MAAS

  1. Bug #1997000
  2. Activity log

Activity log for bug #1997000

Date Who What changed Old value New value Message
2022-11-18 09:53:47 Igor Brovtsin bug added bug
2022-11-18 09:53:56 Igor Brovtsin maas: importance Undecided Medium
2022-11-18 09:54:01 Igor Brovtsin maas: assignee Igor Brovtsin (igor-brovtsin)
2022-11-18 14:11:57 Igor Brovtsin description While working on LP:#1889026 and LP:#1994899, I found `Mark Broken` and `Mark Fixed` permissions unnecessary restrictive and inconsistent: - `Mark Broken` is actionable only for machines owned by some user. This means that freshly-commissioned machines in `Ready` state cannot be marked as broken. - `Mark Broken` is only available to the user that has ownership over the machine. While it seems logical, it also means that the action is not available to the MAAS administrator if the machine is owned by a simple user. This limitation also ignores RBAC rules permitting marking machines broken. - `Mark Fixed` requires `NodePermission.admin` while `Mark Broken` requires `NodePermission.edit`. Users locking machines that belong to them will not be able to mark machine as fixed on their own, requiring administrator to intervene. While all three issues have pretty straightforward fixes to them (and there is an MP for the first two already), applying them might cause non-obvious security implications. Further analysis is required. While working on LP:#1889026 and LP:#1994899, I found `Mark Broken` and `Mark Fixed` permissions unnecessary restrictive and inconsistent: - `Mark Broken` is actionable only for machines owned by some user. This means that freshly-commissioned machines in `Ready` state cannot be marked as broken. - `Mark Broken` is only available to the user that has ownership over the machine. While it seems logical, it also means that the action is not available to the MAAS administrator if the machine is owned by a simple user (as noted in https://bugs.launchpad.net/maas/+bug/1811234). This limitation also ignores RBAC rules permitting marking machines broken. - `Mark Fixed` requires `NodePermission.admin` while `Mark Broken` requires `NodePermission.edit`. Users locking machines that belong to them will not be able to mark machine as fixed on their own, requiring administrator to intervene. While all three issues have pretty straightforward fixes to them (and there is an MP for the first two already), applying them might cause non-obvious security implications. Further analysis is required.
2022-11-18 15:28:35 Igor Brovtsin maas: milestone 3.4.0
2022-11-18 15:28:47 Igor Brovtsin maas: status New Triaged
2023-06-29 08:36:07 Alberto Donato maas: milestone 3.4.0 3.4.x
2024-03-05 14:57:07 Anton Troyanov maas: milestone 3.4.x 3.5.x
2024-03-14 07:55:54 Anton Troyanov nominated for series maas/3.4
2024-03-14 07:55:54 Anton Troyanov bug task added maas/3.4
2024-03-14 07:55:57 Anton Troyanov maas/3.4: status New Won't Fix
2024-03-14 07:55:59 Anton Troyanov maas/3.4: importance Undecided Medium