non-leader unable to retrieve local application relation data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Attempting to run 'relation-get -r 2 - myapp --app=True' works on the lead myapp unit, but fails on the non-leaders. The error is 'ERROR permission denied'.
My main use case is a relation API, where the lead unit is setting application relation data. For backwards compatibility with older versions of server at the remote end of the relation, non-lead units need to mirror the application relation data to their standard relation data.
Another use case is upgrade-charm with the operator framework, upgrading standard relation data to application relation data:
def on_upgrade_
# Migrate leader's unit relation data to application relation data if necessary.
# This is for upgrading from pre-operator-
for rel in self.framework.
ldata = rel.data[
adata = rel.data[
for k in ['database', 'roles', 'extensions']:
if k in ldata and k not in adata:
if self.model.
Confirmed with 2.7.5+2.7-3a6aa80, so I believe this is different to Bug #1865229
tags: | added: canonical-is |
My understanding is that the idea is that if leadership data is intended to be specific to between two applications. If peers need information it would be shared over peer relation data vs exposing the app level data to every unit. In this way not all changes to the application level data need to trigger change events to every peer/unit that exists. The change of app level data only goes between leaders. The leader can then optionally propagate a change if that change is specific to the peers. However, there's a filter in play.