feat: juju_charm datasource and a upgrades.tf file

terraform/cos-lite/README.md

@@ -26,8 +26,8 @@ This is a Terraform module facilitating the deployment of the COS Lite solution,
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_alertmanager"></a> [alertmanager](#input\_alertmanager) | Application configuration for Alertmanager. For more details: https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application | <pre>object({<br/>    app_name           = optional(string, "alertmanager")<br/>    config             = optional(map(string), {})<br/>    constraints        = optional(string, "arch=amd64")<br/>    revision           = optional(number, null)<br/>    storage_directives = optional(map(string), {})<br/>    units              = optional(number, 1)<br/>  })</pre> | `{}` | no |
+| <a name="input_base"></a> [base](#input\_base) | The operating system on which to deploy. E.g. ubuntu@22.04. Changing this value for machine charms will trigger a replace by terraform. Check Charmhub for per-charm base support. | `string` | `"ubuntu@24.04"` | no |
 | <a name="input_catalogue"></a> [catalogue](#input\_catalogue) | Application configuration for Catalogue. For more details: https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application | <pre>object({<br/>    app_name           = optional(string, "catalogue")<br/>    config             = optional(map(string), {})<br/>    constraints        = optional(string, "arch=amd64")<br/>    revision           = optional(number, null)<br/>    storage_directives = optional(map(string), {})<br/>    units              = optional(number, 1)<br/>  })</pre> | `{}` | no |
-| <a name="input_channel"></a> [channel](#input\_channel) | Channel that the applications are (unless overwritten by individual channels) deployed from | `string` | `"dev/edge"` | no |
 | <a name="input_external_ca_cert_offer_url"></a> [external\_ca\_cert\_offer\_url](#input\_external\_ca\_cert\_offer\_url) | A Juju offer URL (e.g. admin/external-ca.send-ca-cert) of a CA providing the 'certificate\_transfer' integration for applications to trust ingress via Traefik. | `string` | `null` | no |
 | <a name="input_external_certificates_offer_url"></a> [external\_certificates\_offer\_url](#input\_external\_certificates\_offer\_url) | A Juju offer URL (e.g. admin/external-ca.certificates) of a CA providing the 'tls\_certificates' integration for Traefik to supply it with server certificates. | `string` | `null` | no |
 | <a name="input_grafana"></a> [grafana](#input\_grafana) | Application configuration for Grafana. For more details: https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application | <pre>object({<br/>    app_name           = optional(string, "grafana")<br/>    config             = optional(map(string), {})<br/>    constraints        = optional(string, "arch=amd64")<br/>    revision           = optional(number, null)<br/>    storage_directives = optional(map(string), {})<br/>    units              = optional(number, 1)<br/>  })</pre> | `{}` | no |
@@ -36,6 +36,7 @@ This is a Terraform module facilitating the deployment of the COS Lite solution,
 | <a name="input_loki"></a> [loki](#input\_loki) | Application configuration for Loki. For more details: https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application | <pre>object({<br/>    app_name           = optional(string, "loki")<br/>    config             = optional(map(string), {})<br/>    constraints        = optional(string, "arch=amd64")<br/>    revision           = optional(number, null)<br/>    storage_directives = optional(map(string), {})<br/>    units              = optional(number, 1)<br/>  })</pre> | `{}` | no |
 | <a name="input_model_uuid"></a> [model\_uuid](#input\_model\_uuid) | Reference to an existing model resource or data source for the model to deploy to | `string` | n/a | yes |
 | <a name="input_prometheus"></a> [prometheus](#input\_prometheus) | Application configuration for Prometheus. For more details: https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application | <pre>object({<br/>    app_name           = optional(string, "prometheus")<br/>    config             = optional(map(string), {})<br/>    constraints        = optional(string, "arch=amd64")<br/>    revision           = optional(number, null)<br/>    storage_directives = optional(map(string), {})<br/>    units              = optional(number, 1)<br/>  })</pre> | `{}` | no |
+| <a name="input_risk"></a> [risk](#input\_risk) | Risk level that the applications are (unless overwritten by individual channels) deployed from | `string` | `"edge"` | no |
 | <a name="input_ssc"></a> [ssc](#input\_ssc) | Application configuration for self-signed-certificates. For more details: https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application | <pre>object({<br/>    app_name           = optional(string, "ca")<br/>    channel            = optional(string, "1/stable")<br/>    config             = optional(map(string), {})<br/>    constraints        = optional(string, "arch=amd64")<br/>    revision           = optional(number, null)<br/>    storage_directives = optional(map(string), {})<br/>    units              = optional(number, 1)<br/>  })</pre> | `{}` | no |
 | <a name="input_traefik"></a> [traefik](#input\_traefik) | Application configuration for Traefik. For more details: https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application | <pre>object({<br/>    app_name           = optional(string, "traefik")<br/>    channel            = optional(string, "latest/stable")<br/>    config             = optional(map(string), {})<br/>    constraints        = optional(string, "arch=amd64")<br/>    revision           = optional(number, null)<br/>    storage_directives = optional(map(string), {})<br/>    units              = optional(number, 1)<br/>  })</pre> | `{}` | no |
 

