agents should have direct DB access removed
Bug #1253651 reported by
John A Meinel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
juju-core |
Fix Released
|
Medium
|
Unassigned |
Bug Description
In juju-1.16 we changed all non-Manager agents to use the API server. We also changed it so that when deploying new units/machines/etc we don't grant DB access for those agents.
However, for upgrade compatibility we don't search and remove DB access for agents that were already running.
Now that 1.16 is only via the API in 1.18 we can audit and revoke any credentials which the agents have.
This only affects sites deployed with 1.14 and then upgraded to 1.16. For ones that bootstrap with 1.16 already none of their agents will have DB access.
Changed in juju-core: | |
milestone: | 1.17.1 → 1.18.0 |
Changed in juju-core: | |
milestone: | 1.20.0 → 1.18.0 |
Changed in juju-core: | |
milestone: | 1.18.0 → 2.0 |
milestone: | 2.0 → 1.18.0 |
Changed in juju-core: | |
milestone: | 1.18.0 → 1.20.0 |
Changed in juju-core: | |
milestone: | 1.20.0 → next-stable |
Changed in juju-core: | |
importance: | High → Medium |
milestone: | next-stable → none |
To post a comment you must log in.
In Juju 2.x, we have done a lot of work to wrap db access.
I will mark this bug as released.
@John,
If you know of any existing offenders in 2.x, please open individual bugs for each against "juju" project.