[multi-user] User cannot list the controller they're logged into
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Low
|
Unassigned |
Bug Description
When a non-superuser Juju user logs in to a controller it seems that they should be able to query it but this is not the case:
$ juju login -u jil -c lxd-bionic-1
please enter password for jil on lxd-bionic-1:
Welcome, jil. You are now logged into "lxd-bionic-1".
Current model set to "admin/euphoric".
$ juju controllers --refresh
error updating cached details for "lxd-bionic-1": permission denied (unauthorized access)
Controller Model User Access Cloud/Region Models Machines HA Version
lxd-bionic-1* admin/euphoric jil login
Is it because the user does not have access to the other models (there is a total of three)? It is poor UX to be granted login access to a controller and then get a "access denied" error when trying to list it. Maybe the error message just needs to be modified.
When the user is granted read access to the other two models the error persists, although extra information becomes available:
error updating cached details for "lxd-bionic-1": permission denied (unauthorized access)
Controller Model User Access Cloud/Region Models Machines HA Version
lxd-bionic-1* admin/euphoric jil login 3 1 none 2.5-rc1
When the user is granted superuser permissions the error goes away:
Controller Model User Access Cloud/Region Models Machines HA Version
lxd-bionic-1* admin/euphoric jil superuser 3 1 none 2.5-rc1
See also bug 1808184.
This sounds like the context the user is at isn't valid. When the login is done, I wonder if it defaulted to trying to set context to the admin model or something and if you'd be able to juju switch after that login point.