Canonical Juju

`delete-user` doesn't fully delete user

Bug #1668335 reported by Adam Israel
This bug report is a duplicate of:  Bug #1770370: Unable to reuse usernames. Edit Remove
28
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Triaged
Wishlist
Unassigned

Bug Description

Juju 2.1.0-xenial-amd64

I was in a situation where I added a user, the user registered, but needed to register again after a misconfiguration. There's no way to generate a new secret token; it's deleted the first time it's used. So, I tried to remove and re-add the user but that fails.

Steps to recreate:
$ juju add-user testuser
$ juju grant testuser add-model
$ juju remove-user testuser
$ juju add-user testuser
ERROR failed to create user: user already exists

I could create a new user with a unique username, but I'm working with an app that expects a certain username.

I would expect two things:

1) juju should have a way to generate a new secret token for a user
2) juju should permanently delete the user, as `juju help remove-user` indicates, so the username can be removed, or the help text/documentation updated to reflect the correct policy.

Revision history for this message
Anastasia (anastasia-macmood) wrote :

Please see bug # 1630728 for more details of limitations around remove user. Currently, user disable/enable is the best way to manipulate the user.

Both of you points are valid and need to be addressed. We are currently in discussions about how to tackle (2) neatly.

Meanwhile, I all add this to the Wishlist.

Changed in juju:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Sandor Zeestraten (szeestraten) wrote :

@anastasia-macmood Is there a followup bug for 1) on reactivating users?

Revision history for this message
Anastasia (anastasia-macmood) wrote :

@Sandor Zeestraten (szeestraten),
There is an internal discussion taking place on how to proceed.

At this stage, you can remove the user but you cannot re-use deleted username. The reason is that right now we cannot, at the same time, delete entities and component that the deleted user had. In other words, you can delete a user but, for example, not the models that the user created. You add user with the same name and all of a sudden the new user can see old user's models.

We are working on refining user deletion to ensure resurrection does not surprise anyone.

Revision history for this message
Anastasia (anastasia-macmood) wrote :

Generation of new secret token is on the Wishlist.

Revision history for this message
Ronald (rahworkx) wrote :

Wanted to add that this is also occurring in version 2.2.2. Currently creating a new username as a workaround.

Needed to recreate user to enable permission to a model which was created by a different admin.

removed user

Attempted to recreate but failed with message
ERROR failed to create user: username unavailable

Wasn't able to add user until a new username was created and added to the model.

Felipe Reyes (freyes)
tags: added: sts
Tim Penhey (thumper)
tags: added: user-management
Revision history for this message
Trent Lloyd (lathiat) wrote :

This should probably be marked a duplicate of this bug, though newer it has more concrete information r.e. the fix plan:
https://bugs.launchpad.net/juju/+bug/1770370

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.