[multi-user] User granted superuser controller permissions cannot list all models
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Invalid
|
Undecided
|
Unassigned |
Bug Description
A user who has been granted superuser permissions on a controller cannot view all models on that controller:
$ juju models
Controller: lxd-bionic-1
Model Cloud/Region Status Access Last connection
admin/euphoric* localhost/localhost available read never connected
The output for the controller administrator is:
Controller: lxd-bionic-1
Model Cloud/Region Status Machines Access Last connection
controller localhost/localhost available 1 admin just now
default localhost/localhost available 0 admin 2018-12-08
euphoric* localhost/localhost available 0 admin never connected
Here, the user was granted read access to model 'euphoric' only. A controller superuser should be able to list all models on that controller. Suggested output:
Model Cloud/Region Status Access Last connection
admin/controller localhost/localhost available - never connected
admin/default localhost/localhost available - never connected
admin/euphoric* localhost/localhost available read never connected
Can you check that the --all flag will show it though? I believe that by
default it only shows models you have direct permissions to but if you're
superuser you can see all by asking for them all. This is to prevent the
list being unmanageable for a superuser with models they don't normally
care about.
On Wed, Dec 12, 2018 at 11:30 AM Peter Matulis <email address hidden>
wrote:
> Public bug reported: /bugs.launchpad .net/bugs/ 1808184 /bugs.launchpad .net/juju/ +bug/1808184/ +subscriptions
>
> A user who has been granted superuser permissions on a controller cannot
> view all models on that controller:
>
> $ juju models
> Controller: lxd-bionic-1
>
> Model Cloud/Region Status Access Last connection
> admin/euphoric* localhost/localhost available read never connected
>
> The output for the controller administrator is:
>
> Controller: lxd-bionic-1
>
> Model Cloud/Region Status Machines Access Last
> connection
> controller localhost/localhost available 1 admin just now
> default localhost/localhost available 0 admin 2018-12-08
> euphoric* localhost/localhost available 0 admin never
> connected
>
> Here, the user was granted read access to model 'euphoric' only. A
> controller superuser should be able to list all models on that
> controller. Suggested output:
>
> Model Cloud/Region Status Access Last connection
> admin/controller localhost/localhost available - never connected
> admin/default localhost/localhost available - never connected
> admin/euphoric* localhost/localhost available read never connected
>
> ** Affects: juju
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are subscribed to juju.
> https:/
>
> Title:
> [multi-user] User granted superuser controller permissions cannot list
> all models
>
> To manage notifications about this bug go to:
> https:/
>