Adds support for instance profile credentials to the controller. #13394

tlm · 2021-10-06T11:17:23Z

This PR adds support to the controller for using AWS instance profiles attached to its machine. With this change we have introduced a new credential type and blocking to make sure the instance profile is attached to the controller's machine.

Checklist

Requires a pylibjuju change
Added integration tests for the PR
Added or updated doc.go related to packages changed
Comments answer the question of why design decisions were made

QA steps

Create a new instance profile

aws iam create-instance-profile --instance-profile-name tlm-ip-test
{
    "InstanceProfile": {
        "Roles": [],
        "InstanceProfileName": "tlm-ip-test",
        "Path": "/",
    }
}

Add a role to the instance profile. THIS MUST BE DONE or the boostrap will hang in waiting for association.

aws iam add-role-to-instance-profile --instance-profile-name tlm-ip-test --role-name <role_name>

Do the bootstrap with:

juju bootstrap --bootstrap-constraints="instance-role=tlm-ip-test" aws/ap-southeast-2 test-ip-controller

NOTE: the auto keywork to instance-role will work in create an instance profile for the controller but the bootstrap will hang as we currently don't have the role sorted for the controller yet so we must create it our selves until the next PR.

wallyworld

A few small things, looks like good progress

environs/bootstrap/bootstrap.go

environs/interface.go

provider/ec2/iam.go

provider/ec2/credentials.go

provider/ec2/cloud.go

provider/ec2/environ.go

tlm · 2021-10-07T07:50:23Z

$$merge$$

This PR adds support to the controller for using AWS instance profiles attached to it's machine. With this change we have introduced a new credential type and blocking to make sure the instance profile is attached to the controllers machine.

tlm · 2021-10-07T09:27:37Z

$$merge$$

#13408 Usual conflicts, but some tricky ones around metrics. 33a867b (upstream/2.9, origin/2.9, 2.9) Merge pull request #13356 from SimonRichardson/raft-client-wireup 8712c9a (manadart/2.9, achilleasa/2.9) Merge pull request #13391 from hmlanigan/backport-metrics 9dbed19 Merge pull request #13396 from SimonRichardson/backport-mongo-4.4-fixes 7283465 Merge pull request #13389 from SimonRichardson/batching-fsm eaa218b Merge pull request #13403 from wallyworld/better-k8s-model-message 90e5368 Merge pull request #13400 from ycliuhw/enhance-ghcr f970413 Merge pull request #13394 from tlm/aws-instance-profile 526ee49 Merge pull request #13401 from jujubot/increment-to-2.9.17 b84c559 (tag: juju-2.9.16) Merge pull request #13399 from wallyworld/mongo-version-parsing 9983864 Merge pull request #13393 from hpidcock/fix-caas-iaas-tools 3d09733 Merge pull request #13386 from ycliuhw/feature/aks ## Conflicts CONFLICT (content): Merge conflict in version/version.go CONFLICT (content): Merge conflict in state/enableha.go CONFLICT (modify/delete): state/backups/restore_test.go deleted in HEAD and modified in 33a867b. Version 33a867b of state/backups/restore_test.go left in tree. CONFLICT (content): Merge conflict in snap/snapcraft.yaml CONFLICT (content): Merge conflict in scripts/win-installer/setup.iss CONFLICT (content): Merge conflict in mongo/mongodfinder_test.go CONFLICT (content): Merge conflict in mongo/mongodfinder.go CONFLICT (content): Merge conflict in go.sum CONFLICT (content): Merge conflict in go.mod CONFLICT (content): Merge conflict in feature/flags.go CONFLICT (content): Merge conflict in core/charm/repository/charmhub_test.go CONFLICT (content): Merge conflict in core/charm/repository/charmhub.go CONFLICT (content): Merge conflict in cmd/jujud/agent/agenttest/agent.go CONFLICT (content): Merge conflict in charmhub/transport/refresh.go CONFLICT (content): Merge conflict in charmhub/refresh_test.go CONFLICT (content): Merge conflict in charmhub/refresh.go CONFLICT (content): Merge conflict in apiserver/facades/controller/charmrevisionupdater/updater_test.go CONFLICT (content): Merge conflict in apiserver/facades/controller/charmrevisionupdater/updater.go CONFLICT (content): Merge conflict in apiserver/facades/controller/charmrevisionupdater/mocks/mocks.go CONFLICT (content): Merge conflict in apiserver/facades/controller/charmrevisionupdater/interface.go CONFLICT (content): Merge conflict in apiserver/facades/controller/charmrevisionupdater/charmhub.go CONFLICT (content): Merge conflict in apiserver/facades/client/application/updateseries_mocks_test.go CONFLICT (content): Merge conflict in apiserver/facades/client/application/application_test.go CONFLICT (content): Merge conflict in apiserver/facades/client/application/application.go

hpidcock added the 2.9 label Oct 6, 2021

tlm force-pushed the aws-instance-profile branch 3 times, most recently from 73b8a0e to 408ac43 Compare October 7, 2021 03:12

wallyworld approved these changes Oct 7, 2021

View reviewed changes

tlm force-pushed the aws-instance-profile branch from 408ac43 to aad1903 Compare October 7, 2021 07:50

tlm force-pushed the aws-instance-profile branch from aad1903 to f431d8f Compare October 7, 2021 09:27

jujubot merged commit f970413 into juju:2.9 Oct 7, 2021

SimonRichardson mentioned this pull request Oct 11, 2021

Merge 2.9 into develop #13408

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adds support for instance profile credentials to the controller. #13394

Adds support for instance profile credentials to the controller. #13394

tlm commented Oct 6, 2021 •

edited by wallyworld

wallyworld left a comment

tlm commented Oct 7, 2021

tlm commented Oct 7, 2021

Adds support for instance profile credentials to the controller. #13394

Adds support for instance profile credentials to the controller. #13394

Conversation

tlm commented Oct 6, 2021 • edited by wallyworld

Checklist

QA steps

wallyworld left a comment

Choose a reason for hiding this comment

tlm commented Oct 7, 2021

tlm commented Oct 7, 2021

tlm commented Oct 6, 2021 •

edited by wallyworld