Canonical Juju

juju ssh does not work for non admin user for a k8s model

Bug #1989160 reported by Yang Kelvin Liu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical Juju
Fix Released
High
Yang Kelvin Liu
Canonical Juju 2.9.35

Bug Description

juju ssh of a k8s model requires to use of the model's cloud credential.
The credential is owned by the model admin user.
If a non-admin user tries to run juju ssh, an not found error will be raised because the user won't have access to the model's cloud credential.

ERROR getting credential: cloud credential "k8s-is-stg/stg-events/stg-events" not found

Yang Kelvin Liu (kelvin.liu)
Changed in juju:
importance: Undecided → High
status: New → Triaged
status: Triaged → In Progress
assignee: nobody → Yang Kelvin Liu (kelvin.liu)
milestone: none → 2.9.35
tags: added: k8s
Tom Haddon (mthaddon)
tags: added: canonical-is
Revision history for this message
Yang Kelvin Liu (kelvin.liu) wrote :

https://github.com/juju/juju/pull/14615

Yang Kelvin Liu (kelvin.liu)
Changed in juju:
status: In Progress → Fix Committed
Revision history for this message
John A Meinel (jameinel) wrote :

So PR 14615 mentions creating a new service account for a model that Juju will use for SSH. What happens for existing models that were created before this PR? do we try to use the model account, and then fail (and/or fallback to the original superuser only account)?

Revision history for this message
Yang Kelvin Liu (kelvin.liu) wrote (last edit ):

These RBAC resources are created by the model operator, so they will be created once the model is upgraded to 2.9.35.

Canonical Juju QA Bot (juju-qa-bot)
Changed in juju:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.