terraform/cos-lite/applications.tf

@@ -1,83 +1,83 @@
 module "alertmanager" {
   source             = "git::https://github.com/canonical/alertmanager-k8s-operator//terraform"
   app_name           = var.alertmanager.app_name
-  channel            = var.channel
+  channel            = local.channels.alertmanager
   config             = var.alertmanager.config
   constraints        = var.alertmanager.constraints
   model_uuid         = var.model_uuid
-  revision           = var.alertmanager.revision
+  revision           = local.revisions.alertmanager
   storage_directives = var.alertmanager.storage_directives
   units              = var.alertmanager.units
 }
 
 module "catalogue" {
   source             = "git::https://github.com/canonical/catalogue-k8s-operator//terraform"
   app_name           = var.catalogue.app_name
-  channel            = var.channel
+  channel            = local.channels.catalogue
   config             = var.catalogue.config
   constraints        = var.catalogue.constraints
   model_uuid         = var.model_uuid
-  revision           = var.catalogue.revision
+  revision           = local.revisions.catalogue
   storage_directives = var.catalogue.storage_directives
   units              = var.catalogue.units
 }
 
 module "grafana" {
   source             = "git::https://github.com/canonical/grafana-k8s-operator//terraform"
   app_name           = var.grafana.app_name
-  channel            = var.channel
+  channel            = local.channels.grafana
   config             = var.grafana.config
   constraints        = var.grafana.constraints
   model_uuid         = var.model_uuid
-  revision           = var.grafana.revision
+  revision           = local.revisions.grafana
   storage_directives = var.grafana.storage_directives
   units              = var.grafana.units
 }
 
 module "loki" {
   source             = "git::https://github.com/canonical/loki-k8s-operator//terraform"
   app_name           = var.loki.app_name
-  channel            = var.channel
+  channel            = local.channels.loki
   config             = var.loki.config
   constraints        = var.loki.constraints
   model_uuid         = var.model_uuid
   storage_directives = var.loki.storage_directives
-  revision           = var.loki.revision
+  revision           = local.revisions.loki
   units              = var.loki.units
 }
 
 module "prometheus" {
   source             = "git::https://github.com/canonical/prometheus-k8s-operator//terraform"
   app_name           = var.prometheus.app_name
-  channel            = var.channel
+  channel            = local.channels.prometheus
   config             = var.prometheus.config
   constraints        = var.prometheus.constraints
   model_uuid         = var.model_uuid
   storage_directives = var.prometheus.storage_directives
-  revision           = var.prometheus.revision
+  revision           = local.revisions.prometheus
   units              = var.prometheus.units
 }
 
 module "ssc" {
   count       = var.internal_tls ? 1 : 0
   source      = "git::https://github.com/canonical/self-signed-certificates-operator//terraform"
   app_name    = var.ssc.app_name
-  channel     = var.ssc.channel
+  channel     = local.channels.ssc
   config      = var.ssc.config
   constraints = var.ssc.constraints
   model_uuid  = var.model_uuid
-  revision    = var.ssc.revision
+  revision    = local.revisions.ssc
   units       = var.ssc.units
 }
 
