Add model last login to domain

[Aflynn50]

Juju stores the time each user last logged in to each model. It previously did this via a collection in mongo. This PR adds a table to the access service that tracks the users last logins.

The last login column is removed from the user table and the users last login is instead calculated by selecting the most recent login by that user to any model from the new table.

Currently we are double writing the last login to mongo and to DQLite but a subsequent PR will remove the need to do that by replacing all the remaining last login calls.

The tests for ListModels in the model-manager are currently commented out so this functionality is tests. I had a go at fixing the tests but realised that ListModels itself does not work as expected and fixing that is out of scope of this PR. I have coordinated with @tlm and he will land a patch for this soon.

Checklist

• Code style: imports ordered, good names, simple structure, etc
• Comments saying why design decisions were made
• Go unit tests, with comments saying what you're testing

QA steps

The QA for this PR is a little difficult since the login and permissions stories are currently in flux. Specifically, when a is granted access to a model and logs in they do not see the model when they do juju models (this is likely because of the changes by @tlm that move ListModels to use state). There is also the issue that adding a model and accessing it does not trigger the expected login code and therefore, new models added do not have their last login updated.

The extent of the QA possible right now is:

$ juju bootstrap lxd test-controller
$ juju models
Controller: test-controller

Model       Cloud/Region  Type  Status     Machines  Units  Access  Last connection
controller  lxd/default   lxd   available         1      1  admin   just now

In the future, it should be possible to add a model and see that the last connection is just now. For the moment it says never connected.

$ juju add-model default
$ juju models
Controller: test-controller

Model       Cloud/Region  Type  Status     Machines  Units  Access  Last connection
controller  lxd/default   lxd   available         1      1  admin   just now
default*    lxd/default   lxd   available         0      -  admin   never connected

It should also be possible to see the last logins of other users, however listing the models of other users is currently not working. You should be able to do:

$ juju add-user test-user
$ juju change-user-password test-user
$ juju grant test-user admin default
$ juju models --user test-user
// Or instead of listing the models as the admin, you could do
$ juju logout 
$ juju login -u test-user -c test-controller
$ juju models

Links

Jira card: JUJU-5835

[manadart]

Given that it's the access (user) service, put the name first as the most relevant argument.

[Aflynn50]

Good point, changed for this and for LastModelLogin as well

[manadart]

This won't work. It limits the whole query to one row.

If you treat the max as a dummy value, you can still select time, because you're grouping by the user.

SELECT time AS last_login, user_uuid, MAX(time) as _.

[Aflynn50]

Ah nice, changed to that

[hmlanigan]

@Aflynn50 please run the (cd tests ; ./main.sh user) tests with this work. They are failing in CI and I believe this PR will fix them.

[tlm]

Hey @Aflynn50,

Thanks for the pickup on the bug. I have a had a look at the code and I think the bug has always been there I just manage to re-implement the bug in DQlite perfectly.

Under the way it use to be for state we called ModelBasicInfoForUser passing in the requested user tag to run the query against and also isAdmin which is a bool for the currently logged in user and not that of the user we are necessarily querying about. For this example we will say the logged in user is Bob who is an admin and Bob is querying about Joes models.
See:

juju/apiserver/facades/client/modelmanager/modelmanager.go

Line 769 in 5be5c43

modelInfos, err := m.state.ModelBasicInfoForUser(userTag, m.isAdmin)

ModelBasicInfoForUser calls ModelBasicInfoForUser https://github.com/juju/juju/blob/5be5c4376d052fdaf34b1da802dec7a8148a40ab/state/modeluser.go#L210 which looks at the isAdmin flag. and decides what query to run. Now because Bob is an admin we will get all models and return them even though we have asked about only Joes models.

Take a look at the 3.6 branch and see if you can confirm that this was already a bug we had and I have just managed to replicate it in Dqlite?

Assuming the above is correct I think we just need to decide what the logic should be and I am happy to throw in the change.

[tlm]

Thanks @Aflynn50, this is a very nice PR!

