Feature #15082: [controller] [all services] Publish entire config including secrets - Arvados

Actions

Copy link

Feature #15082

open

[controller] [all services] Publish entire config including secrets

Added by Tom Clegg over 5 years ago. Updated 9 months ago.

Status:

New

Priority:

Normal

Assigned To:

Category:

Deployment

Target version:

Future

Story points:

Release:

Postponed

Release relationship:

Auto

Description

Similar to /metrics, each service should provide a GET /config.json endpoint that returns the config object currently in use by the service.

/config.json should return 401 if the request's HTTP header ("Authorization: Bearer {token}") is missing or does not match the configured ManagementToken, or the configured ManagementToken is blank.

The response should be serialized to JSON from the in-memory config representation: the purpose is to export the configuration as seen by the program, not to copy the config file on disk. For strongly typed config systems like source:sdk/go/arvados/config.go, this means unknown keys in the site config file (not recognized by this version of this component) will not appear in the response.

The response should include all site secrets (BlobSigningKey, ManagementToken, SystemRootToken, etc.).

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Arvados

Custom queries

Feature #15082

[controller] [all services] Publish entire config including secrets

Updated by Tom Clegg over 5 years ago

Updated by Peter Amstutz almost 5 years ago

Updated by Peter Amstutz almost 5 years ago

Updated by Peter Amstutz over 3 years ago

Updated by Peter Amstutz almost 2 years ago

Updated by Peter Amstutz 9 months ago