 module "traefik" {
   source             = "git::https://github.com/canonical/traefik-k8s-operator//terraform"
   app_name           = var.traefik.app_name
-  channel            = var.traefik.channel
+  channel            = local.channels.traefik
   config             = var.traefik.config
   constraints        = var.traefik.constraints
   model_uuid         = var.model_uuid
-  revision           = var.traefik.revision
+  revision           = local.revisions.traefik
   storage_directives = var.traefik.storage_directives
   units              = var.traefik.units
 }

terraform/cos-lite/locals.tf

@@ -0,0 +1,30 @@
+locals {
+  tls_termination = var.external_certificates_offer_url != null ? true : false
+  tracks = {
+    alertmanager = "0.31"
+    catalogue    = "3.0"
+    grafana      = "12.4"
+    loki         = "3.7"
+    prometheus   = "3.10"
+    ssc          = "latest"
+    traefik      = "latest"
+  }
+  channels = {
+    alertmanager = "${local.tracks.alertmanager}/${var.risk}"
+    catalogue    = "${local.tracks.catalogue}/${var.risk}"
+    grafana      = "${local.tracks.grafana}/${var.risk}"
+    loki         = "${local.tracks.loki}/${var.risk}"
+    prometheus   = "${local.tracks.prometheus}/${var.risk}"
+    ssc          = "${local.tracks.ssc}/${var.risk}"
+    traefik      = "${local.tracks.traefik}/${var.risk}"
+  }
+  revisions = {
+    alertmanager = var.alertmanager.revision != null ? var.alertmanager.revision : data.juju_charm.alertmanager_info.revision
+    catalogue    = var.catalogue.revision != null ? var.catalogue.revision : data.juju_charm.catalogue_info.revision
+    grafana      = var.grafana.revision != null ? var.grafana.revision : data.juju_charm.grafana_info.revision
+    loki         = var.loki.revision != null ? var.loki.revision : data.juju_charm.loki_info.revision
+    prometheus   = var.prometheus.revision != null ? var.prometheus.revision : data.juju_charm.prometheus_info.revision
+    ssc          = var.ssc.revision != null ? var.ssc.revision : data.juju_charm.ssc_info.revision
+    traefik      = var.traefik.revision != null ? var.traefik.revision : data.juju_charm.traefik_info.revision
+  }
+}

terraform/cos-lite/tests/revision_pin.tftest.hcl

@@ -0,0 +1,95 @@
+mock_provider "juju" {}
+
+variables { model_uuid = "00000000-0000-0000-0000-000000000000" }
+
+# --- User revision pin is respected and not overridden by juju_charm datasource ---
+
+run "user_revision_pin_is_respected" {
+  command = plan
+
+  variables {
+    alertmanager = { revision = 1 }
+    catalogue    = { revision = 2 }
+    grafana      = { revision = 3 }
+    loki         = { revision = 4 }
+    prometheus   = { revision = 5 }
+    ssc          = { revision = 6 }
+    traefik      = { revision = 7 }
+  }
+
+  assert {
+    condition     = local.revisions.alertmanager == 1
+    error_message = "Expected alertmanager revision 1, got ${local.revisions.alertmanager}"
+  }
+
+  assert {
+    condition     = local.revisions.catalogue == 2
+    error_message = "Expected catalogue revision 2, got ${local.revisions.catalogue}"
+  }
+
+  assert {
+    condition     = local.revisions.grafana == 3
+    error_message = "Expected grafana revision 3, got ${local.revisions.grafana}"
+  }
+
+  assert {
+    condition     = local.revisions.loki == 4
+    error_message = "Expected loki revision 4, got ${local.revisions.loki}"
+  }
+
+  assert {
+    condition     = local.revisions.prometheus == 5
+    error_message = "Expected prometheus revision 5, got ${local.revisions.prometheus}"
+  }
+
+  assert {
+    condition     = local.revisions.ssc == 6
+    error_message = "Expected ssc revision 6, got ${local.revisions.ssc}"
+  }
+
+  assert {
+    condition     = local.revisions.traefik == 7
+    error_message = "Expected traefik revision 7, got ${local.revisions.traefik}"
+  }
+}
+
+# --- Without a revision pin, the juju_charm datasource determines the revision ---
+
+run "no_pin_uses_datasource" {
+  command = plan
+
+  assert {
+    condition     = local.revisions.alertmanager == data.juju_charm.alertmanager_info.revision
+    error_message = "alertmanager revision should come from datasource when no pin is set"
+  }
+
+  assert {
+    condition     = local.revisions.catalogue == data.juju_charm.catalogue_info.revision
+    error_message = "catalogue revision should come from datasource when no pin is set"
+  }
+
+  assert {
+    condition     = local.revisions.grafana == data.juju_charm.grafana_info.revision
+    error_message = "grafana revision should come from datasource when no pin is set"
+  }
+
+  assert {
+    condition     = local.revisions.loki == data.juju_charm.loki_info.revision
+    error_message = "loki revision should come from datasource when no pin is set"
+  }
+
+  assert {
+    condition     = local.revisions.prometheus == data.juju_charm.prometheus_info.revision
+    error_message = "prometheus revision should come from datasource when no pin is set"
+  }
+
+  assert {
+    condition     = local.revisions.ssc == data.juju_charm.ssc_info.revision
+    error_message = "ssc revision should come from datasource when no pin is set"
+  }
+
+  assert {
+    condition     = local.revisions.traefik == data.juju_charm.traefik_info.revision
+    error_message = "traefik revision should come from datasource when no pin is set"
+  }
+}

terraform/cos-lite/upgrades.tf

@@ -0,0 +1,43 @@
+# -------------- # CharmHub API -------------- #
+
+data "juju_charm" "alertmanager_info" {
+  charm   = "alertmanager-k8s"
+  channel = local.channels.alertmanager
+  base    = var.base
+}
+
+data "juju_charm" "catalogue_info" {
+  charm   = "catalogue-k8s"
+  channel = local.channels.catalogue
+  base    = var.base
+}
+
+data "juju_charm" "grafana_info" {
+  charm   = "grafana-k8s"
+  channel = local.channels.grafana
+  base    = var.base
+}
+
+data "juju_charm" "loki_info" {
+  charm   = "loki-k8s"
+  channel = local.channels.loki
+  base    = var.base
+}
+
+data "juju_charm" "prometheus_info" {
+  charm   = "prometheus-k8s"
+  channel = local.channels.prometheus
+  base    = var.base
+}
+
+data "juju_charm" "ssc_info" {
+  charm   = "self-signed-certificates"
+  channel = local.channels.ssc
+  base    = var.base
+}
+
+data "juju_charm" "traefik_info" {
+  charm   = "traefik-k8s"
+  channel = local.channels.traefik
+  base    = var.base
+}

terraform/cos-lite/variables.tf

@@ -5,15 +5,16 @@
 # causes the operation to fail due to https://github.com/juju/terraform-provider-juju/issues/344
 # Therefore, we set a default value of "arch=amd64" for all applications.
 
-locals {
-  # https://github.com/juju/terraform-provider-juju/issues/972
-  tls_termination = var.external_certificates_offer_url != null ? true : false
+variable "risk" {
+  description = "Risk level that the applications are (unless overwritten by individual channels) deployed from"
+  type        = string
+  default     = "edge"
 }
 
-variable "channel" {
-  description = "Channel that the applications are (unless overwritten by individual channels) deployed from"
+variable "base" {
+  description = "The operating system on which to deploy. E.g. ubuntu@22.04. Changing this value for machine charms will trigger a replace by terraform. Check Charmhub for per-charm base support."
+  default     = "ubuntu@24.04"
   type        = string
-  default     = "dev/edge"
 }
 
 variable "model_uuid" {