Canonical Juju

allow juju add-unit to inherit IAM policies from AWS

Bug #1715200 reported by Adam Stokes
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Canonical Juju
Triaged
Low
Unassigned

Bug Description

Currently, conjure-up can set IAM policies on everything it initially deploys. However, anyone wanting to do add-unit's will not inherit those policies and ultimately fail to do things such as join existing kubernetes cluster that have CNI enabled.

I'm not sure if this is something we could utilize in the model config and have juju check for IAM policies if provider == ec2 or what the best approach is.

Some reference https://github.com/conjure-up/spells/issues/102

Adam Stokes (adam-stokes)
tags: added: conjure
Revision history for this message
Cory Johns (johnsca) wrote :

Specifically, we need something akin to the resource-tags model config but for IAM roles.

Revision history for this message
Cory Johns (johnsca) wrote :

OTOH, there was discussion in Warsaw about properly modeling native integration in Juju by providing a way that a charm could request a short-term token to perform cloud operations directly rather than depending on something external, such as conjure-up, to do those operations. That would make this moot and enable us to move the cloud-specific behavior into something like an AWS ELB proxy charm.

Tim Penhey (thumper)
tags: added: ec2-provider
Changed in juju:
status: New → Triaged
importance: Undecided → High
John A Meinel (jameinel)
Changed in juju:
importance: High → Medium
Revision history for this message
Canonical Juju QA Bot (juju-qa-bot) wrote :

This Medium-priority bug has not been updated in 60 days, so we're marking it Low importance. If you believe this is incorrect, please update the importance.

Changed in juju:
importance: Medium → Low
tags: added: expirebugs-bot
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.