Merge pull request juju#17000 from Aflynn50/3.3-3.4

juju#17000

There were minor conflicts with version numbers in various places and the upgrade steps juju#16969 had to be updated to target upgrades through 3.4.1. The upgrade steps present for 3.3.1 that had made there way in here by accident were removed on the advice of @wallyworld.

 The PRs included in this merge up are:
- juju#16999 from Aflynn50
- juju#16997 from wallyworld
- juju#16969 from jack-w-shaw
- juju#16988 from tlm
- juju#16983 from Aflynn50
- juju#16973 from Aflynn50
- juju#16980 from juju
- juju#16976 from Aflynn50
- juju#16974 from wallyworld
- juju#16972 from jack-w-shaw
- juju#16970 from tlm
- juju#16959 from juju
- juju#16957 from jameinel
- juju#16932 from hpidcock
- juju#16945 from benhoyt
- juju#16943 from wallyworld

api/common/package_test.go

@@ -9,8 +9,6 @@ import (
 	gc "gopkg.in/check.v1"
 )
 
-//go:generate go run go.uber.org/mock/mockgen -package common_test -destination network_mock_test.go github.com/juju/juju/core/network ConfigSource,ConfigSourceNIC,ConfigSourceAddr
-
 func TestAll(t *testing.T) {
 	gc.TestingT(t)
 }

apiserver/facades/agent/provisioner/provisioner.go

@@ -333,6 +333,9 @@ func (api *ProvisionerAPI) ContainerManagerConfig(args params.ContainerManagerCo
 	if url, set := mConfig.ContainerImageMetadataURL(); set {
 		cfg[config.ContainerImageMetadataURLKey] = url
 	}
+	if mConfig.ContainerImageMetadataDefaultsDisabled() {
+		cfg[config.ContainerImageMetadataDefaultsDisabledKey] = "true"
+	}
 	cfg[config.ContainerImageStreamKey] = mConfig.ContainerImageStream()
 	cfg[config.ContainerNetworkingMethod] = mConfig.ContainerNetworkingMethod()
 

apiserver/facades/agent/provisioner/provisioner_test.go

@@ -1439,6 +1439,21 @@ func (s *withoutControllerSuite) TestContainerManagerConfigDefaults(c *gc.C) {
 	})
 }
 
+func (s *withoutControllerSuite) TestContainerManagerConfigDefaultMetadataDisabled(c *gc.C) {
+	attrs := map[string]interface{}{
+		"container-image-metadata-defaults-disabled": true,
+	}
+	err := s.Model.UpdateModelConfig(attrs, nil)
+	c.Assert(err, jc.ErrorIsNil)
+	cfg := s.getManagerConfig(c, instance.KVM)
+	c.Assert(cfg, jc.DeepEquals, map[string]string{
+		container.ConfigModelUUID:                        coretesting.ModelTag.Id(),
+		config.ContainerImageStreamKey:                   "released",
+		config.ContainerImageMetadataDefaultsDisabledKey: "true",
+		config.ContainerNetworkingMethod:                 config.ConfigDefaults()[config.ContainerNetworkingMethod].(string),
+	})
+}
+
 func (s *withoutControllerSuite) TestWatchMachineErrorRetry(c *gc.C) {
 	s.WaitForModelWatchersIdle(c, s.Model.UUID())
 	s.PatchValue(&provisioner.ErrorRetryWaitDelay, 2*coretesting.ShortWait)

apiserver/facades/agent/secretsmanager/secrets.go

@@ -466,7 +466,7 @@ func (s *SecretsManagerAPI) GetSecretContentInfo(args params.GetSecretContentArg
 	return result, nil
 }
 
