Merge pull request #16470 from ycliuhw/merge-3.3

#16470 Merge branch `3.3` into `main`: - #16426 - #16435 - #16445 - #16452 - #16451 - #16453 - #16455 - #16456 - #16457 - #16460 - #16461 - #16454 - #16394 - #16469 ``` # Conflicts: # apiserver/common/secrets/access.go # apiserver/common/secrets/access_test.go # apiserver/common/secrets/drain.go # apiserver/common/secrets/drain_test.go # apiserver/common/secrets/mocks/commonsecrets_mock.go # apiserver/common/secrets/watcher.go # apiserver/common/secrets/watcher_test.go # apiserver/facades/agent/provisioner/imagemetadata_test.go # apiserver/facades/agent/secretsdrain/mocks/modelstate.go # apiserver/facades/agent/secretsdrain/mocks/secretsprovider.go # apiserver/facades/agent/secretsdrain/package_test.go # apiserver/facades/agent/secretsdrain/register.go # apiserver/facades/agent/secretsdrain/state.go # cmd/jujud/agent/caasoperator/manifolds.go # environs/bootstrap/bootstrap.go # environs/simplestreams/datasource.go # environs/simplestreams/datasource_test.go # go.sum # worker/dbaccessor/package_test.go # worker/firewaller/firewaller_test.go # worker/modelcache/worker_test.go # worker/secretsdrainworker/manifold.go # worker/secretsdrainworker/manifold_test.go # worker/secretsdrainworker/package_test.go # worker/uniter/charm/bundles_test.go # worker/uniter/uniter_test.go # worker/uniter/util_test.go ```
juju · Oct 23, 2023 · 4c255ef · 4c255ef
2 parents f86f199 + d2485aa
commit 4c255ef
Show file tree

Hide file tree

Showing 73 changed files with 3,686 additions and 1,044 deletions.
diff --git a/api/agent/secretsdrain/client.go b/api/agent/secretsdrain/client.go
@@ -4,144 +4,11 @@
 package secretsdrain
 
 import (
-	"github.com/juju/errors"
-
 	"github.com/juju/juju/api/base"
-	apiwatcher "github.com/juju/juju/api/watcher"
-	apiservererrors "github.com/juju/juju/apiserver/errors"
-	coresecrets "github.com/juju/juju/core/secrets"
-	"github.com/juju/juju/core/watcher"
-	"github.com/juju/juju/rpc/params"
+	commonsecretdrain "github.com/juju/juju/api/common/secretsdrain"
 )
 
