Commands can be disabled on a per-model basis to defend against unintentional changes. This is accomplished through the use of the disable-command command with one of three increasingly restrictive command groups as an argument:
-
destroy-modelThis group disables the ability to destroy both the model and its controller. -
remove-objectThis group includes the previous group’s restrictions and also disables the removal of machines, relations, applications, and units. -
allThis group includes the previous group’s restrictions and disables all commands that can change the configuration of a model.
For example:
juju disable-command destroy-model
The table below lists all affected commands per group.
Adding a message
To give users an idea as to why a command is disabled, a message can be passed.
For example:
juju disable-command destroy-model "Check with SA before destruction."
If a user now attempts to destroy a protected model, they’d encounter an error similar to the following:
Destroying model
ERROR cannot destroy model: Check with SA before destruction.
destroy-model operation has been disabled for the current model.
To enable the command run
juju enable-command destroy-model
Re-enabling a command group
To re-enable a command group the enable-command is used.
For example:
juju enable-command destroy-model
Listing disabled command groups
To list which command groups are disabled, use disabled-commands:
juju disabled-commands
Example output:
Disabled commands Message
all
Command groups
This is the list of commands for each of the three command groups.
The kill-controller command cannot be blocked.
| destroy-model | remove-object | all |
|---|---|---|
| destroy-controller | destroy-controller | add-relation |
| destroy-model | destroy-machine | add-ssh-key |
| destroy-model | add-unit | |
| detach-storage | add-user | |
| remove-application | attach-storage | |
| remove-machine | change-user-password | |
| remove-relation | config | |
| remove-saas | consume | |
| remove-storage | deploy | |
| remove-unit | destroy-controller | |
| destroy-model | ||
| disable-user | ||
| enable-ha | ||
| enable-user | ||
| expose | ||
| import-filesystem | ||
| import-ssh-key | ||
| model-config | ||
| model-defaults | ||
| remove-application | ||
| remove-machine | ||
| remove-relation | ||
| remove-ssh-key | ||
| remove-unit | ||
| remove-user | ||
| resolved | ||
| retry-provisioning | ||
| run | ||
| set-constraints | ||
| set-credential | ||
| set-series | ||
| sync-agent-binaries | ||
| unexpose | ||
| upgrade-charm | ||
| upgrade-model |
The above list was updated for v.2.6.0.