feat: allow login token refresh url to be overriden (#1806)

Author: kian99

internal/jimm/bootstrap/bootstrap.go

@@ -456,7 +456,7 @@ func (b *bootstrapManager) runBootstrap(
 			CloudNameAndRegion:   p.CloudNameAndRegion,
 			ControllerName:       p.ControllerName,
 			AgentVersion:         p.AgentVersion,
-			LoginTokenRefreshURL: p.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: p.LoginTokenRefreshURL,
 			PersonalCloud:        p.PersonalCloud,
 			CloudCred:            p.CloudCred,
 			UserConfig:           p.UserConfig,

internal/jimm/bootstrap/bootstrap_test.go

@@ -402,7 +402,7 @@ func (s *bootstrapManagerSuite) TestBootstrapJob(c *qt.C) {
 			CloudNameAndRegion:   jobParams.CloudNameAndRegion,
 			ControllerName:       jobParams.ControllerName,
 			AgentVersion:         jobParams.AgentVersion,
-			LoginTokenRefreshURL: jobParams.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: jobParams.LoginTokenRefreshURL,
 			PersonalCloud:        jobParams.PersonalCloud,
 			CloudCred:            jobParams.CloudCred,
 		},
@@ -670,7 +670,7 @@ func (s *bootstrapManagerSuite) TestBootstrapJob_ExecutorFails(c *qt.C) {
 			CloudNameAndRegion:   jobParams.CloudNameAndRegion,
 			ControllerName:       jobParams.ControllerName,
 			AgentVersion:         jobParams.AgentVersion,
-			LoginTokenRefreshURL: jobParams.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: jobParams.LoginTokenRefreshURL,
 			PersonalCloud:        jobParams.PersonalCloud,
 			CloudCred:            jobParams.CloudCred,
 		},
@@ -743,7 +743,7 @@ func (s *bootstrapManagerSuite) TestBootstrapJob_ReturnsEarlyIfLineErrors(c *qt.
 			CloudNameAndRegion:   jobParams.CloudNameAndRegion,
 			ControllerName:       jobParams.ControllerName,
 			AgentVersion:         jobParams.AgentVersion,
-			LoginTokenRefreshURL: jobParams.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: jobParams.LoginTokenRefreshURL,
 			PersonalCloud:        jobParams.PersonalCloud,
 			CloudCred:            jobParams.CloudCred,
 		},
@@ -823,7 +823,7 @@ func (s *bootstrapManagerSuite) TestBootstrapJob_ClientStoreFailsToGetController
 			CloudNameAndRegion:   jobParams.CloudNameAndRegion,
 			ControllerName:       jobParams.ControllerName,
 			AgentVersion:         jobParams.AgentVersion,
-			LoginTokenRefreshURL: jobParams.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: jobParams.LoginTokenRefreshURL,
 			PersonalCloud:        jobParams.PersonalCloud,
 			CloudCred:            jobParams.CloudCred,
 		},
@@ -941,7 +941,7 @@ func (s *bootstrapManagerSuite) TestBootstrapJob_ClientStoreFailsToGetAccountDet
 			CloudNameAndRegion:   jobParams.CloudNameAndRegion,
 			ControllerName:       jobParams.ControllerName,
 			AgentVersion:         jobParams.AgentVersion,
-			LoginTokenRefreshURL: jobParams.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: jobParams.LoginTokenRefreshURL,
 			PersonalCloud:        jobParams.PersonalCloud,
 			CloudCred:            jobParams.CloudCred,
 		},
@@ -1059,7 +1059,7 @@ func (s *bootstrapManagerSuite) TestBootstrapJob_JujuManagerFailsToAddController
 			CloudNameAndRegion:   jobParams.CloudNameAndRegion,
 			ControllerName:       jobParams.ControllerName,
 			AgentVersion:         jobParams.AgentVersion,
-			LoginTokenRefreshURL: jobParams.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: jobParams.LoginTokenRefreshURL,
 			PersonalCloud:        jobParams.PersonalCloud,
 			CloudCred:            jobParams.CloudCred,
 		},
@@ -1197,7 +1197,7 @@ func (s *bootstrapManagerSuite) TestBootstrapJob_CleanupControllerFailure(c *qt.
 			CloudNameAndRegion:   jobParams.CloudNameAndRegion,
 			ControllerName:       jobParams.ControllerName,
 			AgentVersion:         jobParams.AgentVersion,
-			LoginTokenRefreshURL: jobParams.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: jobParams.LoginTokenRefreshURL,
 			PersonalCloud:        jobParams.PersonalCloud,
 			CloudCred:            jobParams.CloudCred,
 		},
@@ -1331,7 +1331,7 @@ func (s *bootstrapManagerSuite) TestBootstrapJob_CancelledJob(c *qt.C) {
 			CloudNameAndRegion:   jobParams.CloudNameAndRegion,
 			ControllerName:       jobParams.ControllerName,
 			AgentVersion:         jobParams.AgentVersion,
-			LoginTokenRefreshURL: jobParams.LoginTokenRefreshURL,
+			DefaultLoginTokenURL: jobParams.LoginTokenRefreshURL,
 			PersonalCloud:        jobParams.PersonalCloud,
 			CloudCred:            jobParams.CloudCred,
 		},

