chore: merge branch '3.6'

Author: wallyworld

caas/broker.go

@@ -15,7 +15,6 @@ import (
 	"github.com/juju/juju/core/devices"
 	"github.com/juju/juju/core/network"
 	"github.com/juju/juju/core/resource"
-	"github.com/juju/juju/core/secrets"
 	"github.com/juju/juju/core/status"
 	"github.com/juju/juju/environs"
 	"github.com/juju/juju/internal/docker"
@@ -193,12 +192,6 @@ type Broker interface {
 	// ServiceManager provides an API for creating and watching services.
 	ServiceManager
 
-	// SecretsProvider provides an API for accessing the broker interface for managing secret k8s provider resources.
-	SecretsProvider
-
-	// SecretsBackend provides an API for managing Juju secrets.
-	SecretsBackend
-
 	// ModelOperatorManager provides an API for deploying operators for
 	// individual models.
 	ModelOperatorManager
@@ -225,24 +218,6 @@ type ApplicationBroker interface {
 	AnnotateUnit(ctx context.Context, appName string, podName string, unit names.UnitTag) error
 }
 
-// SecretsProvider provides an API for accessing the broker interface for managing secret k8s provider resources.
-type SecretsProvider interface {
-	// EnsureSecretAccessToken ensures the secret related RBAC resources for the provided entity.
-	EnsureSecretAccessToken(ctx context.Context, unitName string, owned, read, removed []string) (string, error)
-}
-
-// SecretsBackend provides an API for managing Juju secrets.
-type SecretsBackend interface {
-	// SaveJujuSecret saves a secret, returning an id used to access the secret later.
-	SaveJujuSecret(ctx context.Context, name string, value secrets.SecretValue) (string, error)
-
-	// GetJujuSecret gets the content of a Juju secret.
-	GetJujuSecret(ctx context.Context, id string) (secrets.SecretValue, error)
-
-	// DeleteJujuSecret deletes a Juju secret.
-	DeleteJujuSecret(ctx context.Context, id string) error
-}
-
 // ModelOperatorManager provides an API for deploying operators for individual
 // models.
 type ModelOperatorManager interface {

caas/kubernetes/cloud/credential.go

@@ -21,7 +21,7 @@ const (
 	CredAttrClientCertificateData = "ClientCertificateData"
 	// CredAttrClientKeyData is the attribute key for client certificate key credentials
 	CredAttrClientKeyData = "ClientKeyData"
-	// CredAttrToken is the attribute key for outh2 token credentials
+	// CredAttrToken is the attribute key for oauth2 token credentials
 	CredAttrToken = "Token"
 	// RBACLabelKeyName key id for rbac credential labels
 	RBACLabelKeyName = "rbac-id"
@@ -82,7 +82,7 @@ var SupportedCredentialSchemas = map[cloud.AuthType]cloud.CredentialSchema{
 	},
 }
 
-// LegacyCredentialsSchemas represents legacy credentials schemas that Juju used
+// LegacyCredentialSchemas represents legacy credentials schemas that Juju used
 // to output but still need to be supported to maintain working Kubernetes
 // support. These types should be liberally allowed as input but not used as
 // new output from Juju. This change was introduced by tlm in juju 2.9

caas/kubernetes/provider/export_test.go

@@ -35,7 +35,6 @@ var (
 
 	UpdateStrategyForStatefulSet = updateStrategyForStatefulSet
 	DecideKubeConfigDir          = decideKubeConfigDir
-	RulesForSecretAccess         = rulesForSecretAccess
 )
 
 type (

caas/kubernetes/provider/provider.go

@@ -171,37 +171,32 @@ func (p kubernetesEnvironProvider) Open(ctx stdcontext.Context, args environs.Op
 		return nil, errors.Trace(err)
 	}
 
-	if args.Config.Name() != environsbootstrap.ControllerModelName {
-		broker, err := newK8sBroker(
-			ctx, args.ControllerUUID, k8sRestConfig, args.Config, args.Config.Name(), NewK8sClients, newRestClient,
-			k8swatcher.NewKubernetesNotifyWatcher, k8swatcher.NewKubernetesStringsWatcher, utils.RandomPrefix,
-			jujuclock.WallClock)
-		if err != nil {
-			return nil, errors.Trace(err)
-		}
-		return broker, nil
+	namespace, err := NamespaceForModel(ctx, args.Config.Name(), args.ControllerUUID, k8sRestConfig)
+	if err != nil && !errors.Is(err, errors.NotFound) {
+		return nil, err
 	}
 
+	return newK8sBroker(ctx,
+		args.ControllerUUID, k8sRestConfig, args.Config, namespace,
+		NewK8sClients, newRestClient, k8swatcher.NewKubernetesNotifyWatcher, k8swatcher.NewKubernetesStringsWatcher,
+		utils.RandomPrefix, jujuclock.WallClock)
+}
+
+// NamespaceForModel returns the namespace which is associated with the specified model.
+func NamespaceForModel(ctx context.Context, modelName string, controllerUUID string, k8sRestConfig *rest.Config) (string, error) {
+	if modelName != environsbootstrap.ControllerModelName {
+		return modelName, nil
+	}
 	k8sClient, _, _, err := NewK8sClients(k8sRestConfig)
 	if err != nil {
-		return nil, errors.Trace(err)
+		return "", errors.Trace(err)
 	}
 
-	ns, err := findControllerNamespace(ctx, k8sClient, args.ControllerUUID)
-	if errors.Is(err, errors.NotFound) {
-		// The controller is currently bootstrapping.
-		return newK8sBroker(
-			ctx, args.ControllerUUID, k8sRestConfig, args.Config, "",
-			NewK8sClients, newRestClient, k8swatcher.NewKubernetesNotifyWatcher, k8swatcher.NewKubernetesStringsWatcher,
-			utils.RandomPrefix, jujuclock.WallClock)
-	} else if err != nil {
-		return nil, err
+	ns, err := findControllerNamespace(ctx, k8sClient, controllerUUID)
+	if err != nil {
+		return "", errors.Trace(err)
 	}
-
-	return newK8sBroker(
-		ctx, args.ControllerUUID, k8sRestConfig, args.Config, ns.Name,
-		NewK8sClients, newRestClient, k8swatcher.NewKubernetesNotifyWatcher, k8swatcher.NewKubernetesStringsWatcher,
-		utils.RandomPrefix, jujuclock.WallClock)
+	return ns.Name, nil
 }
 
 // CloudSchema returns the schema for adding new clouds of this type.