Commands can be disabled on a per-model basis to defend against unintentional changes. This is accomplished through the use of the
disable-command command with one of three increasingly restrictive command groups as an argument:
destroy-modelThis group disables the ability to destroy both the model and its controller.
remove-objectThis group includes the previous group’s restrictions and also disables the removal of machines, relations, applications, and units.
allThis group includes the previous group’s restrictions and disables all commands that can change the configuration of a model.
juju disable-command destroy-model
The table below lists all affected commands per group.
Adding a message
To give users an idea as to why a command is disabled, a message can be passed.
juju disable-command destroy-model "Check with SA before destruction."
If a user now attempts to destroy a protected model, they’d encounter an error similar to the following:
Destroying model ERROR cannot destroy model: Check with SA before destruction. destroy-model operation has been disabled for the current model. To enable the command run juju enable-command destroy-model
Re-enabling a command group
To re-enable a command group the
enable-command is used.
juju enable-command destroy-model
Listing disabled command groups
To list which command groups are disabled, use
Disabled commands Message all
This is the list of commands for each of the three command groups.
kill-controller command cannot be blocked.
The above list was updated for