RBAC denial of machine deployment considered lacklustre
Bug #1881595 reported by
Adam Collard
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| MAAS | Status tracked in 3.6 | |||||
| 3.5 |
Won't Fix
|
Low
|
Unassigned | |||
| 3.6 |
Triaged
|
Low
|
Unassigned | |||
Bug Description
With an RBAC-enabled MAAS, if a user is given the system-id for a machine they can't access (by their co-worker say) and they try to deploy it from the CLI they get a very unhelpful experience.
MAAS Version: 2.8.0~beta4 (8512-g.1897d06c8)
Steps to reproduce
1. Create two users, Alice and Bob
2. Partition machines in MAAS to two resource pools (swimming and betting)
3. In RBAC, give Alice access to all the machines, but restrict Bob to swimming.
4. Logged in as Alice, get the system-id of a machine in 'betting' pool
5. Log in to the CLI as Bob
6. maas machine deploy <system-
Expected: nice error message saying that the machine could not be found/denied
Actual: no output, just a non-zero return code
| Changed in maas: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| tags: | added: rbac |
| Changed in maas: | |
| importance: | Medium → Low |
| milestone: | none → 3.5.0 |
| Changed in maas: | |
| milestone: | 3.5.0 → 3.5.x |
To post a comment you must log in.
