access environment.yaml data from the hooks
Kapil Thangavelu
kapil.thangavelu at canonical.com
Fri Jul 11 11:36:01 UTC 2014
On Fri, Jul 11, 2014 at 4:44 AM, Tudor Rogoz <rogoz at adobe.com> wrote:
> Hi all,
>
> Is it possible to access the juju environment properties directly from
> the hooks?
> More precisely, I want to have access to the AWS credentials (defined in
> the environments.yaml file) directly from the hooks, is this possible? I
> can workaround the situation, by defining specific config properties and
> duplicate the information there and this way I can get the data by calling
> ‘config-get’ function.But I’m just thinking if maybe it would be a cleaner
> way to achieve this.Ideas?
>
>
Juju doesn't allow for extraction of provider credentials from the state
server as a security measure. Its typically much better to define these as
charm config properties, because you can use a separate iam account that's
permission scoped to the usage you want rather than proliferating a more
privileged account. Even better is using iam roles (
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
with manual provisioning and workload placement (deploy --to) against the
ec2 provider and avoiding the credential management entirely.
cheers,
Kapil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20140711/486e6e1c/attachment.html>
More information about the Juju
mailing list