fix(permissionmap): fixes our permission map to actually run the redi… #1490
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…al logic
Originally, when dialing controller we specified superuser for controllers, and admin for models. This was wrong and needed updating.
Now, we dial controllers with the minimum access to receive the "permission check required" error. Upon receiving this error, the redial logic within Call() will run and update the map. If we decide a call is to be "superuser", we do allow this override.
I've removed where we specify permissions as when redialling, even if we did have permissions and they were wrong (for example read for a DumpModelsDB), juju responds with "permission check required" and due to our redial logic we update the map on the redial. As such, its very likely we don't need to put permissions in ourselves and let the redial logic run. I am really unkeen on how we're having to redial and am going to fix this in a follow up.
Engineering checklist
Check only items that apply
Test instructions
Notes for code reviewers