Adjust logrotate service so that it doesn't rely on getting the Pebble plan as a non-admin Pebble user

[tonyandrewmeyer]

The next version of Pebble will require admin access to get the plan, so that it's safer to include sensitive data (particularly in environment variables).

That means that this code that runs pebble plan, as the mongodb user I think, will no longer work (it will error out with an access denied response).

You could add a Pebble identity for the the user that runs the command that gives it admin access, but I think that would be the wrong approach, since it shouldn't need to have full access to Pebble (which is basically unlimited access to the container). Instead, it would be better to pass the content to the service another way, like in a file.

[syncronize-issues-to-jira]

Thank you for reporting your feedback to us!

The internal ticket has been created: https://warthogs.atlassian.net/browse/DPE-9170.

This message was autogenerated

[Gu1nness]

@tonyandrewmeyer Thanks for the report !
The best way will probably to store the URI in a file even if that looks scary.
However I'm not sure I see another easy way to do this.

We'll work on it soon.
When do you plan to release the new pebble version ?

[tonyandrewmeyer]

When do you plan to release the new pebble version ?

We almost always do one at the end of each month, so probably in the next few days.

However, Juju 3.6 is on Pebble 1.19.x, so will never get this change. I'm not entirely sure about Juju 4 - it should really only appear in Juju 4.1.0 (which would be mid February in theory, but I haven't heard anything about that coming up, so maybe it's delayed while work is focused on 4.0). It might be that 4.0 is considered unstable enough that it can get minor version bumps in Pebble, so it might be in 4.0.2 or 4.0.3, perhaps.