-func (s *SecretsManagerAPI) getRemoteSecretContent(uri *coresecrets.URI, refresh, peek bool, label string, updateLabel bool) (
+func (s *SecretsManagerAPI) getRemoteSecretContent(uri *coresecrets.URI, refresh, peek bool, labelToUpdate *string) (
 	*secrets.ContentParams, *secretsprovider.ModelBackendConfig, bool, error,
 ) {
 	extClient, err := s.remoteClientGetter(uri)
@@ -526,13 +526,13 @@ func (s *SecretsManagerAPI) getRemoteSecretContent(uri *coresecrets.URI, refresh
 	if err != nil {
 		return nil, nil, false, errors.Trace(err)
 	}
-	if refresh || updateLabel {
+	if refresh || labelToUpdate != nil {
 		if refresh {
 			consumerInfo.LatestRevision = latestRevision
 			consumerInfo.CurrentRevision = latestRevision
 		}
-		if label != "" {
-			consumerInfo.Label = label
+		if labelToUpdate != nil {
+			consumerInfo.Label = *labelToUpdate
 		}
 		if err := s.secretsConsumer.SaveSecretConsumer(uri, s.authTag, consumerInfo); err != nil {
 			return nil, nil, false, errors.Trace(err)
@@ -590,26 +590,29 @@ func (s *SecretsManagerAPI) GetSecretRevisionContentInfo(arg params.SecretRevisi
 	return result, nil
 }
 
-func (s *SecretsManagerAPI) updateLabelForAppOwnedOrUnitOwnedSecret(uri *coresecrets.URI, label string, owner string) error {
-	if uri == nil || label == "" {
-		// We have done this check before, but it doesn't hurt to do it again.
-		return nil
-	}
-
-	ownerTag, err := names.ParseTag(owner)
-	if err != nil {
-		return errors.Trace(err)
-	}
-	if ownerTag != s.authTag {
+func (s *SecretsManagerAPI) canUpdateAppOwnedOrUnitOwnedSecretLabel(owner string) (bool, error) {
+	if owner != s.authTag.String() {
 		isLeaderUnit, err := commonsecrets.IsLeaderUnit(s.authTag, s.leadershipChecker)
 		if err != nil {
-			return errors.Trace(err)
+			return false, errors.Trace(err)
 		}
+		// Only unit leaders can update app owned secret labels.
 		if !isLeaderUnit {
-			return errors.New("only unit leaders can update an application owned secret label")
+			return false, nil
 		}
 	}
+	return true, nil
+}
 
+func (s *SecretsManagerAPI) updateAppOwnedOrUnitOwnedSecretLabel(uri *coresecrets.URI, label, owner string) error {
+	if uri == nil || label == "" {
+		// We have done this check before, but it doesn't hurt to do it again.
+		return errors.New("uri and label cannot be nil")
+	}
+	ownerTag, err := names.ParseTag(owner)
+	if err != nil {
+		return errors.Trace(err)
+	}
 	token, err := commonsecrets.OwnerToken(s.authTag, ownerTag, s.leadershipChecker)
 	if err != nil {
 		return errors.Trace(err)
@@ -674,8 +677,10 @@ func (s *SecretsManagerAPI) getSecretContent(arg params.GetSecretContentArg) (
 	}
 
 	// arg.Label could be the consumer label for consumers or the owner label for owners.
-	possibleUpdateLabel := arg.Label != "" && uri != nil
-	labelToUpdate := arg.Label
+	var labelToUpdate *string
+	if arg.Label != "" && uri != nil {
+		labelToUpdate = &arg.Label
+	}
 
 	// For local secrets, check those which may be owned by the caller.
 	if uri == nil || uri.IsLocal(s.modelUUID) {
@@ -686,18 +691,27 @@ func (s *SecretsManagerAPI) getSecretContent(arg params.GetSecretContentArg) (
 		if md != nil {
 			// If the label has is to be changed by the secret owner, update the secret metadata.
 			// TODO(wallyworld) - the label staying the same should be asserted in a txn.
-			possibleUpdateLabel = possibleUpdateLabel && labelToUpdate != md.Label
-			if possibleUpdateLabel {
-				if err = s.updateLabelForAppOwnedOrUnitOwnedSecret(uri, labelToUpdate, md.OwnerTag); err != nil {
+			isOwner := true
+			if labelToUpdate != nil && *labelToUpdate != md.Label {
+				var err error
+				if isOwner, err = s.canUpdateAppOwnedOrUnitOwnedSecretLabel(md.OwnerTag); err != nil {
 					return nil, nil, false, errors.Trace(err)
 				}
+				if isOwner {
+					err = s.updateAppOwnedOrUnitOwnedSecretLabel(uri, *labelToUpdate, md.OwnerTag)
+					if err != nil {
+						return nil, nil, false, errors.Trace(err)
+					}
+				}
 			}
 			// 1. secrets can be accessed by the owner;
 			// 2. application owned secrets can be accessed by all the units of the application using owner label or URI.
 			uri = md.URI
 			// We don't update the consumer label in this case since the label comes
 			// from the owner metadata and we don't want to violate uniqueness checks.
-			labelToUpdate = ""
+			if isOwner {
+				labelToUpdate = nil
+			}
 		}
 	}
 
