[collect] update for strict confinement for juju

With juju versions 3 and above, when collecting the tarballs from machines it will grab them into a strictly confined area. This means that we need to be able to access this area via sudo. In order for this now to be fully supported, we need sudo on the host that is running juju, otherwise sos collect on a juju environment will not work. Related: #3399 Signed-off-by: Arif Ali <arif.ali@canonical.com>
sosreport · Nov 24, 2023 · e68903a · e68903a
1 parent 9baa525
commit e68903a
Showing 1 changed file with 20 additions and 3 deletions.
diff --git a/sos/collector/transports/juju.py b/sos/collector/transports/juju.py
@@ -13,7 +13,7 @@
 
 from sos.collector.exceptions import JujuNotInstalledException
 from sos.collector.transports import RemoteTransport
-from sos.utilities import sos_get_command_output
+from sos.utilities import sos_get_command_output, parse_version
 
 
 class JujuSSH(RemoteTransport):
@@ -72,12 +72,29 @@ def remote_exec(self):
         option = f"{model_option} {target_option}"
         return f"juju ssh {option}"
 
+    def _get_juju_version(self):
+        """Grab the version of juju"""
+        res = sos_get_command_output("juju version")
+        return res['output'].split("-")[0]
+
     def _retrieve_file(self, fname, dest):
         self._chmod(fname)  # juju scp needs the archive to be world-readable
         model, unit = self.address.split(":")
         model_option = f"-m {model}" if model else ""
-        cmd = f"juju scp {model_option} -- -r {unit}:{fname} {dest}"
-        res = sos_get_command_output(cmd)
+        if parse_version(self._get_juju_version()) > parse_version("3"):
+            # juju version above 3 is strictly confined, and therefore
+            # the way we grab the data is slightly different
+            juju_tmpdir = f"/tmp/snap-private-tmp/snap.juju/{self.tmpdir}"
+            sos_get_command_output(f"sudo mkdir {juju_tmpdir}")
+            sos_get_command_output(f"sudo chmod o+rwx {juju_tmpdir}")
+            cmd = f"juju scp {model_option} -- -r {unit}:{fname} {self.tmpdir}"
+            res = sos_get_command_output(cmd)
+            cmd2 = f"sudo cp {juju_tmpdir}/{fname.split('/')[-1]} {dest}"
+            sos_get_command_output(cmd2)
+            sos_get_command_output(f"sudo chmod 644 {dest}")
+        else:
+            cmd = f"juju scp {model_option} -- -r {unit}:{fname} {dest}"
+            res = sos_get_command_output(cmd)
         return res["status"] == 0