JIMM is a Go based webserver used to provide extra functionality on top of Juju controllers. If you are unfamiliar with Juju, we suggest visiting the Juju docs - the open source orchestration engine for software operators.
JIMM provides the ability to manage multiple Juju controllers from a single location with enhanced enterprise functionality.
JIMM is the central component of JAAS (Juju As A Service), where JAAS is a set of services acting together to enable storing state, storing secrets and auth.
JIMM/JAAS provides enterprise level functionality layered on top of your Juju controller like:
- Federated login via an external identity provider using OAuth2.0 and OIDC.
- Fine grained access control with the ability to create user groups.
- A single gateway into your Juju estate.
- The ability to query for information across all your Juju controllers.
For a full overview of the capabilties, check out the docs.
The project uses Go modules to manage Go dependencies. Note: Go 1.11 or greater needed.
A brief explanation of the various services that JIMM depends on is below:
- Vault: User cloud-credentials and private keys are stored in Vault. Cloud-credentials are API keys that enable Juju to communicate with a cloud's API.
- PostgreSQL: All non-sensitive state is stored in Postgres.
- OpenFGA: A distributed authorisation server where authorisation rules are stored and queried using relation based access control.
- IdP: An identity provider which supports OAuth2.0 and OIDC.
The versioning strategy we follow is to match JIMM's major version to the corresponding Juju major version we support.
Additionally JIMM will also support Juju's last minor version of the previous major to support model migrations.
E.g. JIMM v3 supports Juju v3 controllers AND the last minor version of the previous major, v2.9.
For more information on JIMM's history and previous version strategy see here.
This repository contains 3 binaries:
- jimmsrv: The JIMM server.
- jimmctl: A CLI tool for administrators of JIMM to view audit logs, manage permissions, etc. Available as a snap.
- jaas: A plugin for the Juju CLI, extend the base set of command with extra functionality when communicating with a JAAS environment.
See here on how to get started.
See here on how to get started.