Hi all,
the strictly confined jhack snap makes use of a personal-files interface to read/write
~/.local/share/juju, so that the juju client it embeds can share the controllers, models, credentials, etc… available to the user-owned juju snap.
Read access via juju-client-observe is not enough, because the embedded juju client needs to create certain lock files.
Copying ~/.local/share/juju to a snap-owned location (to gain write access) means that any newly added controllers, any credentials change, any changes to the local state essentially (current model, etc…) would desync the two jujus.
So the only way is to share r/w access to that directory.
@alexmurray I would like to support this personal-files request for jhack as I worked on getting the snap package strictly confined with Pietro.
As mentioned in the earlier forum post about getting jhack released under --classic, the personal-files interface is need so that jhack can read and modify the user’s current juju configuration. As Pietro mentioned, this interface is needed to prevent dsyncing between the embedded version of Juju and the standalone Juju installed on the host.
jhack uses the juju python library which reads ~/.local/share/juju to get the Juju client configuration on the host. This is how jhack is able to access models, units, applications, etc. You can audit the source code for jhackhere on GitHub.
+1 from me for use of a personal-files instance named dot-local-share-juju with write access to ~/.local/share/juju - note I do not think auto-connect is appropriate since you are requesting write access jhack is not the clear owner of this path - juju is. Personally I would like to see the juju snap expose whatever you require via a content interface so that you can use that instead, rather than having to embed juju directly in jhack as that would make its permissions clearer.
Yeah we did think that it would be great if juju exposed a binary interface which allowed us to hit the client directly. How does one go about requesting this?
+1 from me as well - personal-files instance named dot-local-share-juju with write access to ~/.local/share/juju. It would also be worth adding this to the snap description so that people know about the access and the purpose of it.
+2 votes for, 0 votes against. Granting use (but not auto-connect) of personal-files with write access to $HOME/.local/share/juju using the iface reference dot-local-share-juju. This is now live.