Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Use macaroon to validate published network changes for cmr #7637
Conversation
| @@ -12,6 +12,7 @@ import ( | ||
| apiwatcher "github.com/juju/juju/api/watcher" | ||
| "github.com/juju/juju/apiserver/params" | ||
| "github.com/juju/juju/watcher" | ||
| + "gopkg.in/macaroon.v1" |
| @@ -22,6 +24,7 @@ type remoteEntityDoc struct { | ||
| SourceModelUUID string `bson:"source-model-uuid"` | ||
| EntityTag string `bson:"entity"` | ||
| Token string `bson:"token"` | ||
| + Macaroon string `bson:"macaroon,omitempty"` |
axw
Jul 13, 2017
Member
maybe store as []byte, and use the macaroon's BinaryMarshaler interface? should be more compact
wallyworld
Jul 13, 2017
Owner
Yeah, we could. Sadly I cargo culted this (storing as json) from model migrations code. Better to be consistent?
|
$$merge$$ |
|
Status: merge request accepted. Url: http://juju-ci.vapour.ws:8080/job/github-merge-juju |
jujubot
merged commit 4c48665
into
juju:develop
Jul 13, 2017
1 check passed
github-check-merge-juju
Ran tests against PR. Use !!.*!! to request another build. IE, !!build!!, !!retry!!
Details
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
wallyworld commentedJul 13, 2017
Description of change
When the firewaller publishes ingress changes to the offering model, it uses the macaroon associated with the relation. The remote entities functionality in state have been enhanced to allow a macaroon to be saved with the token. The remote relations worker saves the macaroon when it registers the relation, and the firewaller worker gets the macaroon when it needs to publish a change.
QA steps
Run a cmr scenario and ensure firewall ports are opened as expected.