Privileged interfaces request: rustconn (personal-files, system-files)

store-requests privileged-interfaces
1
  • name: rustconn
  • description: GTK4/libadwaita connection manager for Linux — SSH, RDP, VNC, SPICE, Telnet, Serial, Kubernetes, and Zero Trust protocols with embedded Rust clients
  • snapcraft: RustConn/snap/snapcraft.yaml at main · totoshko88/RustConn · GitHub
  • upstream: GitHub - totoshko88/RustConn: Modern connection manager for Linux with GTK4/Wayland-native interface. · GitHub
  • upstream-relation: I am the upstream author and sole maintainer
  • interfaces:
    • aws-credentials (personal-files, write: $HOME/.aws):
      • request-type: installation
      • reasoning: AWS SSM Session Manager requires read access to AWS credentials and write access for SSO token cache (~/.aws/sso/cache/). Used for Zero Trust SSH connections through AWS Systems Manager.
    • gcloud-credentials (personal-files, read: $HOME/.config/gcloud):
      • request-type: installation
      • reasoning: GCP IAP tunnel connections require reading gcloud CLI credentials and project configuration. Read-only access.
    • azure-credentials (personal-files, read: $HOME/.azure):
      • request-type: installation
      • reasoning: Azure Bastion connections require reading Azure CLI authentication tokens. Read-only access.
    • oci-credentials (personal-files, read: $HOME/.oci):
      • request-type: installation
      • reasoning: OCI Bastion connections require reading Oracle Cloud CLI configuration and API keys. Read-only access.
    • kube-credentials (personal-files, read: $HOME/.kube):
      • request-type: installation
      • reasoning: Kubernetes pod exec connections require reading kubeconfig for cluster authentication. Read-only access.
    • host-usr-bin (system-files, read: /usr/bin/aws, /usr/bin/gcloud, /usr/bin/az, /usr/bin/oci, /usr/bin/cloudflared, /usr/bin/tsh, /usr/bin/tailscale, /usr/bin/boundary, /usr/bin/bw, /usr/bin/op, /usr/bin/passbolt, /usr/bin/keepassxc-proxy, /usr/bin/remote-viewer, /usr/bin/xfreerdp, /usr/bin/vncviewer, /usr/bin/kubectl, /usr/local/bin/kubectl):
      • request-type: installation
      • reasoning: RustConn optionally executes host-installed CLI tools for: (1) Zero Trust providers — aws, gcloud, az, oci, cloudflared, tsh, tailscale, boundary; (2) password managers — bw (Bitwarden), op (1Password), passbolt, keepassxc-proxy; (3) protocol fallback clients — xfreerdp, vncviewer, remote-viewer; (4) container orchestration — kubectl. All are optional — the snap works without them using embedded protocol clients. Read-only access to binaries only.
2

This request has been added to the queue for review by the @reviewers team.