search

canonical / oathkeeper-operator

Charmed Ory Oathkeeper
https://charmhub.io/oathkeeper
Apache License 2.0
1 stars 4 forks source link

Charm goes into error state when deployed without `--trust` #39

Open sed-i opened 9 months ago

sed-i commented 9 months ago

Bug Description

When the charm is deployed without --trust, it goes into error state.

It would be handy if it would block with a message. Example.

To Reproduce

juju deploy ./oathkeeper_ubuntu-22.04-amd64.charm ok --resource oci-image=$(yq eval '.resources.oci-image.upstream-source' metadata.yaml)

Environment

Model  Controller  Cloud/Region        Version  SLA          Timestamp
auth   k8s2        microk8s/localhost  3.1.6    unsupported  14:17:40-05:00

Charm built from main (6c6151e).

Relevant log output

unit-ok-0: 14:12:53.575 ERROR unit.ok/0.juju-log Uncaught exception while in charm code:
Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/lightkube/core/generic_client.py", line 188, in raise_for_status
    resp.raise_for_status()
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/httpx/_models.py", line 758, in raise_for_status
    raise HTTPStatusError(message, request=request, response=self)
httpx.HTTPStatusError: Client error '403 Forbidden' for url 'https://10.152.183.1/api/v1/namespaces/auth/configmaps?fieldManager=ok'
For more information check: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/403

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/lib/juju/agents/unit-ok-0/charm/./src/charm.py", line 555, in <module>
    main(OathkeeperCharm)
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/ops/main.py", line 434, in main
    framework.reemit()
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/ops/framework.py", line 852, in reemit
    self._reemit()
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/ops/framework.py", line 931, in _reemit
    custom_handler(event)
  File "/var/lib/juju/agents/unit-ok-0/charm/./src/charm.py", line 324, in _on_install
    config_map.create_all()
  File "/var/lib/juju/agents/unit-ok-0/charm/src/config_map.py", line 133, in create_all
    ConfigMapManager.create_all()
  File "/var/lib/juju/agents/unit-ok-0/charm/src/config_map.py", line 26, in create_all
    cm.create()
  File "/var/lib/juju/agents/unit-ok-0/charm/src/config_map.py", line 74, in create
    self._client.create(cm)
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/lightkube/core/client.py", line 359, in create
    return self._client.request("post", name=name, namespace=namespace, obj=obj,
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/lightkube/core/generic_client.py", line 245, in request
    return self.handle_response(method, resp, br)
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/lightkube/core/generic_client.py", line 196, in handle_response
    self.raise_for_status(resp)
  File "/var/lib/juju/agents/unit-ok-0/charm/venv/lightkube/core/generic_client.py", line 190, in raise_for_status
    raise transform_exception(e)
lightkube.core.exceptions.ApiError: configmaps is forbidden: User "system:serviceaccount:auth:ok" cannot create resource "configmaps" in API group "" in the namespace "auth"

Additional context

No response