2017-02-10 19:17:50 |
Curtis Hovey |
description |
Given a superuser admin who creates a user, if that user add-models a model the admin is able to list the model (using juju list-models) but is unable to show the status of the model (get: ERROR permission denied (unauthorized access)).
To reproduce:
# As admin
$ juju bootstrap --constraints mem=2G lxd/localhost listmodelstest
$ juju add-user newuser1 -c listmodelstest
User "newuser1" added
Please send this command to newuser1:
... snip ...
$ juju grant newuser1 addmodel -c listmodelstest
# Now as new user
$ JUJU_DATA=/tmp/newuserstuff juju register ... snip ...
$ JUJU_DATA=/tmp/newuserstuff juju add-model mysweetmodel
$ JUJU_DATA=/tmp/newuserstuff juju list-models
Controller: listmodelstest
Model Cloud/Region Status Access Last connection
mysweetmodel* localhost/localhost available admin never connected
# Back as admin
$ juju list-models -c listmodelstest
Controller: listmodelstest
Model Cloud/Region Status Machines Cores Access Last connection
controller localhost/localhost available 1 - admin just now
default localhost/localhost available 0 - admin 11 hours ago
newuser1/mysweetmodel localhost/localhost available 0 - never connected
$ juju show-status -m listmodelstest:newuser1/mysweetmodel
ERROR permission denied (unauthorized access) |
As seen at
http://reports.vapour.ws/releases/issue/57eacb31749a5646c50f38f9
Given a superuser admin who creates a user, if that user add-models a model the admin is able to list the model (using juju list-models) but is unable to show the status of the model (get: ERROR permission denied (unauthorized access)).
To reproduce:
# As admin
$ juju bootstrap --constraints mem=2G lxd/localhost listmodelstest
$ juju add-user newuser1 -c listmodelstest
User "newuser1" added
Please send this command to newuser1:
... snip ...
$ juju grant newuser1 addmodel -c listmodelstest
# Now as new user
$ JUJU_DATA=/tmp/newuserstuff juju register ... snip ...
$ JUJU_DATA=/tmp/newuserstuff juju add-model mysweetmodel
$ JUJU_DATA=/tmp/newuserstuff juju list-models
Controller: listmodelstest
Model Cloud/Region Status Access Last connection
mysweetmodel* localhost/localhost available admin never connected
# Back as admin
$ juju list-models -c listmodelstest
Controller: listmodelstest
Model Cloud/Region Status Machines Cores Access Last connection
controller localhost/localhost available 1 - admin just now
default localhost/localhost available 0 - admin 11 hours ago
newuser1/mysweetmodel localhost/localhost available 0 - never connected
$ juju show-status -m listmodelstest:newuser1/mysweetmodel
ERROR permission denied (unauthorized access) |
|