feat(role-jaas): in this pr we add support for jaas's roles in the te…

…rraform provider
juju · Dec 17, 2024 · 870b5fa · 870b5fa
1 parent 46aadad
commit 870b5fa
Show file tree

Hide file tree

Showing 29 changed files with 1,071 additions and 36 deletions.
diff --git a/.github/workflows/test_integration_jaas.yaml b/.github/workflows/test_integration_jaas.yaml
@@ -60,7 +60,7 @@ jobs:
         uses: canonical/jimm/.github/actions/test-server@v3
         id: jaas
         with:
-          jimm-version: v3.1.10
+          jimm-version: v3.1.13
           juju-channel: 3/stable
           ghcr-pat: ${{ secrets.GITHUB_TOKEN }}
       - name: Setup microk8s for juju_kubernetes_cloud test

diff --git a/go.mod b/go.mod
@@ -13,7 +13,7 @@ require (
 )
 
 require (
-	github.com/canonical/jimm-go-sdk/v3 v3.0.5
+	github.com/canonical/jimm-go-sdk/v3 v3.0.6
 	github.com/dustin/go-humanize v1.0.1
 	github.com/hashicorp/terraform-json v0.22.1
 	github.com/hashicorp/terraform-plugin-framework v1.11.0

diff --git a/go.sum b/go.sum
@@ -99,8 +99,8 @@ github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZ
 github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8=
 github.com/canonical/go-dqlite v1.21.0 h1:4gLDdV2GF+vg0yv9Ff+mfZZNQ1JGhnQ3GnS2GeZPHfA=
 github.com/canonical/go-dqlite v1.21.0/go.mod h1:Uvy943N8R4CFUAs59A1NVaziWY9nJ686lScY7ywurfg=
-github.com/canonical/jimm-go-sdk/v3 v3.0.5 h1:eQvn35wlmv+uNfyB7FHm+SkCigBu0x2VS1FlsaNor4Q=
-github.com/canonical/jimm-go-sdk/v3 v3.0.5/go.mod h1:xcJrWTpLHSw3Z16/1Zcvh31awlwIzjXdrYUYCVZhc5s=
+github.com/canonical/jimm-go-sdk/v3 v3.0.6 h1:ovQAEb5R5sSl7Edn27QTi/IyCX93xd87jE9ygj14mG0=
+github.com/canonical/jimm-go-sdk/v3 v3.0.6/go.mod h1:xcJrWTpLHSw3Z16/1Zcvh31awlwIzjXdrYUYCVZhc5s=
 github.com/canonical/lxd v0.0.0-20231214113525-e676fc63c50a h1:Tfo/MzXK5GeG7gzSHqxGeY/669Mhh5ea43dn1mRDnk8=
 github.com/canonical/lxd v0.0.0-20231214113525-e676fc63c50a/go.mod h1:UxfHGKFoRjgu1NUA9EFiR++dKvyAiT0h9HT0ffMlzjc=
 github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c=

diff --git a/internal/juju/interfaces.go b/internal/juju/interfaces.go
@@ -94,6 +94,10 @@ type JaasAPIClient interface {
 	GetGroup(req *jaasparams.GetGroupRequest) (jaasparams.GetGroupResponse, error)
 	RenameGroup(req *jaasparams.RenameGroupRequest) error
 	RemoveGroup(req *jaasparams.RemoveGroupRequest) error
+	AddRole(req *jaasparams.AddRoleRequest) (jaasparams.AddRoleResponse, error)
+	GetRole(req *jaasparams.GetRoleRequest) (jaasparams.GetRoleResponse, error)
+	RenameRole(req *jaasparams.RenameRoleRequest) error
+	RemoveRole(req *jaasparams.RemoveRoleRequest) error
 }
 
 // KubernetesCloudAPIClient defines the set of methods that the Kubernetes cloud API provides.

