Wishlist: API access from commissioning env
Bug #1829522 reported by
Peter Sabaini
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Expired
|
Wishlist
|
Unassigned |
Bug Description
In a commissioning enviroment custom commissioning scripts have credentials available for MAAS access. However, the privileges associated with those are relatively restricted.
In order to be able to auto-configure nodes in MAAS it would be great if at the operators discretion commission scripts or custom preseeds could request additional privileges. Ideally it would be possible to request API access for commissioning scripts / preseeds in two levels:
a) full API access
b) API access for operations on the currently commissioning node only
Changed in maas: | |
milestone: | next → none |
To post a comment you must log in.
Thanks for the suggestion. The AWS does this through IAM[1] which expands the metadata service to optionally provide credentials that are automatically rotated. MAAS could implement something similar.
[1] https:/ /aws.amazon. com/iam/ /docs.aws. amazon. com/AWSEC2/ latest/ UserGuide/ iam-roles- for-amazon- ec2.html# instance- metadata- security- credentials
[2] https:/