[08:42] <manadart> Morning achilleasa. Care to review a small one? morning achilleasa
[08:42] <manadart> Copy/paste fail.
[08:42] <manadart> https://github.com/juju/juju/pull/11524
[08:43] <achilleasa> manadart: looking
[10:03] <achilleasa> it looks like reading application the local application settings from the leader unit on k8s is broken :-(
[10:03] <achilleasa> because the ReadSettings call includes the app name and the operator always logs in as the application, token checks for the leader fail...
[10:04] <achilleasa> most probably also affects 2.7 but hopefully be an easy fix (just a bump in the facade version)
[10:18] <achilleasa> ... ah crap... not so easy to fix afterall (at least without bypassing the leader check on the server).... anyone around to chat?
[10:22] <achilleasa> TLDR version: the ReadSettings call uses a RelationUnit struct {Relation, Unit}. When we read the application settings, the client passes the _application tag_ as the unit tag.
[10:22] <achilleasa> it works for non-k8s charms because the uniter logs in as the unit and therefore we can check the token(app-tag, unit-tag from auth)
[10:23] <achilleasa> on k8s, the auth tag is the app so this fails. Obviously, modifying the RelationUnit struct to include the unit *and* the app defeats the purpose of token checks as the client can put whatever they want in there
[10:24] <achilleasa> not sure how to proceed here... any thoughts thumper or wallyworld? ^^^
[10:35] <timClicks> [Call for testing] upcoming Juju 2.8 release https://discourse.juju.is/t/-/2994