Request for classic confinement: skuld



I created a snap called skuld that allows users of the AWS CLI/SDK to generate temporary credentials with an MFA device and store them in their .aws/credentials under a an AWS profile to use when calling the AWS API (via the cli or SDK). skuld itself is a terminal program.

Together with a correct policy in AWS, skuld can be used to force the usage of an MFA device with the AccessKey/SecretKey credentials.

skuld manipulates the ~/.aws/credentials and ~/.aws/config files and therefore requires classic confinement. An alternative would be to have an interface to allow access the ~/.aws directory (the ~/.aws interface would useful for all kinds of cli tools and apps that needs AWS credentials).



Any progress on this issue? Is something incorrect the snap registration?

cheers, stan.


@niemeyer - thoughts? We recently added a juju-client-observe interface. I suspect this would be aws-control?


@niemeyer - can you comment?


@jdstrand This sounds like a good fit for that new interface we discussed in the sprint last week, that would allow access to specific directories, but only after review.

@stanhbb Do you have a link for the project and source code?


Ok. This is captured in trello and assigned to me after a few other things. It should make the next snapd release.


@niemeyer: you can see the code here:

the new interface sounds great; i would prefer something like that classic confinement.


Did this make the next snapd release? Which one?


@popey - it is not implemented yet. Sorry. @niemeyer - since this isn’t implemented yet, should we consider this snap for classic?