@@ -714,7 +728,7 @@ func (s *SecretsManagerAPI) getSecretContent(arg params.GetSecretContentArg) (
 	logger.Debugf("getting secret content for: %s", uri)
 
 	if !uri.IsLocal(s.modelUUID) {
-		return s.getRemoteSecretContent(uri, arg.Refresh, arg.Peek, arg.Label, possibleUpdateLabel)
+		return s.getRemoteSecretContent(uri, arg.Refresh, arg.Peek, labelToUpdate)
 	}
 
 	canRead, err := s.canRead(uri, s.authTag)
@@ -726,7 +740,7 @@ func (s *SecretsManagerAPI) getSecretContent(arg params.GetSecretContentArg) (
 	}
 
 	// labelToUpdate is the consumer label for consumers.
-	consumedRevision, err := s.getConsumedRevision(uri, arg.Refresh, arg.Peek, labelToUpdate, possibleUpdateLabel)
+	consumedRevision, err := s.getConsumedRevision(uri, arg.Refresh, arg.Peek, labelToUpdate)
 	if err != nil {
 		return nil, nil, false, errors.Annotate(err, "getting latest secret revision")
 	}
@@ -752,13 +766,13 @@ func (s *SecretsManagerAPI) UpdateTrackedRevisions(uris []string) (params.ErrorR
 			result.Results[i].Error = apiservererrors.ServerError(err)
 			continue
 		}
-		_, err = s.getConsumedRevision(uri, true, false, "", false)
+		_, err = s.getConsumedRevision(uri, true, false, nil)
 		result.Results[i].Error = apiservererrors.ServerError(err)
 	}
 	return result, nil
 }
 
-func (s *SecretsManagerAPI) getConsumedRevision(uri *coresecrets.URI, refresh, peek bool, label string, possibleUpdateLabel bool) (int, error) {
+func (s *SecretsManagerAPI) getConsumedRevision(uri *coresecrets.URI, refresh, peek bool, labelToUpdate *string) (int, error) {
 	consumerInfo, err := s.secretsConsumer.GetSecretConsumer(uri, s.authTag)
 	if err != nil && !errors.Is(err, errors.NotFound) {
 		return 0, errors.Trace(err)
@@ -787,9 +801,9 @@ func (s *SecretsManagerAPI) getConsumedRevision(uri *coresecrets.URI, refresh, p
 		wantRevision = md.LatestRevision
 	}
 	// Save the latest consumer info if required.
-	if refresh || possibleUpdateLabel {
-		if label != "" {
-			consumerInfo.Label = label
+	if refresh || labelToUpdate != nil {
+		if labelToUpdate != nil {
+			consumerInfo.Label = *labelToUpdate
 		}
 		if err := s.secretsConsumer.SaveSecretConsumer(uri, s.authTag, consumerInfo); err != nil {
 			return 0, errors.Trace(err)

apiserver/facades/agent/secretsmanager/secrets_test.go

@@ -912,8 +912,12 @@ func (s *SecretsManagerSuite) TestGetSecretContentForAppSecretUpdateLabel(c *gc.
 func (s *SecretsManagerSuite) TestGetSecretContentForAppSecretUpdateLabelNotLeader(c *gc.C) {
 	defer s.setup(c).Finish()
 
+	data := map[string]string{"foo": "bar"}
+	val := coresecrets.NewSecretValue(data)
 	uri := coresecrets.NewURI()
 