[tlm]

Small nit..... I am wondering if the arg order need to be swapped around here to be ctx, model id, user id. To align with how we are asking the question. i.e For this model when did this user last login.

[Aflynn50]

I checked with Joe about this, we decided that the user should go first because this is on the user service. I see your point though, I did have it the other way round originally

[tlm]

Please disregard if you don't agree. I am not sure the "connected" part here make a lot of sense. Connected isn't a term we currently use for Juju to describe model access and could be confusing we we are trying to rationalise what connected means.

Maybe simply "accessed" is what we are after?

[Aflynn50]

Accessed sounds better, I'll change it. I copied this over from state where there were two confusingly similar concepts of a user logging in and a user connecting to a model. This PR replaces them with just the concept of login so this should go as well.

Could there be any problem with changing the wording of this error w.r.t. public APIs? I assume its something we can change with the move to 4.0 if there was but it would be good to know if changes to error messages like this could require changes in external clients.

[tlm]

No we will be fine changing wording. A lot of errors strings from deep in Juju end up a user errors unfortunately. Time and determination will fix this.

[tlm]

I left a comment below around the term "connected" but I see why you chose it. To match what we already had.

[Aflynn50]

Yep :)

[tlm]

nit..... We can combine these to if checks together and remove a line of indentation.

[Aflynn50]

Combining them would change the behavior. In the case where the error is UserNeverAccessedModel then combining them would cause it to be set to lastConn which it is not currently.

I'll change this clause to make it more explicit in setting lastConn to nil because right now its a bit obfuscated.

[tlm]

Same comments as below for fetching. I think the argument order needs to be swapped here.

[Aflynn50]

See reply on LastModelLogin for why the user name is first.

[tlm]

There should probably exist a modelerrors.NotFound in this list for LastModelLogin ?

[Aflynn50]

Currently the error returned in that case would be UserNeverAccessedModel. I've just changed it now though to do a check for a missing model in the case that it gets an ErrorNoRows from the database so that we return the correct error in that case. I've added it now to this comment too.

[tlm]

Because this is a left join now what happens when last_login is null or empty string. Do we default off to the zero value of time?

[Aflynn50]

We do yea. I'm not changing the behavior from before here, though whether its right is a different matter.
IMO the field on user should really be a pointer to time.Time. I'll check with the others if we should change this.

[Aflynn50]

Just discussed this with the team. They're happy just leaving it as a non pointer and doing checkers for the 0 unix time rather than risking nil pointer errors.

[tlm]

Can we please add more context to this error?

fmt.Errorf("updating last model login for user %q on model %q: %w")

[Aflynn50]

Added.

[tlm]

Random question and thought. Currently we don't check to see if the model actually exists? Should we use a left join and do the work so we can be explicit and strict or no?

Happy to go either way. Just asking the question :)

[Aflynn50]

Yea this is a good point. I've added a check in the case that we get no rows from the query to model last login. This way we're not doing the extra work when we don't need to but we are ensuring that it exists when it should.

[tlm]

Should this be NOT NULL?

[Aflynn50]

Good point, added a not null.

I had left it as nullable because ideally we would actually insert a row in here on user creation (with a null timestamp) and use a update to add last logins. As it is we use an upsert to add the row in. I discussed this with Joe and right now we don't have a centralised place where we add users so we're not really ready to switch to doing that.

[manadart]

Some comments.

[manadart]

it doesn't seem like you're ever testing the scenario where a valid time is returned.

[Aflynn50]

True, I've added an actual value to TestListModelSummaries to test it there and reverted the change that removes it here. The others I have left as UserNeverAccessedModel.

[manadart]

Indent the join so it's under v_user_last_login.

[manadart]

Indent here too.

[manadart]

Given that deletion is a soft delete, and we haven't actually removed the record, there's no need to delete these entries. They might even prove useful for auditing purposes.

[Aflynn50]

Ok, I'll remove this deletion

[manadart]

Should be hard to the left, with vertical justification after the keywords.

[manadart]

/build

[manadart]

Thanks for seeing all the changes through.

I was able to create a new user/model and verify directly against the DB that last login times are written as appropriate.

[manadart]

/merge