Request for classic confinement: skuld


#1

Hello,

I created a snap called skuld that allows users of the AWS CLI/SDK to generate temporary credentials with an MFA device and store them in their .aws/credentials under a an AWS profile to use when calling the AWS API (via the cli or SDK). skuld itself is a terminal program.

Together with a correct policy in AWS, skuld can be used to force the usage of an MFA device with the AccessKey/SecretKey credentials.

skuld manipulates the ~/.aws/credentials and ~/.aws/config files and therefore requires classic confinement. An alternative would be to have an interface to allow access the ~/.aws directory (the ~/.aws interface would useful for all kinds of cli tools and apps that needs AWS credentials).


#2

Hello,

Any progress on this issue? Is something incorrect the snap registration?

cheers, stan.


#3

@niemeyer - thoughts? We recently added a juju-client-observe interface. I suspect this would be aws-control?


#4

@niemeyer - can you comment?


#5

@jdstrand This sounds like a good fit for that new interface we discussed in the sprint last week, that would allow access to specific directories, but only after review.

@stanhbb Do you have a link for the project and source code?


#6

Ok. This is captured in trello and assigned to me after a few other things. It should make the next snapd release.


#7

@niemeyer: you can see the code here: https://github.com/DEEP-IMPACT-AG/skuld

the new interface sounds great; i would prefer something like that classic confinement.


#8

Did this make the next snapd release? Which one?


#9

@popey - it is not implemented yet. Sorry. @niemeyer - since this isn’t implemented yet, should we consider this snap for classic?


#10

The interface is up for review and should be on the next release.

You may follow its development here: