fix(internal/jujuclient/applicationoffers.go): set user when getting …

…offer consume details When getting consume details for an application offer the juju controller will, among other things, also return a macaroon that is passed to the consuming side. That macaroon contains a third party caveat addressed to JIMM in which it instructs JIMM to verify that the user is consumer of the application offer. Previously we were passing in an empty user tag which meant that Juju added that 3rd party caveat for the authenticated user and since JIMM always dials the juju controller as user `admin` that caveat was instructing JIMM to check that the `admin` user has `consume` access to the application offer. This PR proposes one way to fix is, which is to specify the user when getting consume details from the controller. The other way would be to dial the controller as the logged-in user.
canonical · Jan 7, 2025 · c82306c · c82306c
1 parent b480a9a
commit c82306c
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/internal/jujuclient/applicationoffers.go b/internal/jujuclient/applicationoffers.go
@@ -1,4 +1,4 @@
-// Copyright 2024 Canonical.
+// Copyright 2025 Canonical.
 
 package jujuclient
 
@@ -209,9 +209,7 @@ func (c Connection) GetApplicationOfferConsumeDetails(ctx context.Context, user
 			OfferURLs:     []string{info.Offer.OfferURL},
 			BakeryVersion: v,
 		},
-		// Do not include a user in the args, Juju will opt to use the user authenticated in the connection.
-		// There is a bug where setting the user tag does not behave as expected.
-		UserTag: "",
+		UserTag: user.String(),
 	}
 
 	resp := jujuparams.ConsumeOfferDetailsResults{