21. (Kubernetes only) Handle KubernetesJujuAppNotTrusted exception

On Kubernetes, charm-refresh needs permission to control the Kubernetes StatefulSet partition.

If that permission has not been granted to the charm, KubernetesJujuAppNotTrusted will be raised during the instantiation of charm_refresh.Kubernetes.

User experience

To grant the permission to the charm, the user needs to:

Deploy the charm with --trust or
Run juju trust with --scope=cluster after deployment

More information: Trust an application

Preferred approach

Immediately exit the charm code until KubernetesJujuAppNotTrusted is no longer raised.

charm-refresh will automatically set the app status to instruct the user to run juju trust. More info: User experience

Example charm.py

class PostgreSQLCharm(ops.CharmBase):
    def __init__(self, *args):
        # [...]

        try:
            self.refresh = charm_refresh.Kubernetes(
                KubernetesPostgreSQLRefresh(
                    workload_name="PostgreSQL",
                    charm_name="postgresql-k8s",
                    oci_resource_name="postgresql-image",
                )
            )
        except charm_refresh.PeerRelationNotReady:
            # [...]
        except charm_refresh.UnitTearingDown:
            # [...]
        except charm_refresh.KubernetesJujuAppNotTrusted:
            sys.exit() (1)

        # [...]

1	This may be incompatible with your charm code or charm code dependencies that depend on executing code during specific Juju events. In those cases, a more complex approach may be needed

Alternative approach

Some charms heavily depend on executing code during specific Juju events.

In that case, do not catch KubernetesJujuAppNotTrusted so that an uncaught exception is raised.

This will fail the first Juju event on each unit, causing Juju to retry that event until it succeeds. Juju events that are queued (to run after the first event) should be preserved.