Canonical Juju

Unauthorized for K8s API during charm removal

Bug #1941655 reported by Kenneth Koski on 2021-08-25

This bug affects 6 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Fix Released	High	Harry Pidcock	Canonical Juju 2.9.26

Bug Description

An example charm that reproduces the issue:

```
import os
import subprocess

import requests
from ops.charm import CharmBase
from ops.main import main
from ops.model import ActiveStatus

class Operator(CharmBase):
    def __init__(self, *args):
        super().__init__(*args)
        self.framework.observe(self.on.foo_pebble_ready, self.install)
        self.framework.observe(self.on.remove, self.remove)

    def install(self, event):
        response = requests.get('https://dl.k8s.io/release/v1.22.1/bin/linux/amd64/kubectl')
        response.raise_for_status()

with open('/bin/kubectl', 'wb') as f:
f.write(response.content)

os.chmod("/bin/kubectl", 0o755)

subprocess.check_call(["kubectl", "get", "pods"])
self.unit.status = ActiveStatus()

def remove(self, event):
subprocess.check_call(["kubectl", "get", "pods"])

if __name__ == "__main__":
main(Operator)
```

Charm deployment works without an issue. However, when removing the charm, I get this error:

```
unit-foo-0: 16:00:00 WARNING unit.foo/0.remove error: You must be logged in to the server (Unauthorized)
unit-foo-0: 16:00:00 ERROR unit.foo/0.juju-log Uncaught exception while in charm code:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-foo-0/charm/./src/charm.py", line 85, in <module>
    main(Operator)
  File "/var/lib/juju/agents/unit-foo-0/charm/venv/ops/main.py", line 406, in main
    _emit_charm_event(charm, dispatcher.event_name)
  File "/var/lib/juju/agents/unit-foo-0/charm/venv/ops/main.py", line 140, in _emit_charm_event
    event_to_emit.emit(*args, **kwargs)
  File "/var/lib/juju/agents/unit-foo-0/charm/venv/ops/framework.py", line 278, in emit
    framework._emit(event)
  File "/var/lib/juju/agents/unit-foo-0/charm/venv/ops/framework.py", line 722, in _emit
    self._reemit(event_path)
  File "/var/lib/juju/agents/unit-foo-0/charm/venv/ops/framework.py", line 767, in _reemit
    custom_handler(event)
  File "/var/lib/juju/agents/unit-foo-0/charm/./src/charm.py", line 57, in remove
    subprocess.check_call(["kubectl", "get", "pods"])
  File "/usr/lib/python3.9/subprocess.py", line 373, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['kubectl', 'get', 'pods']' returned non-zero exit status 1.
```

Ian Booth (wallyworld) on 2021-08-26

Changed in juju:
milestone:	none → 2.9.13
importance:	Undecided → High
status:	New → Triaged

Canonical Juju QA Bot (juju-qa-bot) on 2021-09-08

Changed in juju:
milestone:	2.9.13 → 2.9.14

Canonical Juju QA Bot (juju-qa-bot) on 2021-09-10

Changed in juju:
milestone:	2.9.14 → 2.9.15

Harry Pidcock (hpidcock) on 2021-09-16

Changed in juju:
assignee:	nobody → Harry Pidcock (hpidcock)
status:	Triaged → In Progress

Canonical Juju QA Bot (juju-qa-bot) on 2021-09-24

Changed in juju:
milestone:	2.9.15 → 2.9.16

Canonical Juju QA Bot (juju-qa-bot) on 2021-10-07

Changed in juju:
milestone:	2.9.16 → 2.9.17

Canonical Juju QA Bot (juju-qa-bot) on 2021-10-22

Changed in juju:
milestone:	2.9.17 → 2.9.18

Canonical Juju QA Bot (juju-qa-bot) on 2021-11-04

Changed in juju:
milestone:	2.9.18 → 2.9.19

Harry Pidcock (hpidcock) on 2021-11-17

Changed in juju:
status:	In Progress → Triaged

Canonical Juju QA Bot (juju-qa-bot) on 2021-11-17

Changed in juju:
milestone:	2.9.19 → 2.9.20

Harry Pidcock (hpidcock) on 2021-11-19

Changed in juju:
status:	Triaged → In Progress

Canonical Juju QA Bot (juju-qa-bot) on 2021-11-26

Changed in juju:
milestone:	2.9.20 → 2.9.21

Canonical Juju QA Bot (juju-qa-bot) on 2021-12-01

Changed in juju:
milestone:	2.9.21 → 2.9.22

Canonical Juju QA Bot (juju-qa-bot) on 2021-12-10

Changed in juju:
milestone:	2.9.22 → 2.9.23

Canonical Juju QA Bot (juju-qa-bot) on 2022-01-12

Changed in juju:
milestone:	2.9.23 → 2.9.24

Canonical Juju QA Bot (juju-qa-bot) on 2022-02-01

Changed in juju:
milestone:	2.9.24 → 2.9.25

Revision history for this message

Guillaume Belanger (gruyaume) wrote on 2022-02-11:

This bug also affects charmed-magma (https://github.com/canonical/charmed-magma). We need to do manual cleanups of k8s resources created by charms because of it.

Canonical Juju QA Bot (juju-qa-bot) on 2022-02-15

Changed in juju:
milestone:	2.9.25 → 2.9.26

Revision history for this message

Harry Pidcock (hpidcock) wrote on 2022-03-09:

https://github.com/juju/juju/pull/13816

Ian Booth (wallyworld) on 2022-03-09

Changed in juju:
status:	In Progress → Fix Committed

Canonical Juju QA Bot (juju-qa-bot) on 2022-03-11

Changed in juju:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.