mirror of
https://github.com/xcat2/confluent.git
synced 2025-02-06 14:02:38 +00:00
Add node api key and arming
This is the groundwork for having node authentication. The intent is for calling code to modify api.armed if the administrator wants to opt into a one-time set of credential. This design as is currently does not fit a stateless deploy model. That may suggest an additional manual step for a fully stateless model. Alternatively adding support for credential persistence through sealing to a node's TPM, which would allow more freely retrievable node credentials.
This commit is contained in:
parent
aaf5aebff7
commit
55a0aab548
@ -97,6 +97,15 @@ node = {
|
||||
'description': ('Classification of node as server or switch'),
|
||||
'validvalues': ('switch', 'server'),
|
||||
},
|
||||
'api.key': {
|
||||
'description': ('Crypt of api key for self api requests by node'),
|
||||
},
|
||||
'api.armed': {
|
||||
'description': ('Indicates whether an insecure api key request is allowed. '
|
||||
'The format is an expiration time in ISO8601 format. When '
|
||||
'the indicated time passes or the first time a node claims '
|
||||
'the key, key grants will not be allowed.'),
|
||||
}
|
||||
#'id': {
|
||||
# 'description': ('Numeric identifier for node')
|
||||
#},
|
||||
|
Loading…
x
Reference in New Issue
Block a user