+	s.expectSecretAccessQuery(1)
+
 	s.secretsState.EXPECT().ListSecrets(state.SecretsFilter{
 		OwnerTags: []names.Tag{
 			names.NewUnitTag("mariadb/0"),
@@ -930,6 +934,15 @@ func (s *SecretsManagerSuite) TestGetSecretContentForAppSecretUpdateLabelNotLead
 	s.leadership.EXPECT().LeadershipCheck("mariadb", "mariadb/0").Return(s.token)
 	s.token.EXPECT().Check().Return(leadership.NewNotLeaderError("mariadb/0", "mariadb"))
 
+	s.secretsConsumer.EXPECT().GetSecretConsumer(uri, s.authTag).
+		Return(nil, errors.NotFoundf("secret consumer"))
+	s.secretsState.EXPECT().GetSecret(uri).Return(&coresecrets.SecretMetadata{LatestRevision: 668}, nil)
+	s.secretsConsumer.EXPECT().SaveSecretConsumer(
+		uri, names.NewUnitTag("mariadb/0"), &coresecrets.SecretConsumerMetadata{Label: "foo", LatestRevision: 668, CurrentRevision: 668}).Return(nil)
+	s.secretsState.EXPECT().GetSecretValue(uri, 668).Return(
+		val, nil, nil,
+	)
+
 	results, err := s.facade.GetSecretContentInfo(params.GetSecretContentArgs{
 		Args: []params.GetSecretContentArg{
 			{URI: uri.String(), Label: "foo"},
@@ -938,7 +951,7 @@ func (s *SecretsManagerSuite) TestGetSecretContentForAppSecretUpdateLabelNotLead
 	c.Assert(err, jc.ErrorIsNil)
 	c.Assert(results, jc.DeepEquals, params.SecretContentResults{
 		Results: []params.SecretContentResult{{
-			Error: &params.Error{Message: "only unit leaders can update an application owned secret label"},
+			Content: params.SecretContentParams{Data: data},
 		}},
 	})
 }

caas/kubernetes/provider/bootstrap.go

@@ -71,7 +71,9 @@ const (
 	mongoDBContainerName   = "mongodb"
 	apiServerContainerName = "api-server"
 
-	startupGraceTime = 300
+	// startupGraceTime is the number of seconds afforded to startup probes to
+	// become successful before considering them a failure.
+	startupGraceTime = 600
 
 	apiServerStartupProbeInitialDelay = 3
 	apiServerStartupProbeTimeout      = 3
@@ -84,6 +86,12 @@ const (
 	apiServerLivenessProbePeriod       = 5
 	apiServerLivenessProbeSuccess      = 1
 	apiServerLivenessProbeFailure      = 2
+
+	mongoDBStartupProbeInitialDelay = 1
+	mongoDBStartupProbeTimeout      = 1
+	mongoDBStartupProbePeriod       = 5
+	mongoDBStartupProbeSuccess      = 1
+	mongoDBStartupProbeFailure      = startupGraceTime / mongoDBStartupProbePeriod
 )
 
 type controllerServiceSpec struct {
@@ -1320,11 +1328,11 @@ func (c *controllerStack) controllerContainers(setupCmd, machineCmd, controllerI
 			ProbeHandler: core.ProbeHandler{
 				Exec: probeCmds,
 			},
-			FailureThreshold:    startupGraceTime / 5,
-			InitialDelaySeconds: 1,
-			PeriodSeconds:       5,
-			SuccessThreshold:    1,
-			TimeoutSeconds:      1,
+			FailureThreshold:    mongoDBStartupProbeFailure,
+			InitialDelaySeconds: mongoDBStartupProbeInitialDelay,
+			PeriodSeconds:       mongoDBStartupProbePeriod,
+			SuccessThreshold:    mongoDBStartupProbeSuccess,
+			TimeoutSeconds:      mongoDBStartupProbeTimeout,
 		},
 		VolumeMounts: []core.VolumeMount{
 			{

cloudconfig/userdatacfg_unix.go

@@ -83,6 +83,9 @@ rm -rf /var/lib/juju/tools/*
 echo "removing /var/lib/juju/db/*"
 rm -rf /var/lib/juju/db/*
 