internal/jujucommands/bootstrap.go

@@ -28,7 +28,7 @@ type BootstrapCmdParams struct {
 	CloudNameAndRegion   string
 	ControllerName       string
 	AgentVersion         string
-	LoginTokenRefreshURL string
+	DefaultLoginTokenURL string
 
 	// Additional args required (like adding credential, cloud, etc.) but JIMM will handle.
 
@@ -59,11 +59,7 @@ func (b BootstrapCmdParams) Validate() error {
 		}
 	}
 
-	if _, ok := b.UserConfig[loginTokenRefreshURLKey]; ok {
-		return fmt.Errorf("%q is a reserved config key and cannot be set in user config", loginTokenRefreshURLKey)
-	}
-
-	if b.LoginTokenRefreshURL == "" {
+	if b.DefaultLoginTokenURL == "" {
 		return errors.New("missing login token refresh URL, this value should be automatically set by JIMM")
 	}
 
@@ -76,14 +72,24 @@ func (b BootstrapCmdParams) BuildBootstrapCmdArgs() []string {
 	args = append(args, "bootstrap")
 
 	args = append(args, "--config")
-	args = append(args, fmt.Sprintf("login-token-refresh-url=%s", b.LoginTokenRefreshURL))
+
+	// Allow the user to override the login token refresh URL.
+	// Skip adding it later to avoid duplication.
+	loginTokenRefreshURL := b.DefaultLoginTokenURL
+	if v, ok := b.UserConfig[loginTokenRefreshURLKey]; ok {
+		loginTokenRefreshURL = v
+	}
+	args = append(args, fmt.Sprintf("login-token-refresh-url=%s", loginTokenRefreshURL))
 
 	// Conditionally add --agent-version if set
 	if b.AgentVersion != "" {
 		args = append(args, fmt.Sprintf("--agent-version=%s", b.AgentVersion))
 	}
 
 	for k, v := range b.UserConfig {
+		if k == loginTokenRefreshURLKey {
+			continue
+		}
 		args = append(args, "--config")
 		args = append(args, fmt.Sprintf("%s=%s", k, fmt.Sprint(v)))
 	}

internal/jujucommands/bootstrap_test.go

@@ -27,7 +27,7 @@ func (s *jujucommandsSuite) TestBootstrapCmdParams_Validate(c *qt.C) {
 	p.ControllerName = "my-controller"
 	c.Assert(p.Validate(), qt.ErrorMatches, "missing login token refresh URL, this value should be automatically set by JIMM")
 
