On 10/22/19 3:50 PM, Fabian Grünbichler wrote: > On October 22, 2019 3:32 pm, Thomas Lamprecht wrote: >> On 10/22/19 3:22 PM, Fabian Grünbichler wrote: >>> On October 22, 2019 1:44 pm, Tim Marx wrote: >>>> Do we really want a enable/disable property? >>>> Wouldn't it be enough to delete the token? >>> >>> there's a difference though. I might have configured the token on X >>> systems, but want to temporarily disable it. since the actual token >>> value is generated on creation by the server, if I need to delete the >>> token to disable it I then have to re-configure all clients with the new >>> token after (re-)creation.. >>> >> >> In which usage scenario does above make sense? >> >> Either the token is there and usable or not, a temporary disable does >> not makes much sense, or? I mean, just don't start the services that >> will use it. And if the trust is gone it won't come ever back again for >> a token. > > disabling the token is the server-side equivalent to not starting the > service on the client-side ;) I don't have some specific use case in > mind, except that we may want to not allow the token to do stuff without > having to re-generate and re-deploy it.
makes no sense IMO, why should the server care about such a debug feature? > > could be to trouble-shoot (are those requests by my monitoring > system/backup client/... responsible for the high load? -> disable > corresponding token), could be to investigate before deciding whether > trust is gone or not, could be to generate and distribute tokens, but > not yet activate them (client system is not yet live), ... > > it's a small boolean flag that is very easy to understand (and > implement), but if there are big objections I can also drop it. > yet another switch in our gran ocean of knobs, if not needed an a valid use case is there I'd omit it, if said "real use case" arises and sounds sensible, we can add this still later on. My 2¢ - but not to hard feelings here.. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
