juju register: when controller already exists, clarify options

Bug #1614010 reported by Roger Peppe on 2016-08-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
juju
Medium
Unassigned

Bug Description

At juju-core commit c5affbcdd039d6971060956d0c330faa42cb4f7e.

It is not possible to register a user when an entry for the controller
already exists.

Example transcript:

    % juju add-model foo
    Added 'foo' model on aws/us-east-1 with credential 'ec2' for user 'admin'
    juju add-user bob
    User "bob" added
    Please send this command to bob:
        juju register 'MFkTA2JvYjArExQ1NC4xNTkuMjE4LjE0NDoxNzA3MBMTMTAuMjAzLjE3OS43NjoxNzA3MAQgUYM6y6vDtQAkH7cEg4YbYOvp5k-XFKswksq8OGKkY1ITA2VjMgA='
    % juju register 'MFkTA2JvYjArExQ1NC4xNTkuMjE4LjE0NDoxNzA3MBMTMTAuMjAzLjE3OS43NjoxNzA3MAQgUYM6y6vDtQAkH7cEg4YbYOvp5k-XFKswksq8OGKkY1ITA2VjMgA='
    WARNING: You already have a controller registered with the name "ec2". Please choose a different name for the new controller.

    Enter a name for this controller: ec2-foo

    Enter a new password:
    Confirm password:
    ERROR controller with UUID 6db455ae-01c8-4136-8e0b-8f019a07ca90 (ec2) already exists
    %

If a controller with the same UUID is being added, I believe that it should just use the existing entry.

Instead of the above error I'd probably expect to see a warning about whether it's
OK to overwrite existing account details with the new user.

Roger Peppe (rogpeppe) on 2016-08-17
summary: - cannot register a user when controller already exists
+ juju register: cannot register a user when controller already exists
Changed in juju-core:
status: New → Triaged
importance: Undecided → High
milestone: none → 2.0-beta17
affects: juju-core → juju
Changed in juju:
milestone: 2.0-beta17 → none
milestone: none → 2.0-beta17

The change was brought in because `juju register` seems designed for a new user to connect and configure a client (see help), rather than for a non-unique alias to be created or an existing controller to be updated (bug 1593350).

For that reason--that update steps outside the intention of configuring the client for the new user or "complet[ing] the user registration process"--I see this as invalid. (I'll update status as such for now).

Changed in juju:
status: Triaged → Invalid
Changed in juju:
milestone: 2.0-beta17 → none
Roger Peppe (rogpeppe) wrote :

> The change was brought in because `juju register` seems designed for a new user to connect and configure a client

I agree that that is how the register command was designed, but I think it's worth considering the situation that I encountered when the controller already exists. As controllers are long lived, this will inevitably happen to some users. Currently there's no way to transfer a new account to someone with an existing controller entry without having them delete the controller entry manually.

ISTM that this bug isn't "Invalid" but perhaps "Won't fix", as it is still an actual issue that can be encountered by users.

One other thing - the error should be better - it prompted for a new name for the controller, but it actually disallowed the new name because of the duplicate UUID. It would be better if it failed earlier because of the duplicate UUID without prompting for the new password.

Changed in juju:
status: Invalid → Triaged
milestone: none → 2.1.0
Changed in juju:
assignee: nobody → Roger Peppe (rogpeppe)
milestone: 2.1.0 → 2.0.0
status: Triaged → In Progress
Curtis Hovey (sinzui) on 2016-10-06
Changed in juju:
milestone: 2.0-rc3 → 2.0.0
Changed in juju:
milestone: 2.0.0 → 2.0.1
Curtis Hovey (sinzui) on 2016-10-28
Changed in juju:
milestone: 2.0.1 → none
Changed in juju:
status: In Progress → Triaged
assignee: Roger Peppe (rogpeppe) → nobody
Changed in juju:
status: Triaged → In Progress
assignee: nobody → Anastasia (anastasia-macmood)
Anastasia (anastasia-macmood) wrote :

I've looked into this further and I agree with initial assessment that we should not be updating controller details in this scenario.

Here are my reasons:
1. By the time we've reached this check - whether the controller already exists on this client - we already decided to name this controller something else as part of the current registration. This means that all other components, like models collections, accounts, etc that exist under old name on this client, will also now exist under the new controller name... cause for confusion and duplication :D
2. In addition, if we got here - "already registered" - the controller has been previously registered on this client by another user. The correct action is to logout as that user and login as the new one OR unregister the controller and re-issue registration token for this new user and re-run registration from a clean slate.

Consequently, I propose to clarify the options that a user has when they've reached "controller already registered" state with a clearer error message. PR against develop (heading into 2.3): https://github.com/juju/juju/pull/7851

Changed in juju:
milestone: none → 2.3-alpha1
importance: High → Medium
tags: added: usability
summary: - juju register: cannot register a user when controller already exists
+ juju register: when controller already exists, clarify opions
summary: - juju register: when controller already exists, clarify opions
+ juju register: when controller already exists, clarify options
Changed in juju:
status: In Progress → Fix Committed
Changed in juju:
status: Fix Committed → In Progress
Anastasia (anastasia-macmood) wrote :

Further discussions sparked interesting possibilities when/if we'd allow users to register the same controller on the same client more than once under a different controller name. For example, a context switch between a controller based on a name might also escalate or reduce user privileges.

To allow for that to happen, we'd need to:

1. Modify 'register' to allow a user to update controller details if one is already known to this client.
To achieve this, the code block that prompts for controller name needs to be adjusted;

2. Modify 'register' to add the same controller (i.e. the same uuid) under a different name (effectively a controller alias).
To achieve this, controller uuid check needs to be removed;

3. Modify 'register' to effectively switch connection to the user that register is running for (example, after 'juju register' for user Bob, currently logged in user will be Bob).
This is already happening. Just need to decide what to do with currently logged in user if it is different. For example, if we bootstrap and add user Bob, we are still logged in as user 'admin' but after we run register for user Bob, we'd be logged in as Bob. What should happen to our 'admin' connection? "logged out"? "switched"?;

4. Decide how to 'switch users' - either combination of logout/login or a new command like 'juju switch-user';

5. Optionally...
Although we have 'juju unregister', it might also be worthwhile to clean up the client on 'juju destroy-controller', i.e. find all controllers on this client with the same uuid that we want to destroy.

Andrew Wilkins (axwalk) wrote :

> Further discussions sparked interesting possibilities when/if we'd allow users to register the same controller on the same client more than once under a different controller name. For example, a context switch between a controller based on a name might also escalate or reduce user privileges.

I'm happy for the client to support registering a controller twice. It did originally, and then was crippled by others who insisted that it would lead to bugs. I really doubt that, although it's hard to say for sure, since it was crippled...

FWIW, however, I don't think using multiple controller definitions just to change users is sensible. You would have to maintain two identical (but independent) controller definitions (IP addresses, CA cert, etc.). We already have "accounts"; if we want to support quick switching between users, then we should look for a way to safely have multiple users/accounts/logins active for a controller.

An analogy of "sudo" was given (offline), which I don't think holds much water. It's more like having two ssh_config definitions, for the same host, with only the user differing. Need to change the host IP? Go and update two separate config entries. That's not ideal.

> 5. Optionally...
Although we have 'juju unregister', it might also be worthwhile to clean up the client on 'juju destroy-controller', i.e. find all controllers on this client with the same uuid that we want to destroy.

We already do that.

Changed in juju:
milestone: 2.3-beta1 → 2.3-beta2
Changed in juju:
milestone: 2.3-beta2 → none
Changed in juju:
assignee: Anastasia (anastasia-macmood) → nobody
status: In Progress → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers