 settles before health checks
+	wait_for "p1" "$(active_condition "p1" 0)"
+
 	# Check all applications are still healthy
 	juju status -m controller --format json | jq -r "$(active_condition "controller")" | check "controller"
 	juju status --format json | jq -r "$(active_condition "p1" 0)" | check "p1"
 
 	juju remove-relation p2 controller
+	# Wait until the application p2 settles before health checks
+	wait_for "p2" "$(active_condition "p2" 1)"
+
 	# Check Juju controller is removed from Prometheus targets
 	retry 'check_prometheus_no_target p2 0' 5
 	# Check no errors in controller charm or Prometheus
 	juju status -m controller --format json | jq -r "$(active_condition "controller")" | check "controller"
 	juju status --format json | jq -r "$(active_condition "p2" 1)" | check "p2"
 
 	juju remove-relation p1 controller
+	# Wait until the application p1 settles before health checks
+	wait_for "p1" "$(active_condition "p1" 0)"
+
 	# Check Juju controller is removed from Prometheus targets
 	retry 'check_prometheus_no_target p1 0' 5
 	# Check no errors in controller charm or Prometheus