Canonical Juju

juju gives weird errors about macaroons when a read-only user

Bug #1594440 reported by Marco Ceppi on 2016-06-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Expired	Medium	Unassigned

Bug Description

I was provided access to a model from a controller I did not create. Once it was registered I attempted to deploy an application:

juju deploy mysql

This resulted in

ERROR storing charm for URL "cs:trusty/mysql-38": delegatable macaroon cannot be obtained for public entities

The same command with debug:

shared@maas:~$ juju deploy mysql --debug
2016-06-20 14:49:06 INFO juju.cmd supercommand.go:63 running juju [2.0-beta9 gc go1.6.1]
2016-06-20 14:49:06 INFO juju.juju api.go:230 connecting to API addresses: [192.168.9.11:17070]
2016-06-20 14:49:06 INFO juju.api apiclient.go:494 dialing "wss://192.168.9.11:17070/model/778f7126-ef2d-4b40-8071-2df1676c71cb/api"
2016-06-20 14:49:06 INFO juju.api apiclient.go:271 connection established to "wss://192.168.9.11:17070/model/778f7126-ef2d-4b40-8071-2df1676c71cb/api"
2016-06-20 14:49:06 DEBUG juju.juju api.go:382 API hostnames [192.168.9.11:17070] - resolving hostnames
2016-06-20 14:49:06 DEBUG juju.juju api.go:408 API addresses unchanged
2016-06-20 14:49:06 DEBUG juju.api apiclient.go:520 health ping failed: permission denied (unauthorized access)
2016-06-20 14:49:06 DEBUG httpbakery client.go:244 client do GET https://api.jujucharms.com/charmstore/v5/mysql/meta/any?include=id&include=supported-series&include=published {
2016-06-20 14:49:06 DEBUG httpbakery client.go:246 } -> error <nil>
2016-06-20 14:49:06 DEBUG httpbakery client.go:244 client do GET https://api.jujucharms.com/charmstore/v5/delegatable-macaroon?id=cs%3Atrusty%2Fmysql-38 {
2016-06-20 14:49:06 DEBUG httpbakery client.go:246 } -> error <nil>
2016-06-20 14:49:06 ERROR cmd supercommand.go:448 storing charm for URL "cs:trusty/mysql-38": delegatable macaroon cannot be obtained for public entities

shared@maas:~$ juju show-model
openvim:
  name: openvim
  model-uuid: 778f7126-ef2d-4b40-8071-2df1676c71cb
  controller-uuid: 4b4c3107-4e79-4a53-8235-2208ec3a4b00
  owner: admin@local
  type: maas
  life: alive
  status:
    current: available
    since: 1 hour ago
  users:
    shared@local:
      access: read
      last-connection: just now

Once I was given write ACL to the model I was able to proceed. In the future I would expect Juju to catch that I was a read only user and alert me to this and to why I can't take action on a model.

Tags:

Revision history for this message

Anastasia (anastasia-macmood) wrote on 2016-06-22:

The error message does need to be improved \o/

Changed in juju-core:
importance:	Undecided → Medium
status:	New → Triaged

Cheryl Jennings (cherylj) on 2016-07-01

tags:

added: 2.0 usability

Anastasia (anastasia-macmood) on 2016-08-09

Changed in juju-core:
milestone:	none → 2.0.0

Canonical Juju QA Bot (juju-qa-bot) on 2016-08-23

affects:	juju-core → juju
Changed in juju:
milestone:	2.0.0 → none
milestone:	none → 2.0.0

Curtis Hovey (sinzui) on 2016-10-06

Changed in juju:
milestone:	2.0.0 → 2.0.1

Curtis Hovey (sinzui) on 2016-10-28

Changed in juju:
milestone:	2.0.1 → none

Revision history for this message

Canonical Juju QA Bot (juju-qa-bot) wrote on 2022-11-03:

This bug has not been updated in 5 years, so we're marking it Expired. If you believe this is incorrect, please update the status.

Changed in juju:
status:	Triaged → Expired
tags:	added: expirebugs-bot

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.