Details
-
Task
-
Status: Resolved
-
Major
-
Resolution: Done
-
None
Description
After IGNITE-18576 its possible to provide Authentication cluster configuration on cluster init.
Looking at ClusterManagementGroupManager#onElectedAsLeader we can see that REST authentication configuration is applied to the distributed configuration on leader election. This happens because there is no any other way to put any values to the cluster configuration on init.
This leads to the following situation:
cluster init in progress, some REST endpoints are blocked (cluster/configuration for example)cluster initialized, REST is available without auth anybody can use the RESTauthentication configuration is applied to the distributed configuration and REST is secured
After IGNITE-18943 this is not possible because configuration REST endpoints are disabled until cluter initialization will successfuly finished.
It is proposed to extend this approach to whole cluster configration. Instead of cluster authentication configuration init endpoint should accept whole cluster configuration in HOCON format and apply it as it currently.
CLI should have option to provide HOCON file. This file should be readed and provided tgo init REST endpoint.
Attachments
Issue Links
- blocks
-
IGNITE-19293 Validate cluster configuration before cluster initialization
- Resolved
- links to