Feature #15082
open
[controller] [all services] Publish entire config including secrets
Description
Similar to /metrics, each service should provide a GET /config.json endpoint that returns the config object currently in use by the service.
/config.json should return 401 if the request's HTTP header ("Authorization: Bearer {token}") is missing or does not match the configured ManagementToken, or the configured ManagementToken is blank.
The response should be serialized to JSON from the in-memory config representation: the purpose is to export the configuration as seen by the program, not to copy the config file on disk. For strongly typed config systems like source:sdk/go/arvados/config.go, this means unknown keys in the site config file (not recognized by this version of this component) will not appear in the response.
The response should include all site secrets (BlobSigningKey, ManagementToken, SystemRootToken, etc.).
Updated by
Updated by Peter Amstutz almost 5 years ago
- Target version deleted (
To Be Groomed) - Status changed from New to Closed
Updated by Peter Amstutz almost 5 years ago
- Target version set to To Be Groomed
- Status changed from Closed to New
Updated by Peter Amstutz over 3 years ago
- Target version deleted (
To Be Groomed)