Revoking cloud credentials leaves models in a bad state where they cannot be destroyed, because the cloud provider resources cannot be cleaned up without them.
This change introduces a global model refcount on cloud credentials and adds a method Cloud.RemoveCredential, which returns an error if the cloud credential is used by any models. This method should be used by user agents such as the GUI.
Cloud.RevokeCredential will continue to unconditionally remove cloud credentials even if in use.
Because state.NewModel increments the cloud credential ref count and is used when importing a model during migration, I do not think any special migration changes are necessary for this change.
Description of change
Why is this change needed?
We need to prevent casual revocation of cloud credentials through the API which are in-use by models.
QA steps
How do we verify that the change works?
An API call to "Cloud.RevokeCredential" will error if the credential is used by any models, unless the force parameter is true.
Documentation changes
Does it affect current user workflow? CLI? API?
It changes the API and the GUI team will need to handle the error.
Bug reference
Does this change fix a bug? Please add a link to it.
It somewhat mitigates, but does not completely fix LP:#1700434. However, this change can improve the usability of Juju by preventing the user from inadvertently putting Juju in a state where cloud resources previously allocated cannot be cleaned up.
该提问来源于开源项目:juju/juju
