Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Support macaroons for migration authentication #6056
Conversation
mjs
added some commits
Aug 22, 2016
frobware
added
the
in progress
label
Aug 22, 2016
|
$$merge$$ |
|
Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju |
jujubot
merged commit 9aeb947
into
juju:master
Aug 23, 2016
mjs
deleted the
mjs:MM-macaroons
branch
Aug 23, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
mjs commentedAug 22, 2016
•
Edited 1 time
-
mjs
Aug 22, 2016
Up until now migrations have only supported password authentication to the target controller but with modern Juju most users will have a macaroon in their local account store and not a password. This PR threads support for macaroon authentication through the migration infrastructure so that users with macaroons can initiate migrations.
By reusing the user's macaroon directly, this implementation is a little naive. A upcoming change will have the client request a macaroon from the target controller, attenuate it and have that used for all future migration activities. Password authentication support for the migration infrastructure will be removed at that point - simplifying the code and improving security by not having long lived credentials being stored and passed around.
Drive-by: rename the GetMigrationStatus API on the MigrationMaster facade to MigrationStatus.
(Review request: http://reviews.vapour.ws/r/5498/)