Deploy the charm kyuubi-k8s without the --trust flag as:
juju deploy kyuubi-k8s --channel latest/edge
See that the charm will transition to error state, with message hook failed: "config-changed".
Expected behavior
It is not informed to the user what actually went wrong, and the error message is very ambiguous. If Kyuubi does not work without the --trust flag, it's better that failure to do so is checked by the charm and informed to the user. Something along the lines of:
Application is blocked because this charm can only be deployed with --trust flag.
Actual behavior
The charm transitions to error message with an ambiguous message.
Versions
Operating system: 23.04
Juju CLI: 3.5.0-genericlinux-amd64
Juju agent: 3.5.0
Charm revision: 9
microk8s: MicroK8s v1.28.7 revision 6532
Log output
Juju debug log:
unit-kyuubi-k8s-0: 07:58:23 INFO juju.worker.uniter awaiting error resolution for "config-changed" hook
unit-kyuubi-k8s-0: 07:58:23 INFO unit.kyuubi-k8s/0.juju-log HTTP Request: GET https://10.152.183.1/api/v1/namespaces/kyuubi/serviceaccounts/kyuubi "HTTP/1.1 403 Forbidden"
unit-kyuubi-k8s-0: 07:58:23 ERROR unit.kyuubi-k8s/0.juju-log Uncaught exception while in charm code:
Traceback (most recent call last):
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/lightkube/core/generic_client.py", line 188, in raise_for_status
resp.raise_for_status()
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/httpx/_models.py", line 761, in raise_for_status
raise HTTPStatusError(message, request=request, response=self)
httpx.HTTPStatusError: Client error '403 Forbidden' for url 'https://10.152.183.1/api/v1/namespaces/kyuubi/serviceaccounts/kyuubi'
For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/./src/charm.py", line 52, in <module>
ops.main(KyuubiCharm) # type: ignore
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/ops/main.py", line 555, in __call__
return main(charm_class, use_juju_for_storage=use_juju_for_storage)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/ops/main.py", line 544, in main
manager.run()
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/ops/main.py", line 520, in run
self._emit()
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/ops/main.py", line 509, in _emit
_emit_charm_event(self.charm, self.dispatcher.event_name)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/ops/main.py", line 143, in _emit_charm_event
event_to_emit.emit(*args, **kwargs)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/ops/framework.py", line 352, in emit
framework._emit(event)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/ops/framework.py", line 851, in _emit
self._reemit(event_path)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/ops/framework.py", line 941, in _reemit
custom_handler(event)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/src/events/base.py", line 59, in wrapper_hook
res = hook(event_handler, event)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/src/events/kyuubi.py", line 51, in _on_config_changed
self.kyuubi.update(
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/src/managers/kyuubi.py", line 31, in update
).contents
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/src/config/spark.py", line 92, in contents
dict_content = self.to_dict()
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/src/config/spark.py", line 87, in to_dict
return self._base_conf() | self._sa_conf() | self._user_conf()
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/src/config/spark.py", line 57, in _sa_conf
if sa := registry.get(f"{self.namespace}:{self.service_account}"):
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/spark8t/services.py", line 1449, in get
service_account_raw = self.kube_interface.get_service_account(
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/spark8t/services.py", line 339, in get_service_account
raise e
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/spark8t/services.py", line 329, in get_service_account
service_account = self.client.get(
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/lightkube/core/client.py", line 140, in get
return self._client.request("get", res=res, name=name, namespace=namespace)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/lightkube/core/generic_client.py", line 245, in request
return self.handle_response(method, resp, br)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/lightkube/core/generic_client.py", line 196, in handle_response
self.raise_for_status(resp)
File "/var/lib/juju/agents/unit-kyuubi-k8s-0/charm/venv/lightkube/core/generic_client.py", line 190, in raise_for_status
raise transform_exception(e)
lightkube.core.exceptions.ApiError: serviceaccounts "kyuubi" is forbidden: User "system:serviceaccount:something:kyuubi-k8s" cannot get resource "serviceaccounts" in API group "" in the namespace "kyuubi"
unit-kyuubi-k8s-0: 07:58:23 ERROR juju.worker.uniter.operation hook "config-changed" (via hook dispatching script: dispatch) failed: exit status 1
Steps to reproduce
kyuubi-k8s
without the--trust
flag as:hook failed: "config-changed"
.Expected behavior
It is not informed to the user what actually went wrong, and the error message is very ambiguous. If Kyuubi does not work without the
--trust
flag, it's better that failure to do so is checked by the charm and informed to the user. Something along the lines of:Application is blocked because this charm can only be deployed with --trust flag
.Actual behavior
The charm transitions to error message with an ambiguous message.
Versions
Operating system: 23.04
Juju CLI: 3.5.0-genericlinux-amd64
Juju agent: 3.5.0
Charm revision: 9
microk8s: MicroK8s v1.28.7 revision 6532
Log output
Juju debug log:
Additional context