-// Client is the api client for the SecretsDrain facade.
-type Client struct {
-	facade base.FacadeCaller
-}
-
 // NewClient creates a secrets api client.
-func NewClient(caller base.APICaller) *Client {
-	return &Client{
-		facade: base.NewFacadeCaller(caller, "SecretsDrain"),
-	}
-}
-
-func processListSecretResult(info params.ListSecretResult) (out coresecrets.SecretMetadata, _ error) {
-	uri, err := coresecrets.ParseURI(info.URI)
-	if err != nil {
-		return out, errors.NotValidf("secret URI %q", info.URI)
-	}
-	return coresecrets.SecretMetadata{
-		URI:              uri,
-		OwnerTag:         info.OwnerTag,
-		Description:      info.Description,
-		Label:            info.Label,
-		RotatePolicy:     coresecrets.RotatePolicy(info.RotatePolicy),
-		LatestRevision:   info.LatestRevision,
-		LatestExpireTime: info.LatestExpireTime,
-		NextRotateTime:   info.NextRotateTime,
-	}, nil
-}
-
-// GetSecretsToDrain returns metadata for the secrets that need to be drained.
-func (c *Client) GetSecretsToDrain() ([]coresecrets.SecretMetadataForDrain, error) {
-	var results params.ListSecretResults
-	err := c.facade.FacadeCall("GetSecretsToDrain", nil, &results)
-	if err != nil {
-		return nil, errors.Trace(err)
-	}
-	out := make([]coresecrets.SecretMetadataForDrain, len(results.Results))
-	for i, info := range results.Results {
-		md, err := processListSecretResult(info)
-		if err != nil {
-			return nil, errors.Trace(err)
-		}
-		revisions := make([]coresecrets.SecretRevisionMetadata, len(info.Revisions))
-		for i, r := range info.Revisions {
-			rev := coresecrets.SecretRevisionMetadata{
-				Revision:    r.Revision,
-				BackendName: r.BackendName,
-				CreateTime:  r.CreateTime,
-				UpdateTime:  r.UpdateTime,
-				ExpireTime:  r.ExpireTime,
-			}
-			if r.ValueRef != nil {
-				rev.ValueRef = &coresecrets.ValueRef{
-					BackendID:  r.ValueRef.BackendID,
-					RevisionID: r.ValueRef.RevisionID,
-				}
-			}
-			revisions[i] = rev
-		}
-		out[i] = coresecrets.SecretMetadataForDrain{Metadata: md, Revisions: revisions}
-	}
-	return out, nil
-}
-
-// ChangeSecretBackendArg is the argument for ChangeSecretBackend.
-type ChangeSecretBackendArg struct {
-	URI      *coresecrets.URI
-	Revision int
-	Data     map[string]string
-	ValueRef *coresecrets.ValueRef
-}
-
-// ChangeSecretBackendResult is the result for ChangeSecretBackend.
-type ChangeSecretBackendResult struct {
-	Results []error
-}
-
-// ErrorCount returns the number of errors in the result.
-func (r ChangeSecretBackendResult) ErrorCount() (out int) {
-	for _, err := range r.Results {
-		if err != nil {
-			out++
-		}
-	}
-	return out
-}
-
-// ChangeSecretBackend updates the backend for the specified secret after migration done.
-func (c *Client) ChangeSecretBackend(metaRevisions []ChangeSecretBackendArg) (ChangeSecretBackendResult, error) {
-	var results params.ErrorResults
-	out := ChangeSecretBackendResult{Results: make([]error, len(metaRevisions))}
-	args := params.ChangeSecretBackendArgs{Args: make([]params.ChangeSecretBackendArg, len(metaRevisions))}
-	for i, mdr := range metaRevisions {
-		arg := params.ChangeSecretBackendArg{
-			URI:      mdr.URI.String(),
-			Revision: mdr.Revision,
-			Content:  params.SecretContentParams{Data: mdr.Data},
-		}
-		if mdr.ValueRef != nil {
-			arg.Content.ValueRef = &params.SecretValueRef{
-				BackendID:  mdr.ValueRef.BackendID,
-				RevisionID: mdr.ValueRef.RevisionID,
-			}
-		}
-		args.Args[i] = arg
-	}
-	err := c.facade.FacadeCall("ChangeSecretBackend", args, &results)
-	if err != nil {
-		return out, errors.Trace(err)
-	}
-	if len(results.Results) != len(metaRevisions) {
-		return out, errors.Errorf("expected %d result, got %d", len(metaRevisions), len(results.Results))
-	}
-	for i, result := range results.Results {
-		out.Results[i] = apiservererrors.RestoreError(result.Error)
-	}
-	return out, nil
-}
-
-// WatchSecretBackendChanged sets up a watcher to notify of changes to the secret backend.
-func (c *Client) WatchSecretBackendChanged() (watcher.NotifyWatcher, error) {
-	var result params.NotifyWatchResult
-	if err := c.facade.FacadeCall("WatchSecretBackendChanged", nil, &result); err != nil {
-		return nil, errors.Trace(err)
-	}
-	if result.Error != nil {
-		return nil, apiservererrors.RestoreError(result.Error)
-	}
-	w := apiwatcher.NewNotifyWatcher(c.facade.RawAPICaller(), result)
-	return w, nil
+func NewClient(caller base.APICaller) *commonsecretdrain.Client {
+	return commonsecretdrain.NewClient(base.NewFacadeCaller(caller, "SecretsDrain"))
 }
diff --git a/api/agent/secretsdrain/client_test.go b/api/agent/secretsdrain/client_test.go
@@ -4,15 +4,11 @@
 package secretsdrain_test
 
 import (
-	"time"
-
-	jc "github.com/juju/testing/checkers"
+	"go.uber.org/mock/gomock"
 	gc "gopkg.in/check.v1"
 
 	"github.com/juju/juju/api/agent/secretsdrain"
-	"github.com/juju/juju/api/base/testing"
-	coresecrets "github.com/juju/juju/core/secrets"
-	"github.com/juju/juju/rpc/params"
+	"github.com/juju/juju/api/agent/secretsdrain/mocks"
 	coretesting "github.com/juju/juju/testing"
 )
 
