Agent level Security (api everywhere)

Registered by Antonio Rosales

[GOAL]
Restrict possible impact of compromised units/machines

[RATIONALE]
By ensuring that most machines and units in an environment are located separately from the state server, and use credentials that only allow a minimal necessary subset of operations via the API, we can limit the impact of security failures and bugs on those machines by ensuring that they cannot accidentally or maliciously corrupt state directly, and cannot access information (such as the user's environment credentials) that would enable escalation beyond that implicitly made possible via the relation unit settings available to a compromised unit.

Blueprint information

Status:
Complete
Approver:
Mark Ramm
Priority:
Essential
Drafter:
None
Direction:
Approved
Assignee:
None
Definition:
Obsolete
Series goal:
None
Implementation:
Started
Milestone target:
None
Started by
Dimiter Naydenov
Completed by
Katherine Cox-Buday

Related branches

Whiteboard

[USER STORIES]
[ASSUMPTIONS]
[RISKS]
[IN SCOPE]
[OUT OF SCOPE]
[USER ACCEPTANCE]
[RELEASE NOTE/BLOG]

(?)

Work Items

Work items:
[rogpeppe] change agents to use API connection where available size 2: DONE
[rogpeppe] deploy machine agents with API info size 1: DONE
[rogpeppe] deploy unit agents with API info size 1: DONE
[dimitern] implement API surface needed by deployer size 1: DONE
[dimitern] refactor deployer to use the state API size 1: DONE
[dimitern] implement API surface needed by machiner size 2: DONE
[dimitern] machiner to use the API size 2: DONE
[rogpeppe] implement API surface needed by upgrader size 4: DONE
[rogpeppe] upgrader to use the API (also handle environ config access better) size 2: DONE
[dimitern] implement API surface needed by uniter size 8: DONE
[dimitern] uniter to use the API size 2: DONE
[dimitern] disable state connections on unit agents size 4: DONE
implement API surface needed to add local charms size 4: TODO
[jameinel] CLI to use API size 4: INPROGRESS
[dimitern] implement API surface needed by provisioner size 2: DONE
[dimitern] provisioner to use API size 2: DONE
implement API surface needed by firewaller size 2: TODO
firewaller to use API size 2: TODO
[dimitern] disable state connections on non-manager machine agents size 4: DONE

Dependency tree

* Blueprints in grey have been implemented.