Canonical Juju

[multi-user] User cannot list the controller they're logged into

Bug #1808187 reported by Peter Matulis
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Triaged
Low
Unassigned

Bug Description

When a non-superuser Juju user logs in to a controller it seems that they should be able to query it but this is not the case:

$ juju login -u jil -c lxd-bionic-1
please enter password for jil on lxd-bionic-1:
Welcome, jil. You are now logged into "lxd-bionic-1".

Current model set to "admin/euphoric".

$ juju controllers --refresh
error updating cached details for "lxd-bionic-1": permission denied (unauthorized access)
Controller Model User Access Cloud/Region Models Machines HA Version
lxd-bionic-1* admin/euphoric jil login

Is it because the user does not have access to the other models (there is a total of three)? It is poor UX to be granted login access to a controller and then get a "access denied" error when trying to list it. Maybe the error message just needs to be modified.

When the user is granted read access to the other two models the error persists, although extra information becomes available:

error updating cached details for "lxd-bionic-1": permission denied (unauthorized access)
Controller Model User Access Cloud/Region Models Machines HA Version
lxd-bionic-1* admin/euphoric jil login 3 1 none 2.5-rc1

When the user is granted superuser permissions the error goes away:

Controller Model User Access Cloud/Region Models Machines HA Version
lxd-bionic-1* admin/euphoric jil superuser 3 1 none 2.5-rc1

See also bug 1808184.

Revision history for this message
Richard Harding (rharding) wrote :

This sounds like the context the user is at isn't valid. When the login is done, I wonder if it defaulted to trying to set context to the admin model or something and if you'd be able to juju switch after that login point.

Changed in juju:
status: New → Triaged
importance: Undecided → High
Revision history for this message
Peter Matulis (petermatulis) wrote :

The output does state explicitly which model is the current one ('admin/euphoric').

Revision history for this message
Anastasia (anastasia-macmood) wrote :

This is not a context issue.

The behavior described is correct but the error message is misleading. We should be a lot more explicit in telling users "You cannot see everything on this controller... We can only show you what you have access to..."

Happy to take suggestions for this message :D

Revision history for this message
Anastasia (anastasia-macmood) wrote :

This is a usability issue - communication to the user, only the error message needs to be changed. As such I am lowering the priority on this report to standard Medium.

Changed in juju:
importance: High → Medium
tags: added: usability
Revision history for this message
Canonical Juju QA Bot (juju-qa-bot) wrote :

This bug has not been updated in 2 years, so we're marking it Low importance. If you believe this is incorrect, please update the importance.

Changed in juju:
importance: Medium → Low
tags: added: expirebugs-bot
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.