+echo "removing /var/lib/juju/dqlite/*"
+rm -rf /var/lib/juju/dqlite/*
+
 echo "removing /var/lib/juju/raft/*"
 rm -rf /var/lib/juju/raft/*
 

cmd/juju/application/config.go

@@ -253,23 +253,6 @@ func (c *configCommand) setConfig(client ApplicationAPI, ctx *cmd.Context) error
 		return errors.Trace(err)
 	}
 
-	result, err := client.Get(c.branchName, c.applicationName)
-	if err != nil {
-		return errors.Trace(err)
-	}
-
-	for k, v := range settings {
-		configValue := result.CharmConfig[k]
-
-		configValueMap, ok := configValue.(map[string]interface{})
-		if ok {
-			// convert the value to string and compare
-			if fmt.Sprintf("%v", configValueMap["value"]) == v {
-				logger.Warningf("the configuration setting %q already has the value %q", k, v)
-			}
-		}
-	}
-
 	err = client.SetConfig(c.branchName, c.applicationName, "", settings)
 	return errors.Trace(block.ProcessBlockedError(err, block.BlockChange))
 }

cmd/juju/application/config_test.go

@@ -360,12 +360,8 @@ func (s *configCommandSuite) TestSetSameValue(c *gc.C) {
 		"username": "hello",
 		"outlook":  "[email protected]",
 	})
-	s.assertSetWarning(c, s.dir, []string{
-		"username=hello",
-	}, "the configuration setting \"username\" already has the value \"hello\"")
-	s.assertSetWarning(c, s.dir, []string{
-		"[email protected]",
-	}, "the configuration setting \"outlook\" already has the value \"[email protected]\"")
+	s.assertNoWarning(c, s.dir, []string{"username=hello"})
+	s.assertNoWarning(c, s.dir, []string{"[email protected]"})
 
 }
 
@@ -546,12 +542,12 @@ func (s *configCommandSuite) assertSetFail(c *gc.C, dir string, args []string, e
 	c.Assert(err, gc.ErrorMatches, expectErr)
 }
 
-func (s *configCommandSuite) assertSetWarning(c *gc.C, dir string, args []string, w string) {
+func (s *configCommandSuite) assertNoWarning(c *gc.C, dir string, args []string) {
 	cmd := application.NewConfigCommandForTest(s.fake, s.store)
 	cmd.SetClientStore(jujuclienttesting.MinimalStore())
 	_, err := cmdtesting.RunCommandInDir(c, cmd, append([]string{"dummy-application"}, args...), dir)
 	c.Assert(err, jc.ErrorIsNil)
-	c.Assert(strings.Replace(c.GetTestLog(), "\n", " ", -1), gc.Matches, ".*WARNING.*"+w+".*")
+	c.Assert(strings.Replace(c.GetTestLog(), "\n", " ", -1), gc.Not(gc.Matches), ".*WARNING.*")
 }
 
 // setupValueFile creates a file containing one value for testing

container/broker/instance_broker.go

@@ -33,7 +33,7 @@ var (
 )
 
 // NetConfigFunc returns a slice of NetworkConfig from a source config.
-type NetConfigFunc func(corenetwork.ConfigSource) ([]params.NetworkConfig, error)
+type NetConfigFunc func(corenetwork.ConfigSource) (corenetwork.InterfaceInfos, error)
 
 // Config describes the resources used by the instance broker.
 type Config struct {
@@ -170,7 +170,11 @@ func acquireLock(config Config) func(string, <-chan struct{}) (func(), error) {
 
 func observeNetwork(config Config) func() ([]params.NetworkConfig, error) {
 	return func() ([]params.NetworkConfig, error) {
-		return config.GetNetConfig(corenetwork.DefaultConfigSource())
+		interfaceInfos, err := config.GetNetConfig(corenetwork.DefaultConfigSource())
+		if err != nil {
+			return nil, err
+		}
+		return params.NetworkConfigFromInterfaceInfo(interfaceInfos), nil
 	}
 }