chore: move model proxy to separate pkg

internal/jujuapi/streamproxy.go

@@ -17,7 +17,7 @@ import (
 	"github.com/canonical/jimm/v3/internal/errors"
 	"github.com/canonical/jimm/v3/internal/jimmhttp"
 	"github.com/canonical/jimm/v3/internal/openfga"
-	jimmRPC "github.com/canonical/jimm/v3/internal/rpc"
+	"github.com/canonical/jimm/v3/internal/streamproxy"
 )
 
 // A streamProxier serves the the /log endpoint by proxying
@@ -103,7 +103,7 @@ func (s streamProxier) ServeWS(ctx context.Context, clientConn *websocket.Conn)
 		return
 	}
 
-	jimmRPC.ProxyStreams(ctx, clientConn, controllerStream)
+	streamproxy.ProxyStreams(ctx, clientConn, controllerStream)
 }
 
 func checkPermission(ctx context.Context, path string, u *openfga.User, mt names.ModelTag) (bool, error) {

internal/jujuapi/websocket.go

@@ -24,6 +24,7 @@ import (
 	"github.com/canonical/jimm/v3/internal/jimm/jujuauth"
 	"github.com/canonical/jimm/v3/internal/jimmhttp"
 	jimmRPC "github.com/canonical/jimm/v3/internal/rpc"
+	"github.com/canonical/jimm/v3/internal/rpcproxy"
 )
 
 const (
@@ -177,30 +178,30 @@ func (s apiProxier) ServeWS(ctx context.Context, clientConn *websocket.Conn) {
 	connectionFunc := controllerConnectionFunc(s, &jwtGenerator)
 	zapctx.Debug(ctx, "Starting proxier")
 	auditLogger := s.jimm.AuditLogManager().AddAuditLogEntry
-	proxyHelpers := jimmRPC.ProxyHelpers{
+	proxyHelpers := rpcproxy.ProxyHelpers{
 		ConnClient:              clientConn,
 		TokenGen:                &jwtGenerator,
 		ConnectController:       connectionFunc,
 		AuditLog:                auditLogger,
 		LoginService:            s.jimm.LoginManager(),
 		AuthenticatedIdentityID: auth.SessionIdentityFromContext(ctx),
 	}
-	if err := jimmRPC.ProxySockets(ctx, proxyHelpers); err != nil {
+	if err := rpcproxy.ProxySockets(ctx, proxyHelpers); err != nil {
 		zapctx.Error(ctx, "failed to start jimm model proxy", zap.Error(err))
 	}
 }
 
 // controllerConnectionFunc returns a function that will be used to
 // connect to a controller when a client makes a request.
-func controllerConnectionFunc(s apiProxier, jwtGenerator *jujuauth.TokenGenerator) func(context.Context) (jimmRPC.WebsocketConnectionWithMetadata, error) {
-	return func(ctx context.Context) (jimmRPC.WebsocketConnectionWithMetadata, error) {
+func controllerConnectionFunc(s apiProxier, jwtGenerator *jujuauth.TokenGenerator) func(context.Context) (rpcproxy.WebsocketConnectionWithMetadata, error) {
+	return func(ctx context.Context) (rpcproxy.WebsocketConnectionWithMetadata, error) {
 		const op = errors.Op("proxy.controllerConnectionFunc")
 		path := jimmhttp.PathElementFromContext(ctx, "path")
 		zapctx.Debug(ctx, "grabbing model info from path", zap.String("path", path))
 		uuid, finalPath, err := modelInfoFromPath(path)
 		if err != nil {
 			zapctx.Error(ctx, "error parsing path", zap.Error(err))
-			return jimmRPC.WebsocketConnectionWithMetadata{}, errors.E(op, err)
+			return rpcproxy.WebsocketConnectionWithMetadata{}, errors.E(op, err)
 		}
 		m := dbmodel.Model{
 			UUID: sql.NullString{
@@ -210,18 +211,18 @@ func controllerConnectionFunc(s apiProxier, jwtGenerator *jujuauth.TokenGenerato
 		}
 		if err := s.jimm.Database.GetModel(context.Background(), &m); err != nil {
 			zapctx.Error(ctx, "failed to find model", zap.String("uuid", uuid), zap.Error(err))
-			return jimmRPC.WebsocketConnectionWithMetadata{}, errors.E(err, errors.CodeNotFound)
+			return rpcproxy.WebsocketConnectionWithMetadata{}, errors.E(err, errors.CodeNotFound)
 		}
 		jwtGenerator.SetTags(m.ResourceTag(), m.Controller.ResourceTag())
 		mt := m.ResourceTag()
 		zapctx.Debug(ctx, "Dialing Controller", zap.String("path", path))
 		controllerConn, err := jimmRPC.Dial(ctx, &m.Controller, mt, finalPath, nil)
 		if err != nil {
 			zapctx.Error(ctx, "cannot dial controller", zap.String("controller", m.Controller.Name), zap.Error(err))
-			return jimmRPC.WebsocketConnectionWithMetadata{}, err
+			return rpcproxy.WebsocketConnectionWithMetadata{}, err
 		}
 		fullModelName := m.Controller.Name + "/" + m.Name
-		return jimmRPC.WebsocketConnectionWithMetadata{
+		return rpcproxy.WebsocketConnectionWithMetadata{
 			Conn:           controllerConn,
 			ControllerUUID: m.Controller.UUID,
 			ModelName:      fullModelName,

internal/rpc/client.go

@@ -1,4 +1,4 @@
-// Copyright 2024 Canonical.
+// Copyright 2025 Canonical.
 
 package rpc
 
@@ -203,16 +203,6 @@ func (c *Client) Call(ctx context.Context, facade string, version int, id, metho
 
 	select {
 	case <-ch:
-		permissionsRequired, err := checkPermissionsRequired(ctx, *respMsg)
-		if err != nil {
-			return err
-		}
-		if permissionsRequired != nil {
-			return &Error{
-				Code: PermissionCheckRequiredErrorCode,
-				Info: permissionsRequired,
-			}
-		}
 		if (*respMsg).Error != "" {
 			return &Error{
 				Message: (*respMsg).Error,