Skip to content

[DPE-3885] Enhance the error message if charm was deployed without --trust flag #440

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 19 commits into from
Apr 12, 2024
Merged

[DPE-3885] Enhance the error message if charm was deployed without --trust flag #440

merged 19 commits into from
Apr 12, 2024

Conversation

lucasgameiroborges
Copy link

@lucasgameiroborges lucasgameiroborges commented Apr 8, 2024
edited
Loading

Issue

#431

Solution

Considering this is an error that can be solved by human action directly on the live charm, I chose the following approach: If the 403 Unauthorized error is catched, the charm enters Blocked status with specific message and a helpful explanation about the problem is written in the logs:

juju status:

Unit                         Workload  Agent      Address       Ports  Message
untrusted-postgresql-k8s/0*  blocked   executing  10.1.110.75          Insufficient permissions, try: `juju trust untrusted-postgresql-k8s --scope=cluster`

juju logs:

unit-postgresql-k8s-0: 22:26:23 INFO juju.worker.uniter.operation ran "leader-elected" hook (via hook dispatching script: dispatch)
unit-untrusted-postgresql-k8s-1: 13:24:43 ERROR unit.untrusted-postgresql-k8s/1.juju-log
            Access to k8s cluster resources is not authorized. This happens when RBAC is enabled and the deployed application was not trusted by the juju admin.
            To fix this issue, run `juju trust untrusted-postgresql-k8s --scope=cluster` (or remove & re-deploy untrusted-postgresql-k8s with `--trust`)

lucasgameiroborges
lucasgameiroborges commented Apr 8, 2024
View reviewed changes
dragomirp
dragomirp reviewed Apr 9, 2024
View reviewed changes
@dragomirp
Copy link
Contributor

We should add integration test that the charm will block and unblock correctly.

@lucasgameiroborges
Copy link
Author

lucasgameiroborges commented Apr 11, 2024
edited
Loading

Added a small set of integration tests for the feature. Due to RBAC not being enabled by default in our reusable workflows, I had to use sub-processes to interact with microk8s directly, as well as re-establish model connection after microk8s restart. Running the test multiple times locally and in CI without fails, it looks stable.

About the OSError: [Errno 9] Bad file descriptor error messages, I'm still not quite sure what triggers them (probably a consequence of microk8s interference), but they don't affect the test behavior in any way, besides spamming the CI logs. The evolution of the model state works as expected.

dragomirp
dragomirp reviewed Apr 11, 2024
View reviewed changes
taurus-forever
taurus-forever reviewed Apr 11, 2024
View reviewed changes
marceloneppel
marceloneppel reviewed Apr 11, 2024
View reviewed changes
Copy link
Member

@marceloneppel marceloneppel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks great! Thanks @lucasgameiroborges!

I left only one comment.

taurus-forever
taurus-forever approved these changes Apr 12, 2024
View reviewed changes
Copy link
Contributor

@taurus-forever taurus-forever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! Thank you!

@lucasgameiroborges lucasgameiroborges merged commit 9e4c16c into main Apr 12, 2024
@lucasgameiroborges lucasgameiroborges deleted the lucas/dpe-3885 branch April 12, 2024 11:58
@lucasgameiroborges lucasgameiroborges mentioned this pull request Apr 15, 2024
Closed
@taurus-forever taurus-forever mentioned this pull request Apr 23, 2024
Closed
BON4 pushed a commit to BON4/postgresql-k8s-operator that referenced this pull request May 20, 2024
[DPE-3885] Enhance the error message if charm was deployed without `-…
f71299b 
…-trust` flag (canonical#440)

* improve error message for trust flag

* fix message text

* fix docstring

* fix explanation

* add integration test for new trust behavior

* test different app name for deploy

* fix bug

* enable rbac from inside test

* fix typo

* use sudo with microk8s enable

* remove check true

* fix linting

* test subprocess call

* remove fast-forward

* test connectivity and enable rbac

* fix integration test + update endpoints

* revert poetry lock change

* reposition endpoint update in event

* reposition cleanup resource call
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@taurus-forever taurus-forever taurus-forever approved these changes

@dragomirp dragomirp dragomirp approved these changes

@marceloneppel marceloneppel marceloneppel approved these changes

Assignees

No one assigned

Labels

Libraries: Out of sync

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lucasgameiroborges @dragomirp @taurus-forever @marceloneppel