Agent level Security (api everywhere)
[GOAL]
Restrict possible impact of compromised units/machines
[RATIONALE]
By ensuring that most machines and units in an environment are located separately from the state server, and use credentials that only allow a minimal necessary subset of operations via the API, we can limit the impact of security failures and bugs on those machines by ensuring that they cannot accidentally or maliciously corrupt state directly, and cannot access information (such as the user's environment credentials) that would enable escalation beyond that implicitly made possible via the relation unit settings available to a compromised unit.
Blueprint information
- Status:
- Complete
- Approver:
- Mark Ramm
- Priority:
- Essential
- Drafter:
- None
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Started
- Milestone target:
- None
- Started by
- Dimiter Naydenov
- Completed by
- Katherine Cox-Buday
Whiteboard
[USER STORIES]
[ASSUMPTIONS]
[RISKS]
[IN SCOPE]
[OUT OF SCOPE]
[USER ACCEPTANCE]
[RELEASE NOTE/BLOG]
Work Items
Work items:
[rogpeppe] change agents to use API connection where available size 2: DONE
[rogpeppe] deploy machine agents with API info size 1: DONE
[rogpeppe] deploy unit agents with API info size 1: DONE
[dimitern] implement API surface needed by deployer size 1: DONE
[dimitern] refactor deployer to use the state API size 1: DONE
[dimitern] implement API surface needed by machiner size 2: DONE
[dimitern] machiner to use the API size 2: DONE
[rogpeppe] implement API surface needed by upgrader size 4: DONE
[rogpeppe] upgrader to use the API (also handle environ config access better) size 2: DONE
[dimitern] implement API surface needed by uniter size 8: DONE
[dimitern] uniter to use the API size 2: DONE
[dimitern] disable state connections on unit agents size 4: DONE
implement API surface needed to add local charms size 4: TODO
[jameinel] CLI to use API size 4: INPROGRESS
[dimitern] implement API surface needed by provisioner size 2: DONE
[dimitern] provisioner to use API size 2: DONE
implement API surface needed by firewaller size 2: TODO
firewaller to use API size 2: TODO
[dimitern] disable state connections on non-manager machine agents size 4: DONE
Dependency tree
* Blueprints in grey have been implemented.