-	p.LoginTokenRefreshURL = "myurl.com"
+	p.DefaultLoginTokenURL = "myurl.com"
 	c.Assert(p.Validate(), qt.IsNil)
 
 	p.AgentVersion = "bad version"
@@ -37,6 +37,30 @@ func (s *jujucommandsSuite) TestBootstrapCmdParams_Validate(c *qt.C) {
 	c.Assert(p.Validate(), qt.IsNil)
 }
 
+func (s *jujucommandsSuite) TestBootstrapCmdParams_LoginTokenRefreshURLOverrideFromUserConfig(c *qt.C) {
+	p := jujucommands.BootstrapCmdParams{
+		CloudNameAndRegion:   "testregion/testcloud",
+		ControllerName:       "my-controller",
+		DefaultLoginTokenURL: "https://default.example/.well-known/jwks.json",
+		UserConfig: map[string]string{
+			"bootstrap-timeout":       "1000",
+			"login-token-refresh-url": "https://override.example/.well-known/jwks.json",
+		},
+	}
+
+	args := p.BuildBootstrapCmdArgs()
+	c.Assert(args, qt.DeepEquals, []string{
+		"bootstrap",
+		"--config",
+		"login-token-refresh-url=https://override.example/.well-known/jwks.json",
+		"--config",
+		"bootstrap-timeout=1000",
+		"testregion/testcloud",
+		"my-controller",
+		fmt.Sprintf("--bootstrap-constraints=arch=%s", runtime.GOARCH),
+	})
+}
+
 func (s *jujucommandsSuite) TestBootstrapCmdParams_BuildBootstrapCmdArgs(c *qt.C) {
 	tests := []struct {
 		name   string
@@ -49,7 +73,7 @@ func (s *jujucommandsSuite) TestBootstrapCmdParams_BuildBootstrapCmdArgs(c *qt.C
 				CloudNameAndRegion:   "testregion/testcloud",
 				ControllerName:       "my-controller",
 				AgentVersion:         "1.1.1",
-				LoginTokenRefreshURL: "myurl.com",
+				DefaultLoginTokenURL: "myurl.com",
 				UserConfig: map[string]string{
 					"bootstrap-timeout": "1000",
 				},
@@ -72,7 +96,7 @@ func (s *jujucommandsSuite) TestBootstrapCmdParams_BuildBootstrapCmdArgs(c *qt.C
 				CloudNameAndRegion:   "testregion/testcloud",
 				ControllerName:       "my-controller",
 				AgentVersion:         "",
-				LoginTokenRefreshURL: "myurl.com",
+				DefaultLoginTokenURL: "myurl.com",
 				UserConfig: map[string]string{
 					"bootstrap-timeout": "1000",
 				},
@@ -94,7 +118,7 @@ func (s *jujucommandsSuite) TestBootstrapCmdParams_BuildBootstrapCmdArgs(c *qt.C
 				CloudNameAndRegion:   "testregion/testcloud",
 				ControllerName:       "my-controller",
 				AgentVersion:         "",
-				LoginTokenRefreshURL: "myurl.com",
+				DefaultLoginTokenURL: "myurl.com",
 			},
 			expect: []string{
 				"bootstrap",
@@ -142,7 +166,7 @@ func (s *jujucommandsSuite) TestBootstrapCmdParams_RunBootstrapCmd_PersonalCloud
 		CloudNameAndRegion:   "testcloud/testregion",
 		ControllerName:       "my-controller",
 		AgentVersion:         "1.1.1",
-		LoginTokenRefreshURL: "myurl.com",
+		DefaultLoginTokenURL: "myurl.com",
 
 		PersonalCloud: jujucloud.Cloud{
 			Type: "lxd",
@@ -218,7 +242,7 @@ func (s *jujucommandsSuite) TestBootstrapCmdParams_RunBootstrapCmd_PublicCloudWr
 		CloudNameAndRegion:   "aws/us-east-1",
 		ControllerName:       "my-controller",
 		AgentVersion:         "1.1.1",
-		LoginTokenRefreshURL: "myurl.com",
+		DefaultLoginTokenURL: "myurl.com",
 
 		CloudCred: cloudCred,
 	}