Feature #15082

[controller] [all services] Publish entire config including secrets

Added by Tom Clegg 6 months ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Deployment
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
-

Description

Similar to /metrics, each service should provide a GET /config.json endpoint that returns the config object currently in use by the service.

/config.json should return 401 if the request's HTTP header ("Authorization: Bearer {token}") is missing or does not match the configured ManagementToken, or the configured ManagementToken is blank.

The response should be serialized to JSON from the in-memory config representation: the purpose is to export the configuration as seen by the program, not to copy the config file on disk. For strongly typed config systems like source:sdk/go/arvados/config.go, this means unknown keys in the site config file (not recognized by this version of this component) will not appear in the response.

The response should include all site secrets (BlobSigningKey, ManagementToken, SystemRootToken, etc.).

History

#1 Updated by Tom Clegg 6 months ago

  • Target version set to To Be Groomed

Also available in: Atom PDF