Comment 9 for bug 2065761

The logs don't contain the info I would expect to see for validating a macaroon used for cross model secrets. Cross model secrets can be read if the relation the grant is scoped to is accessible by the supplied macaroon. Macaroon checks result in logs like this:

check 1 macaroons with required attrs: map[offer-uuid:c8291190-3af0-4321-8149-89e1a1e0bf83 source-model-uuid:d39dcfa1-cae7-4a15-8324-deb667934b38]

(that's from the logs).

There's only 2 such lines, and neither contain a relation tag which would be expected when checking secret access. So it seems like those lines are for other cmr operations.

Can we get logs which correspond to the timestamps of when the charm errors for secret-get happened? And an indication of when the operation was attempted to so we know where to look in the logs?

I should have asked the first time, can we please also turn on TRACE logging for #secrets

Just to check - all other cmr aspects are working as expected? There's no error surfaced in status for any of the saas entries?