RBAC denial of machine deployment considered lacklustre
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Triaged
|
Low
|
Unassigned |
Bug Description
With an RBAC-enabled MAAS, if a user is given the system-id for a machine they can't access (by their co-worker say) and they try to deploy it from the CLI they get a very unhelpful experience.
MAAS Version: 2.8.0~beta4 (8512-g.1897d06c8)
Steps to reproduce
1. Create two users, Alice and Bob
2. Partition machines in MAAS to two resource pools (swimming and betting)
3. In RBAC, give Alice access to all the machines, but restrict Bob to swimming.
4. Logged in as Alice, get the system-id of a machine in 'betting' pool
5. Log in to the CLI as Bob
6. maas machine deploy <system-
Expected: nice error message saying that the machine could not be found/denied
Actual: no output, just a non-zero return code
Changed in maas: | |
status: | New → Triaged |
importance: | Undecided → Medium |
tags: | added: rbac |
Changed in maas: | |
importance: | Medium → Low |
milestone: | none → 3.5.0 |