Credential validity is not exposed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
Medium
|
Anastasia | ||
2.5 |
Fix Released
|
High
|
Anastasia | ||
2.6 |
Fix Released
|
High
|
Anastasia |
Bug Description
$ juju bootstrap --credential jlaurin aws
<< DEACTIVATE jlaurin IN AWS CONSOLE >>
$ juju add-machine
failed to create 1 machine
ERROR cannot add a new machine:
The provided credentials could not be validated and
may not be authorized to carry out the request.
Ensure that your account is authorized to use the Amazon EC2 service and
that you are using the correct access keys.
These keys are obtained via the "Security Credentials"
page in the AWS console.
: AWS was not able to validate the provided access credentials (AuthFailure)
<< WAIT A FEW MINUTES >>
The output to `show-model` suggests that all is well ("alive", "available"):
$ juju show-model default
default:
name: admin/default
short-name: default
model-uuid: 36c3147d-
model-type: iaas
controller-uuid: 2e6a0e8e-
controller-name: aws-us-east-1
is-controller: false
owner: admin
cloud: aws
region: us-east-1
type: ec2
life: alive
status:
current: available
since: 8 minutes ago
users:
admin:
display-name: admin
access: admin
last-
sla: unsupported
agent-version: 2.5.3
credential:
name: jlaurin
owner: admin
cloud: aws
The output for commands `list-credentials`, `show-credential`, and `show-credentials` also do not show anything different (but at least they do not suggest that the credential is valid).
n.b. The output received by the failed `add-machine` command could also be improved. Suggestion:
ERROR cannot add a new machine:
The provided credential appears to be invalid.
Ensure that your account is authorised to use the Amazon EC2 service and
that you are using the correct access keys.
I don't think we should use text that is hardcoded to a vendor's web site ("Security Credentials" page).
tags: | added: credentials ux |
Changed in juju: | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in juju: | |
milestone: | none → 2.7-beta1 |
Changed in juju: | |
status: | In Progress → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
We do not use text from vendor's web site - this is our own copy of the text :) It is the most generic information that is worth providing without giving too much away in case the access was actually malicious. I would be very reluctant to re-word.
I am surprised to see that we do not show credential validity. I am pretty sure it was added but maybe follow-up changes swallowed that?
Could you please provide the output for a model with an invalid credential for `list-credentials`, `show-credential`, and `show-credentials` as well as 'juju status --format yaml'.