[pve-devel] [RFC 12/23] API: add API token API endpoints
Thomas Lamprecht
t.lamprecht at proxmox.com
Tue Oct 22 15:57:57 CEST 2019
On 10/22/19 3:50 PM, Fabian Grünbichler wrote:
> On October 22, 2019 3:32 pm, Thomas Lamprecht wrote:
>> On 10/22/19 3:22 PM, Fabian Grünbichler wrote:
>>> On October 22, 2019 1:44 pm, Tim Marx wrote:
>>>> Do we really want a enable/disable property?
>>>> Wouldn't it be enough to delete the token?
>>>
>>> there's a difference though. I might have configured the token on X
>>> systems, but want to temporarily disable it. since the actual token
>>> value is generated on creation by the server, if I need to delete the
>>> token to disable it I then have to re-configure all clients with the new
>>> token after (re-)creation..
>>>
>>
>> In which usage scenario does above make sense?
>>
>> Either the token is there and usable or not, a temporary disable does
>> not makes much sense, or? I mean, just don't start the services that
>> will use it. And if the trust is gone it won't come ever back again for
>> a token.
>
> disabling the token is the server-side equivalent to not starting the
> service on the client-side ;) I don't have some specific use case in
> mind, except that we may want to not allow the token to do stuff without
> having to re-generate and re-deploy it.
makes no sense IMO, why should the server care about such a debug feature?
>
> could be to trouble-shoot (are those requests by my monitoring
> system/backup client/... responsible for the high load? -> disable
> corresponding token), could be to investigate before deciding whether
> trust is gone or not, could be to generate and distribute tokens, but
> not yet activate them (client system is not yet live), ...
>
> it's a small boolean flag that is very easy to understand (and
> implement), but if there are big objections I can also drop it.
>
yet another switch in our gran ocean of knobs, if not needed an a valid
use case is there I'd omit it, if said "real use case" arises and sounds
sensible, we can add this still later on. My 2¢ - but not to hard feelings
here..
More information about the pve-devel
mailing list