canonical · amc94 · Mar 6, 2026 · Mar 6, 2026 · Mar 6, 2026 · Mar 10, 2026
diff --git a/terraform/ps5/README.md b/terraform/ps5/README.md
@@ -0,0 +1,62 @@
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_juju"></a> [juju](#requirement\_juju) | ~> 1.3 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_juju"></a> [juju](#provider\_juju) | 1.3.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [juju_application.backup-restoring-db](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application) | resource |
+| [juju_application.ingress](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application) | resource |
+| [juju_application.pg](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application) | resource |
+| [juju_application.redis](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application) | resource |
+| [juju_application.s3-integrator](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application) | resource |
+| [juju_application.test-observer-api](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application) | resource |
+| [juju_application.test-observer-frontend](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/application) | resource |
+| [juju_integration.db-backups](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/integration) | resource |
+| [juju_integration.db-backups-restore](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/integration) | resource |
+| [juju_integration.test-observer-api-database-access](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/integration) | resource |
+| [juju_integration.test-observer-api-ingress](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/integration) | resource |
+| [juju_integration.test-observer-frontend-ingress](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/integration) | resource |
+| [juju_integration.test-observer-frontend-to-rest-api-access](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/integration) | resource |
+| [juju_integration.test-observer-redis-access](https://registry.terraform.io/providers/juju/juju/latest/docs/resources/integration) | resource |
+| [juju_model.model](https://registry.terraform.io/providers/juju/juju/latest/docs/data-sources/model) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_api_channel"></a> [api\_channel](#input\_api\_channel) | Charmhub channel for the API charm (e.g., 'latest/edge', 'latest/edge/testing-branch') | `string` | `"latest/edge"` | no |
+| <a name="input_api_hostname"></a> [api\_hostname](#input\_api\_hostname) | Test Observer API hostname | `string` | n/a | yes |
+| <a name="input_backups_s3_bucket"></a> [backups\_s3\_bucket](#input\_backups\_s3\_bucket) | Database backups s3-integrator bucket | `string` | `""` | no |
+| <a name="input_backups_s3_endpoint"></a> [backups\_s3\_endpoint](#input\_backups\_s3\_endpoint) | Database backups s3-integrator endpoint | `string` | `""` | no |
+| <a name="input_backups_s3_path"></a> [backups\_s3\_path](#input\_backups\_s3\_path) | Database backups s3-integrator path | `string` | `""` | no |
+| <a name="input_backups_s3_region"></a> [backups\_s3\_region](#input\_backups\_s3\_region) | Database backups s3-integrator region | `string` | `""` | no |
+| <a name="input_backups_s3_uri_style"></a> [backups\_s3\_uri\_style](#input\_backups\_s3\_uri\_style) | Database backups s3-integrator uri\_style | `string` | `"path"` | no |
+| <a name="input_enable_issue_sync"></a> [enable\_issue\_sync](#input\_enable\_issue\_sync) | Whether to enable periodic syncing of issues from GitHub, Jira, and Launchpad | `bool` | `false` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | The environment to deploy to (development, stg, production) | `any` | n/a | yes |
+| <a name="input_frontend_channel"></a> [frontend\_channel](#input\_frontend\_channel) | Charmhub channel for the frontend charm (e.g., 'latest/edge', 'latest/edge/testing-branch') | `string` | `"latest/edge"` | no |
+| <a name="input_frontend_hostname"></a> [frontend\_hostname](#input\_frontend\_hostname) | Test Observer front-end hostname | `string` | n/a | yes |
+| <a name="input_ignore_permissions"></a> [ignore\_permissions](#input\_ignore\_permissions) | List of API permissions to ignore for all requests | `list(string)` | n/a | yes |
+| <a name="input_nginx_ingress_integrator_charm_whitelist_source_range"></a> [nginx\_ingress\_integrator\_charm\_whitelist\_source\_range](#input\_nginx\_ingress\_integrator\_charm\_whitelist\_source\_range) | Allowed client IP source ranges. The value is a comma separated list of CIDRs. | `string` | `""` | no |
+| <a name="input_saml_idp_metadata_url"></a> [saml\_idp\_metadata\_url](#input\_saml\_idp\_metadata\_url) | SAML metadata endpoint for the identity provider | `string` | n/a | yes |
+| <a name="input_saml_sp_cert"></a> [saml\_sp\_cert](#input\_saml\_sp\_cert) | SAML service provider X.509 certificate | `string` | n/a | yes |
+| <a name="input_saml_sp_key"></a> [saml\_sp\_key](#input\_saml\_sp\_key) | SAML service provider certificate private key | `string` | n/a | yes |
+| <a name="input_sessions_secret"></a> [sessions\_secret](#input\_sessions\_secret) | Randomly generated secret key to use for signing session cookies | `string` | n/a | yes |
+| <a name="input_tls_secret_name"></a> [tls\_secret\_name](#input\_tls\_secret\_name) | Secret where the TLS certificate for ingress is stored | `string` | `""` | no |
+
+## Outputs
+
+No outputs.
diff --git a/terraform/ps5/data.tf b/terraform/ps5/data.tf
@@ -0,0 +1,21 @@
+# Copyright 2026 Canonical Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-FileCopyrightText: Copyright 2025 Canonical Ltd.
+# SPDX-License-Identifier: Apache-2.0
+
+data "juju_model" "model" {
+  name  = local.juju_model.name
+  owner = local.juju_model.owner
+}
diff --git a/terraform/ps5/locals.tf b/terraform/ps5/locals.tf
@@ -0,0 +1,13 @@
+
+locals {
+  sentry_dsn_map = {
+    production  = "https://dd931d36e0c24681aaeed6abd312c896@sentry.is.canonical.com//66"
+    stg         = "https://84a48d05b2444e47a7fa176b577bf85a@sentry.is.canonical.com//68",
+    development = ""
+  }
+
+  juju_model = {
+    name  = "test-observer-${var.environment}"
+    owner = "admin"
+  }
+}
diff --git a/terraform/ps5/providers.tf b/terraform/ps5/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    juju = {
+      version = "~> 1.3"
+      source  = "juju/juju"
+    }
+  }
+}
diff --git a/terraform/ps5/test-observer.tf b/terraform/ps5/test-observer.tf
@@ -15,131 +15,10 @@
 # SPDX-FileCopyrightText: Copyright 2025 Canonical Ltd.
 # SPDX-License-Identifier: Apache-2.0
 