@@ -23,131 +19,12 @@ type secretsDrainSuite struct {
 }
 
 func (s *secretsDrainSuite) TestNewClient(c *gc.C) {
-	apiCaller := testing.APICallerFunc(func(objType string, version int, id, request string, arg, result interface{}) error {
-		return nil
-	})
-	client := secretsdrain.NewClient(apiCaller)
-	c.Assert(client, gc.NotNil)
-}
-
-func (s *secretsDrainSuite) TestGetSecretsToDrain(c *gc.C) {
-	uri := coresecrets.NewURI()
-	now := time.Now()
-	apiCaller := testing.APICallerFunc(func(objType string, version int, id, request string, arg, result interface{}) error {
-		c.Check(objType, gc.Equals, "SecretsDrain")
-		c.Check(version, gc.Equals, 0)
-		c.Check(id, gc.Equals, "")
-		c.Check(request, gc.Equals, "GetSecretsToDrain")
-		c.Check(arg, gc.IsNil)
-		c.Assert(result, gc.FitsTypeOf, &params.ListSecretResults{})
-		*(result.(*params.ListSecretResults)) = params.ListSecretResults{
-			Results: []params.ListSecretResult{{
-				URI:              uri.String(),
-				OwnerTag:         "application-mariadb",
-				Label:            "label",
-				LatestRevision:   667,
-				NextRotateTime:   &now,
-				LatestExpireTime: &now,
-				Revisions: []params.SecretRevision{{
-					Revision: 666,
-					ValueRef: &params.SecretValueRef{
-						BackendID:  "backend-id",
-						RevisionID: "rev-id",
-					},
-				}, {
-					Revision: 667,
-				}},
-			}},
-		}
-		return nil
-	})
-	client := secretsdrain.NewClient(apiCaller)
-	result, err := client.GetSecretsToDrain()
-	c.Assert(err, jc.ErrorIsNil)
-	c.Assert(result, gc.HasLen, 1)
-	for _, info := range result {
-		c.Assert(info.Metadata.URI.String(), gc.Equals, uri.String())
-		c.Assert(info.Metadata.OwnerTag, gc.Equals, "application-mariadb")
-		c.Assert(info.Metadata.Label, gc.Equals, "label")
-		c.Assert(info.Metadata.LatestRevision, gc.Equals, 667)
-		c.Assert(info.Metadata.LatestExpireTime, gc.Equals, &now)
-		c.Assert(info.Metadata.NextRotateTime, gc.Equals, &now)
-		c.Assert(info.Revisions, jc.DeepEquals, []coresecrets.SecretRevisionMetadata{
-			{
-				Revision: 666,
-				ValueRef: &coresecrets.ValueRef{
-					BackendID:  "backend-id",
-					RevisionID: "rev-id",
-				},
-			},
-			{
-				Revision: 667,
-			},
-		})
-	}
-}
+	ctrl := gomock.NewController(c)
+	defer ctrl.Finish()
 
-func (s *secretsDrainSuite) TestChangeSecretBackend(c *gc.C) {
-	uri := coresecrets.NewURI()
-	apiCaller := testing.APICallerFunc(func(objType string, version int, id, request string, arg, result interface{}) error {
-		c.Check(objType, gc.Equals, "SecretsDrain")
-		c.Check(version, gc.Equals, 0)
-		c.Check(id, gc.Equals, "")
-		c.Check(request, gc.Equals, "ChangeSecretBackend")
-		c.Check(arg, jc.DeepEquals, params.ChangeSecretBackendArgs{
-			Args: []params.ChangeSecretBackendArg{
-				{
-					URI:      uri.String(),
-					Revision: 666,
-					Content: params.SecretContentParams{
-						ValueRef: &params.SecretValueRef{
-							BackendID:  "backend-id",
-							RevisionID: "rev-id",
-						},
-					},
-				},
-			},
-		})
-		c.Assert(result, gc.FitsTypeOf, &params.ErrorResults{})
-		*(result.(*params.ErrorResults)) = params.ErrorResults{
-			[]params.ErrorResult{{
-				Error: nil,
-			}},
-		}
-		return nil
-	})
-	client := secretsdrain.NewClient(apiCaller)
-	result, err := client.ChangeSecretBackend(
-		[]secretsdrain.ChangeSecretBackendArg{
-			{
-				URI:      uri,
-				Revision: 666,
-				ValueRef: &coresecrets.ValueRef{
-					BackendID:  "backend-id",
-					RevisionID: "rev-id",
-				},
-			},
-		},
-	)
-	c.Assert(err, jc.ErrorIsNil)
-	c.Assert(result.Results, gc.HasLen, 1)
-	c.Assert(result.Results[0], jc.ErrorIsNil)
-}
+	apiCaller := mocks.NewMockAPICaller(ctrl)
+	apiCaller.EXPECT().BestFacadeVersion("SecretsDrain").Return(1)
 
-func (s *secretsDrainSuite) TestWatchSecretBackendChanged(c *gc.C) {
-	apiCaller := testing.APICallerFunc(func(objType string, version int, id, request string, arg, result interface{}) error {
-		c.Check(objType, gc.Equals, "SecretsDrain")
-		c.Check(version, gc.Equals, 0)
-		c.Check(id, gc.Equals, "")
-		c.Check(request, gc.Equals, "WatchSecretBackendChanged")
-		c.Check(arg, gc.IsNil)
-		c.Assert(result, gc.FitsTypeOf, &params.NotifyWatchResult{})
-		*(result.(*params.NotifyWatchResult)) = params.NotifyWatchResult{
-			Error: &params.Error{Message: "FAIL"},
-		}
-		return nil
-	})
 	client := secretsdrain.NewClient(apiCaller)
-	_, err := client.WatchSecretBackendChanged()
-	c.Assert(err, gc.ErrorMatches, "FAIL")
+	c.Assert(client, gc.NotNil)
 }