How to install and use RBAC with MAAS

Prologue text that explains what this document is about.

How to set up identity management for RBAC

As a MAAS RBAC administrator, you want to properly set up the environment for Candid and RBAC to be used. As an RBAC administrator, you need step-by-step procedures that guide you through pre-installation configuration.

How to set up and install identity management

How to install and enable Candid

A user has detailed instructions for installing and enabling Candid. Provide detailed instructions about Candid installation.

How to configure and load Candid

A user has detailed instructions for configuring and loading Candid. Provide detailed instructions for configuring Candid via /var/snap/candid/current/config.yaml, starting Candid, editing /root/admin.keys to have the correct URL for Candid, and creating the necessary credentials, including a self-signed certificate for Candid.

How to verify Candid operation

A user has detailed procedures for verifying that a compatible authentication system is installed and working. Provide detailed instructions about which authentication systems are compatible with RBAC, how they must be configured, and how to verify that they are properly configured.

How to ensure proper certificates

A user has detailed instructions for ensuring that valid certificates can be generated and used as needed for Candid to communicate over HTTPS. Provide detailed instructions regarding the CA and certificates needed, as well as instructions for verifying that they are properly configured.

How to install and configure RBAC

As a MAAS RBAC administrator, you want to properly install and configure RBAC and Candid. As an RBAC administrator, you need step-by-step procedures that guide you through the process of installing RBAC and Candid.

How to install RBAC

Provide detailed instructions for obtaining PPA credentials, including necessary contact information and/or links.

How to set up RBAC

Provide indirect instructions on how to login to Launchpad, visit your private PPA, set the necessary credentials, add your private PPA, and install the RBAC package.

How to log into RBAC and verify RBAC setup

Provide detailed instructions about how to pass the Candid cert to RBAC; define RBAC cert, public key, and CA via SSL; create the appropriate credentials; configure RBAC to use these credentials; verify correct operation of the service-URL; and create an RBAC administrative user.

How to connect MAAS and RBAC

As a MAAS RBAC administrator, you want to properly connect MAAS to RBAC and establish baseline test users. As an RBAC administrator, you need step-by-step procedures that guide you through the process of making MAAS talk to RBAC successfully.

How to configure MAAS with RBAC

Provide detailed instructions about how to configure MAAS to use RBAC, including defining the service name and URL of the RBAC service, along with a login procedure that verifies that the RBAC-maas connection is working correctly.

How to use resource pools

Provide detailed instructions for creating new resource pools, or provide a procedure for using existing resource pools.

How to create test users

Provide detailed instructions for creating test users, or provide a procedure for using existing test users already established.

How to assign test users

Provide instructions on how to associate test users with resource pools.

How to verify RBAC with MAAS

Provide detailed instructions for using the RBAC test cases created thus far to verify that RBAC is working correctly with MAAS.

How to operate RBAC

As a MAAS RBAC administrator, you want to understand how to operate and maintain RBAC. As an RBAC administrator, you need step-by-step procedures that guide you through the various day-to-day aspects of RBAC components, services, groups, roles, and permissions.

How to configure services

Provide detailed instructions about MAAS services, as exposed in RBAC, and how they can be manipulated and configured

How to configure scopes

Provide detailed instructions about scopes, and how they should be configured and applied

How to assign roles

Provide detailed instructions about the way RBAC tabulates roles, services, etc, including the way the hierarchy flows from left to right, how to change views, and how to manipulate items in those views

How to set permissions

Provide detailed instructions about the way RBAC tabulates roles, services, etc, including the way the hierarchy flows from left to right, how to change views, and how to manipulate items in those views

How to navigate RBAC

Provide detailed instructions about the way RBAC tabulates roles, services, etc, including the way the hierarchy flows from left to right, how to change views, and how to manipulate items in those views

How to modify RBAC users

Provide detailed procedures for managing the relationships between roles, permissions, users, groups, and resource pools, including how to add, edit, remove, and reassign them; explain how changes are “buffered”, ie, not implemented until a separate choice is made

Provide detailed instructions for address the various non-machine-related components of MAAS that are exposed in RBAC

How to audit user actions

As a MAAS RBAC administrator, operator, or auditor, you want to understand how to use RBAC logging to review user actions As an RBAC administrator, operator, or auditor, you need step-by-step procedures that guide you through the process of reviewing, analyzing, and correlating log entries

How to access RBAC logs

Provide detailed instructions about RBAC logs, how to find them, how to access them, and how to export them

How to post-process RBAC logs

Provide detailed instructions for RBAC logs use built-in filter capability. Provide suggestions and examples for analyz RBAC logs us command line tools on exported log files

How to correlate actions, events, and users

Provide detailed procedures for correlating user actions and events with the correct users, roles, and permissions