-terraform {
-  required_providers {
-    juju = {
-      version = "~> 0.10.1"
-      source  = "juju/juju"
-    }
-  }
-}
-
-provider "juju" {}
-
-variable "environment" {
-  description = "The environment to deploy to (development, stg, production)"
-}
-
-variable "tls_secret_name" {
-  description = "Secret where the TLS certificate for ingress is stored"
-  type        = string
-  default     = ""
-}
-
-variable "nginx_ingress_integrator_charm_whitelist_source_range" {
-  description = "Allowed client IP source ranges. The value is a comma separated list of CIDRs."
-  type        = string
-  default     = ""
-}
-
-variable "backups_s3_endpoint" {
-  description = "Database backups s3-integrator endpoint"
-  type        = string
-  default     = ""
-}
-
-variable "backups_s3_region" {
-  description = "Database backups s3-integrator region"
-  type        = string
-  default     = ""
-}
-
-variable "backups_s3_bucket" {
-  description = "Database backups s3-integrator bucket"
-  type        = string
-  default     = ""
-}
-
-variable "backups_s3_path" {
-  description = "Database backups s3-integrator path"
-  type        = string
-  default     = ""
-}
-
-variable "backups_s3_uri_style" {
-  description = "Database backups s3-integrator uri_style"
-  type        = string
-  default     = "path"
-}
-
-variable "api_hostname" {
-  description = "Test Observer API hostname"
-  type        = string
-}
-
-variable "frontend_hostname" {
-  description = "Test Observer front-end hostname"
-  type        = string
-}
-
-variable "saml_idp_metadata_url" {
-  description = "SAML metadata endpoint for the identity provider"
-  type        = string
-}
-
-variable "saml_sp_cert" {
-  description = "SAML service provider X.509 certificate"
-  type        = string
-}
-
-variable "saml_sp_key" {
-  description = "SAML service provider certificate private key"
-  type        = string
-}
-
-variable "sessions_secret" {
-  description = "Randomly generated secret key to use for signing session cookies"
-  type        = string
-}
-
-variable "ignore_permissions" {
-  description = "List of API permissions to ignore for all requests"
-  type        = list(string)
-}
-
-variable "api_channel" {
-  description = "Charmhub channel for the API charm (e.g., 'latest/edge', 'latest/edge/testing-branch')"
-  type        = string
-  default     = "latest/edge"
-}
-
-variable "frontend_channel" {
-  description = "Charmhub channel for the frontend charm (e.g., 'latest/edge', 'latest/edge/testing-branch')"
-  type        = string
-  default     = "latest/edge"
-}
-
-variable "enable_issue_sync" {
-  description = "Whether to enable periodic syncing of issues from GitHub, Jira, and Launchpad"
-  type        = bool
-  default     = false
-}
-
-
-
-locals {
-  sentry_dsn_map = {
-    production  = "https://dd931d36e0c24681aaeed6abd312c896@sentry.is.canonical.com//66"
-    stg         = "https://84a48d05b2444e47a7fa176b577bf85a@sentry.is.canonical.com//68",
-    development = ""
-  }
-  juju_model = "test-observer-${var.environment}"
-}
-
 resource "juju_application" "ingress" {
-  name  = "ingress"
-  model = local.juju_model
-  trust = true
+  name       = "ingress"
+  model_uuid = data.juju_model.model.uuid
+  trust      = true
 
