require new nodes to be validated before being able to connect #310
Labels
No Label
AdminAPI
Bug
Check AWS
CI
Correctness
Critical
Documentation
Ideas
Improvement
Low priority
Newcomer
Performance
S3 Compatibility
Testing
Usability
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Deuxfleurs/garage#310
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Today the RPC is secured by requiring the knowledge of the RPC secret and the ip and node id of at least one node. To make Garage more secure against leakage of the RPC secret and node id, Garage could require a new node to be accepted by an other node before it can issue any RPC command (or require initial connection to always come from an already known node to a new node). This functionality should probably be optional.
It's currently not possible to implement something like this as client RPC creates a temporary node, so it would prevent any administrative operation, however as we move to a REST admin API, it should become possible