External users don't have access to models unless everyone@external is granted
Bug #1631449 reported by
Uros Jovanovic
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
Critical
|
Unassigned |
Bug Description
As of commit fa55b099, it is not possible for an external user to connect to a model if "everyone" access is not granted to the controller (see apiserver/
For our purposes, it's important that a user be able to connect to a model without necessarily being able to do a controller-only login at all.
Changed in juju: | |
importance: | Undecided → Critical |
Changed in juju: | |
milestone: | none → 2.0.1 |
Changed in juju: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Yes, this is by design, and your description is not entirely accurate.
An external user does not have access to the model unless that user has at least login access to the controller that is hosting that model.
That login access could be through the "everyone@external" special user, or through a controller user for the exact user.