   charm {
     name     = "nginx-ingress-integrator"
@@ -154,9 +33,9 @@ resource "juju_application" "ingress" {
 }
 
 resource "juju_application" "pg" {
-  name  = "db"
-  model = local.juju_model
-  trust = true
+  name       = "db"
+  model_uuid = data.juju_model.model.uuid
+  trust      = true
 
   charm {
     name     = "postgresql-k8s"
@@ -180,9 +59,9 @@ resource "juju_application" "pg" {
 }
 
 resource "juju_application" "backup-restoring-db" {
-  name  = "backup-restoring-db"
-  model = local.juju_model
-  trust = true
+  name       = "backup-restoring-db"
+  model_uuid = data.juju_model.model.uuid
+  trust      = true
 
   charm {
     name     = "postgresql-k8s"
@@ -206,8 +85,8 @@ resource "juju_application" "backup-restoring-db" {
 }
 
 resource "juju_application" "test-observer-api" {
-  name  = "api"
-  model = local.juju_model
+  name       = "api"
+  model_uuid = data.juju_model.model.uuid
 
   charm {
     name    = "test-observer-api"
@@ -232,8 +111,8 @@ resource "juju_application" "test-observer-api" {
 }
 
 resource "juju_application" "test-observer-frontend" {
-  name  = "frontend"
-  model = local.juju_model
+  name       = "frontend"
+  model_uuid = data.juju_model.model.uuid
 
   charm {
     name    = "test-observer-frontend"
@@ -250,8 +129,8 @@ resource "juju_application" "test-observer-frontend" {
 }
 
 resource "juju_application" "redis" {
-  name  = "redis"
-  model = local.juju_model
+  name       = "redis"
+  model_uuid = data.juju_model.model.uuid
 
   charm {
     name     = "redis-k8s"
@@ -262,8 +141,8 @@ resource "juju_application" "redis" {
 }
 
 resource "juju_application" "s3-integrator" {
-  name  = "backups-s3-integrator"
-  model = local.juju_model
+  name       = "backups-s3-integrator"
+  model_uuid = data.juju_model.model.uuid
 
   charm {
     name     = "s3-integrator"
@@ -282,7 +161,7 @@ resource "juju_application" "s3-integrator" {
 }
 
 resource "juju_integration" "db-backups" {
-  model = local.juju_model
+  model_uuid = data.juju_model.model.uuid
 
   application {
     name = juju_application.pg.name
@@ -294,7 +173,7 @@ resource "juju_integration" "db-backups" {
 }
 
 resource "juju_integration" "db-backups-restore" {
-  model = local.juju_model
+  model_uuid = data.juju_model.model.uuid
 
   application {
     name = juju_application.backup-restoring-db.name
@@ -306,7 +185,7 @@ resource "juju_integration" "db-backups-restore" {
 }
 
 resource "juju_integration" "test-observer-api-database-access" {
-  model = local.juju_model
+  model_uuid = data.juju_model.model.uuid
 
   application {
     name = juju_application.test-observer-api.name
@@ -318,7 +197,7 @@ resource "juju_integration" "test-observer-api-database-access" {
 }
 
 resource "juju_integration" "test-observer-frontend-to-rest-api-access" {
-  model = local.juju_model
+  model_uuid = data.juju_model.model.uuid
 
   application {
     name = juju_application.test-observer-api.name
@@ -330,7 +209,7 @@ resource "juju_integration" "test-observer-frontend-to-rest-api-access" {
 }
 
 resource "juju_integration" "test-observer-frontend-ingress" {
-  model = local.juju_model
+  model_uuid = data.juju_model.model.uuid
 
   application {
     name = juju_application.test-observer-frontend.name
@@ -343,7 +222,7 @@ resource "juju_integration" "test-observer-frontend-ingress" {
 
 
 resource "juju_integration" "test-observer-api-ingress" {
-  model = local.juju_model
+  model_uuid = data.juju_model.model.uuid
 
   application {
     name = juju_application.test-observer-api.name
@@ -356,7 +235,7 @@ resource "juju_integration" "test-observer-api-ingress" {
 
 
 resource "juju_integration" "test-observer-redis-access" {
-  model = local.juju_model
+  model_uuid = data.juju_model.model.uuid
 
   application {
     name = juju_application.test-observer-api.name