API server validator code doesn't check the model
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Andrew Wilkins |
Bug Description
There is a connection validator that is passed in to the API Server.
This is used to restrict the facade methods from the root object based on certain criteria, like upgrade in progress, or restoring the database.
The validator is a method on the machine agent, found in cmd/jujud/
In both cases of dealing with restore and upgrade, a check is made to see if the tag matches the current agent tag, however no check is made to see if the API connection is for the controller model.
This means that a machine agent for machine 0 in the default model can connect to machine 0 in the controller model during an upgrade. This is certainly not the intent of the limit.
Changed in juju: | |
assignee: | nobody → Andrew Wilkins (axwalk) |
status: | Triaged → In Progress |
Changed in juju: | |
status: | In Progress → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
https:/ /github. com/juju/ juju/pull/ 8113