Most people are used to either using controllers as owners (you bootstrap a controller, create models, destroy controller) or add users and then share links to people so that they can reuse your controller. You may have noticed the @local postfix for such users when using "juju status" or even "juju whoami"
$ juju whoami Controller: aws-cdo-b18 Model: default User: admin@local However, Juju now also understands external users, the ones that are defined by identity provider. These external users are thus not handled within jujud or created with "juju add-user" commands, but rely on an external identity manager, Ubuntu SSO in our case. Why is this useful? Suppose you've got a model that you want to share with a person to look at or try it out. Instead of the usual "add-user" dance, all you need to do is just grant that person access using their USSO username. juju grant frankban@external read mymodel juju grant cmars@external write mymodel When the other user switches to the shared controller, all they need to do is to "juju login", perform the SSO login in the browser and then act as a SSO user on the controller. Quick instructions on how to bootstrap such controller. Let's assume we want to bring up a controller in GCE. $ juju bootstrap gce google/europe-west1 --credential gce --constraints="instance-type=n1-highcpu-4 root-disk=32G" --config identity-url=https://api.jujucharms.com/identity As you can see, we've provided the additional configuration option "identity", pointing it to the identity manager for Ubuntu SSO for Juju. Then, you can grant people to add models to the controller. For example $juju grant martin-hilton@external addmodel You can also allow anyone with USSO accout to create models on the controller: $juju grant everyone@external addmodel The user having your controller information can on his own machine perform: $ juju login Opening an authorization web page in your browser. If it does not open, please open this URL: ***** You are now logged in to "gce" as "uros-jovanovic@external". I've now logged int as Ubuntu SSO user. urulama@ubuntu:~/go/src/github.com/juju/juju$ juju whoami Controller: gce Model: test User: uros-jovanovic@external Creating a model: $ juju add-model test --credential gce Uploading credential 'google/uros-jovanovic@external/gce' to controller Added 'test' model on google/europe-west1 with credential 'gce' for user 'uros-jovanovic' $ juju models CONTROLLER: gce MODEL OWNER STATUS ACCESS LAST CONNECTION test* uros-jovanovic@external available admin never connected As you can see, users are required to use their own credentials to create models on your controller. User experience wise there is still area for improvements: for instance, sharing controller info can only be done by sharing the controller information and storing it to the $HOME/.local/share/juju/controllers.yaml At the time, this can only be done by sharing the information about the controller via email or public site and manually adding this information to controllers.yaml. This functionality is available with current Juju tip and will be included in the upcoming beta 18 release. If you haven't done it yet, in order to be able to use Juju as an external user, you are required to log in at jujucharms.com first. Logging into jujucharms.com is only required once. Cheers, Uros
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
