From 817038c6cf392f7d0dfbc22d2ea5dfd513ef1aa8 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Tue, 1 Nov 2022 08:37:03 -0400
Subject: [PATCH] Specify the valid values for apiarmed

Further, add more warning text around apiarmed, as it is a serious security
decision to take on continuous.
---
 confluent_server/confluent/config/attributes.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/confluent_server/confluent/config/attributes.py b/confluent_server/confluent/config/attributes.py
index 76a3de70..6c730f40 100644
--- a/confluent_server/confluent/config/attributes.py
+++ b/confluent_server/confluent/config/attributes.py
@@ -124,10 +124,13 @@ node = {
     'deployment.apiarmed': {
         'description': ('Indicates whether the node authentication token interface '
                         'is armed.  If set to once, it will grant only the next '
-                        'request. If set to continuous, will allow many requests.'
-                        'Should not be set unless an OS deployment is pending. '
+                        'request. If set to continuous, will allow many requests, '
+                        'which greatly reduces security, particularly when connected to '
+                        'untrusted networks. '
+                        'Should not be set unless an OS deployment is pending on the node. '
                         'Generally this is not directly modified, but is modified '
                         'by the "nodedeploy" command'),
+        'validvalues': ('once', 'continuous', ''),
     },
     'deployment.sealedapikey': {
         'description': 'This attribute is used by some images to save a sealed '