Canonical Juju

'grant <user> add-model' doesn't work

Bug #1718319 reported by Peter Matulis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Expired
High
Unassigned

Bug Description

A regular user cannot add a model even after being granted the 'add-model' permission. This happens on both 2.2 and 2.3.

http://paste.ubuntu.com/25576138/

See original description
Peter Matulis (petermatulis)
description: updated
Revision history for this message
Anastasia (anastasia-macmood) wrote :

@Peter Matulis (petermatulis),

This is not a problem with the grant but with the credentials.

In order to add a model, besides having permission to do so, a user must ALSO have a valid credential on the cloud where they are planning to add model. In your case, the user must have a valid credential on the lxd cloud you are testing with.

Changed in juju:
status: New → Invalid
status: Invalid → Triaged
Revision history for this message
Anastasia (anastasia-macmood) wrote :

Although I am currently looking at re-working this area a bit in such a way that the user that has been granted add-model can re-use cloud credentials from "controller" model.

Anastasia (anastasia-macmood)
Changed in juju:
importance: Undecided → High
tags: added: credentials
Revision history for this message
Peter Matulis (petermatulis) wrote :

Anastasia,

For multi-user I find there is a lack of imposed workflow (or when there are instructions like "juju add-model" it doesn't work; I needed to do "juju add-credential" first). Maybe this other session can give you some ideas on how to improve things. I didn't need to add credentials for it to work and I do not know where the credentials that were used came from or where they live:

http://paste.ubuntu.com/25580403/

Revision history for this message
John A Meinel (jameinel) wrote : Re: [Bug 1718319] Re: 'grant <user> add-model' doesn't work

Offhand, this line is quite relevant:

$ juju add-model model-ren
Uploading credential 'localhost/ren/localhost' to controller
Added 'model-ren' model on localhost/localhost with credential
'localhost' for user 'ren'

That would appear that it worked because you're local machine already knew
a 'localhost' credential. But that would only work if you do the 'register'
from the *same machine* that did the bootstrap, because otherwise even if
you had a 'localhost' credential, it wouldn't be the one that actually
matches the controller. (it would be for the lxd agent that is on the local
laptop, not the one that is on the controller that you are accessing.)

On Wed, Sep 20, 2017 at 7:39 PM, Peter Matulis <email address hidden>
wrote:

> Anastasia,
>
> For multi-user I find there is a lack of imposed workflow (or when there
> are instructions like "juju add-model" it doesn't work; I needed to do
> "juju add-credential" first). Maybe this other session can give you some
> ideas on how to improve things. I didn't need to add credentials for it
> to work and I do not know where the credentials that were used came from
> or where they live:
>
> http://paste.ubuntu.com/25580403/
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https://bugs.launchpad.net/bugs/1718319
>
> Title:
> 'grant <user> add-model' doesn't work
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju/+bug/1718319/+subscriptions
>

Revision history for this message
Canonical Juju QA Bot (juju-qa-bot) wrote :

This bug has not been updated in 5 years, so we're marking it Expired. If you believe this is incorrect, please update the status.

Changed in juju:
status: Triaged → Expired
tags: added: expirebugs-bot
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.