From c82306c8835d401664e5f4f04b978e970da8d8c4 Mon Sep 17 00:00:00 2001 From: Ales Stimec Date: Tue, 7 Jan 2025 10:35:01 +0100 Subject: [PATCH] fix(internal/jujuclient/applicationoffers.go): set user when getting offer consume details When getting consume details for an application offer the juju controller will, among other things, also return a macaroon that is passed to the consuming side. That macaroon contains a third party caveat addressed to JIMM in which it instructs JIMM to verify that the user is consumer of the application offer. Previously we were passing in an empty user tag which meant that Juju added that 3rd party caveat for the authenticated user and since JIMM always dials the juju controller as user `admin` that caveat was instructing JIMM to check that the `admin` user has `consume` access to the application offer. This PR proposes one way to fix is, which is to specify the user when getting consume details from the controller. The other way would be to dial the controller as the logged-in user. --- internal/jujuclient/applicationoffers.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/internal/jujuclient/applicationoffers.go b/internal/jujuclient/applicationoffers.go index 94e2e7b26..8d3939781 100644 --- a/internal/jujuclient/applicationoffers.go +++ b/internal/jujuclient/applicationoffers.go @@ -1,4 +1,4 @@ -// Copyright 2024 Canonical. +// Copyright 2025 Canonical. package jujuclient @@ -209,9 +209,7 @@ func (c Connection) GetApplicationOfferConsumeDetails(ctx context.Context, user OfferURLs: []string{info.Offer.OfferURL}, BakeryVersion: v, }, - // Do not include a user in the args, Juju will opt to use the user authenticated in the connection. - // There is a bug where setting the user tag does not behave as expected. - UserTag: "", + UserTag: user.String(), } resp := jujuparams.ConsumeOfferDetailsResults{