Canonical Juju

Get new token for existing user

Bug #1657187 reported by Cory Johns
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Fix Released
Medium
Anastasia
Canonical Juju 2.3-beta1

Bug Description

If the token for a user is lost or used, there is no way to get a new token for that user.

For example, the token might get lost in transit and thus need to be re-sent.

See original description
Revision history for this message
Cory Johns (johnsca) wrote :

This is somewhat related to https://bugs.launchpad.net/juju/+bug/1629889 and https://bugs.launchpad.net/juju/+bug/1630728

Cory Johns (johnsca)
tags: added: cwr-ci matrix
Anastasia (anastasia-macmood)
Changed in juju:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Anastasia (anastasia-macmood) wrote :

Created a wishlist item for the ability to register a user on multiple machines, bug # 1657652.

This bug now is only about situations where the token is lost and the registration process cannot be restarted.

Changed in juju:
importance: Wishlist → Medium
description: updated
Anastasia (anastasia-macmood)
Changed in juju:
assignee: nobody → Anastasia (anastasia-macmood)
status: Triaged → In Progress
Revision history for this message
Anastasia (anastasia-macmood) wrote :

I had a look at how we generate the token to start with.

There is no reason for us not to be able to display the initially issued token as part of 'juju show-user' output if you are a controller admin.

Controller admin will run 'juju show-user --registration' to view this value.
If anyone else will use this option, we'll err them out.
If user has already logged on at least once, we'll let controller admin know and will not display registration key.

Does the option '--registration' make sense or do you have another word in mind that you would like me to use?

Revision history for this message
Anastasia (anastasia-macmood) wrote :

After further discussion, it feels better to have a separate command to re-issue a registration string invalidating previously issued string from 'add-user' output.

We are not sure what we want to call this command at this stage. It should be easily discoverable and have an unambiguous name. Suggestions welcome...

Paul Gear (paulgear)
tags: added: canonical-is
Revision history for this message
Anastasia (anastasia-macmood) wrote :

At this stage, we will grow 'juju change-user-password' command to acquire a --reset flag. If controller admins run the command in this form, the user whom they request a password change for, will have password reset and a new registration string will be issued. This can be run against any active user.

Initial, state layer part of this work is proposed against develop: https://github.com/juju/juju/pull/7740

There will be other means to obtain registration key for the controller to be re-used on multiple client, to address bug # 1657652. 'juju register' command will be updated at the same time.

Revision history for this message
Anastasia (anastasia-macmood) wrote :

Progress PR for api/apiserver layer against develop: https://github.com/juju/juju/pull/7746

Revision history for this message
Anastasia (anastasia-macmood) wrote :

PR for CLI, against develop: https://github.com/juju/juju/pull/7754

Anastasia (anastasia-macmood)
Changed in juju:
milestone: none → 2.3-alpha1
status: In Progress → Fix Committed
Revision history for this message
Anastasia (anastasia-macmood) wrote :

Docs update issue: https://github.com/juju/docs/issues/2020

Anastasia (anastasia-macmood)
Changed in juju:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.