Provide way for admins of controllers to remove models from other users (in particular suspended)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Harry Pidcock |
Bug Description
Hi,
We operate public JAAS (Juju-as-a-Service) controllers for community consumption. Sadly, a lot of these models are in "suspended" or "destroying" state and the logs shows we no longer have valid credentials to access them. E.g. for one of the Azure JAAS controllers:
"""
2023-03-08 04:41:09 ERROR juju.worker.
-------
RESPONSE 404: 404 Not Found
ERROR CODE: SubscriptionNot
-------
{
"error": {
"code": "SubscriptionNo
"message": "The subscription '3faffd88-
}
}
"""
"""
2023-03-08 04:41:16 ERROR juju.worker.
POST https:/
-------
RESPONSE 401 Unauthorized
-------
{
"error": "invalid_client",
"error_
"error_codes": [
7000222
],
"timestamp": "2023-03-08 04:41:16Z",
"trace_id": "2a954576-...",
"correlation_id": "ff18f90e-...",
"error_uri": "https:/
}
-------
"""
Can we please have a command to forcefully remove these? We don't care about the state of VMs or resources provisioned by these models, we just care that they're removed from the Juju controller and no longer being managed. With all these requests to Azure, I'm not surprised when they'll eventually rate limit or block these JAAS controllers access to talk to their API.
Changed in juju: | |
milestone: | none → 3.1.1 |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | 3.1.1 → 2.9.43 |
Changed in juju: | |
assignee: | nobody → Harry Pidcock (hpidcock) |
status: | Triaged → In Progress |
tags: | added: canonical-is canonical-is-upgrades |
Changed in juju: | |
milestone: | 2.9.43 → 2.9.44 |
Changed in juju: | |
status: | In Progress → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
As a workaround, as a controller "superuser" role, are you able to grant yourself "admin" on the model? Then you could do it.