Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue 346: Do not require permissions on the controller model to deploy an application. #353

Merged
merged 2 commits into from
Dec 6, 2023
Merged

Fix issue 346: Do not require permissions on the controller model to deploy an application. #353

merged 2 commits into from
Dec 6, 2023

Conversation

hmlanigan
Copy link
Member

@hmlanigan hmlanigan commented Dec 4, 2023
edited
Loading

Description

The controller version can be found via the conn object. We can ignore the boolean as we do have a logged in connection by the time the applicationClient gets one. This is easier, less work and resolves the issue of users not having permissions on the controller for determining the controller version.

Added a channel to the postgresql charm in a test to ensure that ubuntu@18.04 can be used. The current default channel only supports ubuntu@22.04.

Fixes: #346

Type of change

  • Change in tests (one or several tests have been changed)
  • Bug fix (non-breaking change which fixes an issue)

Environment

  • Juju controller version: 2.9.47

  • Terraform version: 1.6.5

QA steps

$ juju bootstrap localhost terraform
$ juju add-model tf-test
$ juju add-user tf-test
$ juju grant tf-test write tf-test

#  Set the new user password to "testing".
$ juju change-user-password tf-test

# Set a password for the admin user to be able to use it again.
$ juju change-user-password
$ juju logout

# Now login with the new user.
$ juju login -u tf-test -c terraform
terraform {
  required_version = ">= 1.5"
  required_providers {
    juju = {
      source  = "juju/juju"
      version = ">=0.10.0"
    }
  }
}

provider "juju" {
    username = "tf-test"
    password = "testing"
}

data "juju_model" "tf_test" {
    name       = "tf-test"
}

resource "juju_application" "ubuntu" {
  model = data.juju_model.tf_test.name
  charm {
    name = "ubuntu"
  }
}

To run the plan, supply username and password for the user created above.

terraform init  && terraform plan && terraform apply

Try to deploy the ubuntu charm using base "ubuntu@18.04" against a 3.1.x controller via terraform. Ensure it continues to fail as the controller does not support 18.04.

Additional notes

JUJU-5119

@hmlanigan hmlanigan added this to the 0.10.1 milestone Dec 4, 2023
@anvial
Copy link
Member

anvial commented Dec 5, 2023
edited
Loading

@hmlanigan, I'm failed to run the QA steps:

First, there is a need to add tf-test password change:

...
juju change-user-password tf-test
...

Second, it looks like we need to change the terraform plan:

resource "juju_application" "ubuntu" {
  model = resource.juju_model.tf_test.name
  charm {
    name = "ubuntu"
  }
}

--->

resource "juju_application" "ubuntu" {
  model = data.juju_model.tf_test.name
  charm {
    name = "ubuntu"
  }
}

Finally, I got:

Planning failed. Terraform encountered an error while generating this plan.

╷
│ Error: Username and password must be set
│ 
│   with provider["registry.terraform.io/juju/juju"],
│   on plan1.tf line 11, in provider "juju":
│   11: provider "juju" {
│ 
│ Currently the provider can only authenticate using username and password based authentication, if both are empty the provider will panic
╵

@hmlanigan
Copy link
Member Author

hmlanigan commented Dec 5, 2023
edited
Loading

@anvial I updated the plan for testing.

With the plan failing, did you use the env var? Perhaps we need to export them first. The alternative is to add them to the plan:

provider "juju" {
    username = "tf-test"
    password = "testing"
}

@hmlanigan
A better way to find the controller version.
f424128 
The old way failed when a juju user without permissions for the
controller model used a plan to deploy an application. It also
created an additional connection and client, which with the new
method are not needed.

Leaving the controller version off the application client is not a
problem as a new client is created for all terraform plans/applies.
It will be found new each time.
@hmlanigan
Fix test.
e97c75d 
Postgresql charm in the default channel supports 22.04 only. Specify the
lastest/stable channel to find other versions of ubuntu.
anvial
anvial approved these changes Dec 6, 2023
View reviewed changes
Copy link
Member

@anvial anvial left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've exported the envvars and it works!

thx for PR.

@hmlanigan hmlanigan merged commit 4eaafbd into juju:main Dec 6, 2023
16 checks passed
@hmlanigan hmlanigan deleted the fix-issue-346 branch December 6, 2023 18:47
@mcarvalhor mcarvalhor mentioned this pull request Jan 3, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anvial anvial anvial approved these changes

@cderici cderici Awaiting requested review from cderici

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.10.1
Development

Successfully merging this pull request may close these issues.

Terraform always tries to connect to the "controller" model, fails if it doesn't have permissions to do so
2 participants
@hmlanigan @anvial