that makes it easy for Eric to connect to the environment. Now ideally > where we'd like to get to is the following: > > juju connect eric@<api-endpoint> [<env uuid>] > > ...
> PROBLEM: right now all connections to the api server are secured with > TLS and the client-cert. > I'm pretty sure none of them use client certs. What they use is a certificate that is signed by a environment-specific CA. So we use the CACert to validate that the API server's certificate is valid, rather than just trusty any TLS connection. However, we *could* just trust the remote site to identify itself if we wanted to. ... > We do have the current issue of knowing which end points will be SSL > protected and which are TLS with a client-cert, but for now, we know > that we need a client cert for the connection. In order to handle this > behaviour now, I suggest we do the following: > As mentioned, we just have regular TLS with server side certs, we just track the CA Cert so that we know if we can actually trust the cert. John =:-> > > $ juju connect [email protected] > fb5a2570-e6f2-11e3-ac10-0800200c9a66 --client-cert ~/Downloads/cert.txt > password: > local environment name [foo-production]: > > This at least moves us in the right direction. > > > Thoughts? > Tim > > UUID are still pretty ugly to pass around. Versus having named environments at API servers. I like having UUIDs be unambiguous under the covers, but I wonder if it is actually nice UI to have people use it for connections. > > [1] An alternative command name could be 'login'. We should also have > an equivalent 'logout' or 'disconnect' that removes the .jenv file (with > sufficient warnings about the environment still running). > We've talked about "juju forget-environment" as a way to get rid of a .jenv without actually tearing down the environment. John =:-> > > -- > Juju-dev mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju-dev >
-- Juju-dev mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
