MAAS

[2.5, RBAC, UI, API] Operator/admin can't edit storage for machines

Bug #1811232 reported by Björn Tillenius
22
This bug affects 5 people
Affects Status Importance Assigned to Milestone
MAAS
Incomplete
Undecided
Unassigned
maas-ui
Fix Released
Unknown

Bug Description

This is testing with MAAS 2.5.1-7489-g2f25a2cc0-0ubuntu1~18.04.1.

Logged in as a user that has either the Operator or Admin role in RBAC
for the resource pool the machine belongs to, I can't edit
the storage of machines in the pool.

I should be able to admin the machine, and I can indeed modify the
network settings.

This applies to both the UI and the API. Although in the API, you
can create and delete partitions, but you can't format or mount them.

See original description
Tags: api rbac ui
Björn Tillenius (bjornt)
Changed in maas:
status: New → Triaged
importance: Undecided → High
milestone: none → 2.5.1
Björn Tillenius (bjornt)
summary: - [2.5, RBAC] Operator can't edit storage for machines
+ [2.5, RBAC] Operator/admin can't edit storage for machines
description: updated
Björn Tillenius (bjornt)
summary: - [2.5, RBAC] Operator/admin can't edit storage for machines
+ [2.5, RBAC, UI] Operator/admin can't edit storage for machines
description: updated
tags: added: ui
Revision history for this message
Alberto Donato (ack) wrote : Re: [2.5, RBAC, UI] Operator/admin can't edit storage for machines

FWIW I can edit storage for a machine as admin with RBAC, not as operator.
I think the latter is expected.

Revision history for this message
Alberto Donato (ack) wrote :

Ok, it turns out you can only edit storage if you have admin on the global scope (so user.is_superuser is True).

The logic for the storage tab looks at the flag rather than permissions for displaying storage actions

Revision history for this message
Björn Tillenius (bjornt) wrote :

Turns out that the API is broken as well.

  > maas user4 partition mount wxakrn 33 28 mount_point=/
  Cannot mount partition because you don't have the permissions on a Ready node.

description: updated
tags: added: api
summary: - [2.5, RBAC, UI] Operator/admin can't edit storage for machines
+ [2.5, RBAC, UI, API] Operator/admin can't edit storage for machines
Björn Tillenius (bjornt)
description: updated
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.5.1 → 2.5.2
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.5.2 → 2.5.3
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.5.3 → 2.6.0beta2
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.6.0beta2 → 2.6.0rc1
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.6.0rc1 → 2.6.0rc2
Andres Rodriguez (andreserl)
Changed in maas:
milestone: 2.6.0rc2 → 2.7.0alpha1
Adam Collard (adam-collard)
Changed in maas:
milestone: 2.7.0b1 → 2.7.0b2
Adam Collard (adam-collard)
Changed in maas:
milestone: 2.7.0b2 → none
Bug Watch Updater (bug-watch-updater)
Changed in maas-ui:
importance: Undecided → Unknown
Adam Collard (adam-collard)
Changed in maas:
milestone: none → next
Revision history for this message
Jerzy Husakowski (jhusakowski) wrote :

Is this issue still reproducible in a recent MAAS?

Changed in maas:
status: Triaged → Incomplete
assignee: nobody → Björn Tillenius (bjornt)
Bug Watch Updater (bug-watch-updater)
Changed in maas-ui:
status: New → Fix Released
Adam Collard (adam-collard)
Changed in maas:
milestone: next → 3.2.0
Björn Tillenius (bjornt)
Changed in maas:
assignee: Björn Tillenius (bjornt) → nobody
milestone: 3.2.0 → none
importance: High → Undecided
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.