From 2c7ce7acdcb83e450d7374b744ca1f84a31a8f03 Mon Sep 17 00:00:00 2001 From: ale8k Date: Thu, 25 Apr 2024 13:55:45 +0100 Subject: [PATCH 1/2] wip --- .custom_wordlist.txt | 1 + explanation/jaas_overview.rst | 33 ++++++++++++++++++++++----------- how-to/use_terraform.rst | 2 +- 3 files changed, 24 insertions(+), 12 deletions(-) diff --git a/.custom_wordlist.txt b/.custom_wordlist.txt index 2c19099..42a0221 100644 --- a/.custom_wordlist.txt +++ b/.custom_wordlist.txt @@ -55,6 +55,7 @@ NodePort ntp OAuth OAuth2 +OAuth2.0 observability OEM OIDC diff --git a/explanation/jaas_overview.rst b/explanation/jaas_overview.rst index 19db89b..a9f2b5e 100644 --- a/explanation/jaas_overview.rst +++ b/explanation/jaas_overview.rst @@ -3,19 +3,30 @@ JAAS Overview What is JAAS? ------------- +To detail what JAAS is, let's look at what JAAS provides: -**JAAS** provides a single location to manage your Juju infrastructure by using the -Dashboard or using the same Juju CLI commands to create a high-level overview and -the ability to drill-in to the details when you need it. +- **JAAS** provides a single location to manage your Juju infrastructure by using the + Dashboard or using the same Juju CLI commands to create a high-level overview and + the ability to drill-in to the details when you need it. +- **JAAS** is useful for organisations running their own Juju infrastructure + giving them a single point of contact for their entire real estate and, in combination + with the Juju Dashboard, giving them a clear overview of their infrastructure. + +- **JAAS** enables SREs and developers to access models via identities from an externel IdP + and is not limited to local users. + +- **JAAS** enables SREs and developers to manage access control across all of their + controllers, models, applications and application offers from a single place, as opposed + to having to go through each Juju controller manually and updating permissions specifically + for individual local users on each controller. + +- As **JAAS** provides a single point of contact for customers entire real estate, automation + is substantially easier, automation need only perform actions through **JAAS** and not consult + each controller individually. + +- **JAAS** can query across multiple models at once, giving deeper insights into your estate. -**JAAS** is useful for customers that do not want to maintain their own controllers -in public clouds. Canonical's JAAS enables users to deploy their workloads -in public clouds without the extra complexity and costs associated with running their -own Juju controllers. JAAS is also useful for organisations -running their own Juju infrastructure giving them a single point of contact for -their entire real estate and, in combination with the Juju Dashboard, giving -them a clear overview of their infrastructure. Architecture ------------ @@ -45,5 +56,5 @@ other tools, like the Juju Dashboard or Juju CLI, that communicate with a Juju Controller to work seamlessly with JIMM. For authentication of users or service accounts, JAAS requires an *OIDC Provider* -(Hydra) that handles the standard OAuth flows including browser flow, device flow, +(Hydra) that handles the standard OAuth2.0 flows including browser flow, device flow, and client credentials. diff --git a/how-to/use_terraform.rst b/how-to/use_terraform.rst index e8a4986..9a4c26a 100644 --- a/how-to/use_terraform.rst +++ b/how-to/use_terraform.rst @@ -11,7 +11,7 @@ Prerequisites For this how-to you will need the following: -- An identity provider that can be used to create OAuth2 client credentials. +- An identity provider that can be used to create OAuth2.0 client credentials. - Client credentials (``client_id`` and ``client_secret``) generated by the above identity provider. - A deployed JIMM configured to trust the identity provider. For instructions on how to deploy JIMM read :doc:`deploy_jimm`. From 3cb767e5111643446e5479360213e2a50f60f802 Mon Sep 17 00:00:00 2001 From: ale8k Date: Fri, 26 Apr 2024 09:15:10 +0100 Subject: [PATCH 2/2] spellfix --- explanation/jaas_overview.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/explanation/jaas_overview.rst b/explanation/jaas_overview.rst index a9f2b5e..fef8937 100644 --- a/explanation/jaas_overview.rst +++ b/explanation/jaas_overview.rst @@ -13,10 +13,10 @@ To detail what JAAS is, let's look at what JAAS provides: giving them a single point of contact for their entire real estate and, in combination with the Juju Dashboard, giving them a clear overview of their infrastructure. -- **JAAS** enables SREs and developers to access models via identities from an externel IdP +- **JAAS** enables site reliability engineers and developers to access models via identities from an external IdP and is not limited to local users. -- **JAAS** enables SREs and developers to manage access control across all of their +- **JAAS** enables site reliability engineers and developers to manage access control across all of their controllers, models, applications and application offers from a single place, as opposed to having to go through each Juju controller manually and updating permissions specifically for individual local users on each controller.