Support shared access model
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| jaas-issue-tracking |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
It would be good to have some way of achieving a shared access model with JAAS.
As an example the way that we currently provide access to juju models on our production openstack instance is to provision a bastion host with role accounts. End users then connect to the bastion host and have access to the role account for the juju model that they're accessing. This role account is configured with access to the juju model, as well as secrets and deployment configurations (juju bundles, etc.), and all relevant credentials (e.g. openstack credentials which allow them to inspect openstack directly) sourced.
This provides us with a number of benefits:
* Access to the bastion host can be put behind a VPN, so that if someone leaves the company their access is immediately revoked.
* Having a role account with all relevant deployment configs means that if anyone makes a change to a model they are doing so from the same place, so it's obvious to others.
* Credentials and secrets aren't on end user's local machines, only on the bastion host. This reduces the possibility of leakage.
* If backups need to be run and pulled off the model, it provides an obvious place where that should happen, and can be scheduled to run on some frequency.
* `.bash_history` provides some rudimentary "what was done when" reporting.
| Francesco Banconi (frankban) wrote | #1 |
| Changed in jaas-issue-tracking: | |
| status: | New → Confirmed |
This probably requires some investigation about how JAAS uses lp groups, to figure out whether that level of gatekeeping is sufficient for IS.