diff --git a/internal/juju/jaas.go b/internal/juju/jaas.go
@@ -217,3 +217,77 @@ func (jc *jaasClient) RemoveGroup(name string) error {
 	req := params.RemoveGroupRequest{Name: name}
 	return client.RemoveGroup(&req)
 }
+
+type JaasRole struct {
+	Name string
+	UUID string
+}
+
+// AddRole attempts to create a new role with the provided name.
+func (jc *jaasClient) AddRole(name string) (string, error) {
+	conn, err := jc.GetConnection(nil)
+	if err != nil {
+		return "", err
+	}
+	defer func() { _ = conn.Close() }()
+
+	client := jc.getJaasApiClient(conn)
+	req := params.AddRoleRequest{Name: name}
+
+	resp, err := client.AddRole(&req)
+	if err != nil {
+		return "", err
+	}
+	return resp.UUID, nil
+}
+
+// ReadRoleByUUID attempts to read a role that matches the provided UUID.
+func (jc *jaasClient) ReadRoleByUUID(uuid string) (*JaasRole, error) {
+	return jc.readRole(&params.GetRoleRequest{UUID: uuid})
+}
+
+// ReadRoleByName attempts to read a role that matches the provided name.
+func (jc *jaasClient) ReadRoleByName(name string) (*JaasRole, error) {
+	return jc.readRole(&params.GetRoleRequest{Name: name})
+}
+
+func (jc *jaasClient) readRole(req *params.GetRoleRequest) (*JaasRole, error) {
+	conn, err := jc.GetConnection(nil)
+	if err != nil {
+		return nil, err
+	}
+	defer func() { _ = conn.Close() }()
+
+	client := jc.getJaasApiClient(conn)
+	resp, err := client.GetRole(req)
+	if err != nil {
+		return nil, err
+	}
+	return &JaasRole{Name: resp.Name, UUID: resp.UUID}, nil
+}
+
+// RenameRole attempts to rename a role that matches the provided name.
+func (jc *jaasClient) RenameRole(name, newName string) error {
+	conn, err := jc.GetConnection(nil)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = conn.Close() }()
+
+	client := jc.getJaasApiClient(conn)
+	req := params.RenameRoleRequest{Name: name, NewName: newName}
+	return client.RenameRole(&req)
+}
+
+// RemoveRole attempts to remove a role that matches the provided name.
+func (jc *jaasClient) RemoveRole(name string) error {
+	conn, err := jc.GetConnection(nil)
+	if err != nil {
+		return err
+	}
+	defer func() { _ = conn.Close() }()
+
+	client := jc.getJaasApiClient(conn)
+	req := params.RemoveRoleRequest{Name: name}
+	return client.RemoveRole(&req)
+}
diff --git a/internal/juju/jaas_test.go b/internal/juju/jaas_test.go
@@ -223,6 +223,76 @@ func (s *JaasSuite) TestRemoveGroup() {
 	s.Require().NoError(err)
 }
 
+func (s *JaasSuite) TestAddRole() {
+	defer s.setupMocks(s.T()).Finish()
+
+	name := "role"
+	req := &params.AddRoleRequest{Name: name}
+	resp := params.AddRoleResponse{Role: params.Role{UUID: "uuid", Name: name}}
+
+	s.mockJaasClient.EXPECT().AddRole(req).Return(resp, nil)
+
+	client := s.getJaasClient()
+	uuid, err := client.AddRole(name)
+	s.Require().NoError(err)
+	s.Require().Equal(resp.UUID, uuid)
+}
+
+func (s *JaasSuite) TestGetRole() {
+	defer s.setupMocks(s.T()).Finish()
+
+	uuid := "uuid"
+	name := "role"
+
+	req := &params.GetRoleRequest{UUID: uuid}
+	resp := params.GetRoleResponse{Role: params.Role{UUID: uuid, Name: name}}
+	s.mockJaasClient.EXPECT().GetRole(req).Return(resp, nil)
+
+	client := s.getJaasClient()
+	gotRole, err := client.ReadRoleByUUID(uuid)
+	s.Require().NoError(err)
+	s.Require().Equal(*gotRole, JaasRole{UUID: uuid, Name: name})
+}
+
+func (s *JaasSuite) TestGetRoleNotFound() {
+	defer s.setupMocks(s.T()).Finish()
+
+	uuid := "uuid"
+
+	req := &params.GetRoleRequest{UUID: uuid}
+	s.mockJaasClient.EXPECT().GetRole(req).Return(params.GetRoleResponse{}, errors.New("role not found"))
+
+	client := s.getJaasClient()
+	gotRole, err := client.ReadRoleByUUID(uuid)
+	s.Require().Error(err)
+	s.Require().Nil(gotRole)
+}
+
+func (s *JaasSuite) TestRenameRole() {
+	defer s.setupMocks(s.T()).Finish()
+
+	name := "name"
+	newName := "new-name"
+	req := &params.RenameRoleRequest{Name: name, NewName: newName}
+	s.mockJaasClient.EXPECT().RenameRole(req).Return(nil)
+
+	client := s.getJaasClient()
+	err := client.RenameRole(name, newName)
+	s.Require().NoError(err)
+}
+
+func (s *JaasSuite) TestRemoveRole() {
+	defer s.setupMocks(s.T()).Finish()
+
+	name := "role"
+	req := &params.RemoveRoleRequest{Name: name}
+	s.mockJaasClient.EXPECT().RemoveRole(req).Return(nil)
+
+	client := s.getJaasClient()
+	err := client.RemoveRole(name)
+	s.Require().NoError(err)
+}
+
 // In order for 'go test' to run this suite, we need to create
 // a normal test function and pass our suite to suite.Run
 func TestJaasSuite(t *testing.T) {

diff --git a/internal/juju/mock_test.go b/internal/juju/mock_test.go
diff --git a/internal/provider/data_source_jaas_group.go b/internal/provider/data_source_jaas_group.go
@@ -91,7 +91,7 @@ func (d *jaasGroupDataSource) Read(ctx context.Context, req datasource.ReadReque
 	}
 
 	// Update the group with the latest data from JAAS
-	group, err := d.client.Jaas.ReadGroupByName(data.Name.String())
+	group, err := d.client.Jaas.ReadGroupByName(data.Name.ValueString())
 	if err != nil {
 		resp.Diagnostics.AddError("Client Error", fmt.Sprintf("Unable to read group, got error: %v", err))
 		return