On October 22, 2019 3:32 pm, Thomas Lamprecht wrote: > On 10/22/19 3:22 PM, Fabian Grünbichler wrote: >> On October 22, 2019 1:44 pm, Tim Marx wrote: >>> Do we really want a enable/disable property? >>> Wouldn't it be enough to delete the token? >> >> there's a difference though. I might have configured the token on X >> systems, but want to temporarily disable it. since the actual token >> value is generated on creation by the server, if I need to delete the >> token to disable it I then have to re-configure all clients with the new >> token after (re-)creation.. >> > > In which usage scenario does above make sense? > > Either the token is there and usable or not, a temporary disable does > not makes much sense, or? I mean, just don't start the services that > will use it. And if the trust is gone it won't come ever back again for > a token.
disabling the token is the server-side equivalent to not starting the service on the client-side ;) I don't have some specific use case in mind, except that we may want to not allow the token to do stuff without having to re-generate and re-deploy it. could be to trouble-shoot (are those requests by my monitoring system/backup client/... responsible for the high load? -> disable corresponding token), could be to investigate before deciding whether trust is gone or not, could be to generate and distribute tokens, but not yet activate them (client system is not yet live), ... it's a small boolean flag that is very easy to understand (and implement), but if there are big objections I can also drop it. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
