--cert-principal-map should allow operators to update the map after init without restarting #54155
Labels
A-authentication
Pertains to authn subsystems
A-cc-enablement
Pertains to current CC production issues or short-term projects
A-cli-server
CLI commands that pertain to CockroachDB server processes
A-kv-server
Relating to the KV-level RPC server
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
S-3-ux-surprise
Issue leaves users wondering whether CRDB is behaving properly. Likely to hurt reputation/adoption.
T-server-and-security
DB Server & Security
X-server-triaged-202105
Issue
As implemented, an operator must restart nodes to update the values of
--cert-principal-map
. This is also a command line flag suggesting it only applies to the instance when it should(?) represent a cluster setting. This constitutes a UX surprise.Proposed solution
Add the ability for an operator to update/override the mappings as a cluster setting that will persist through restarts.
cc @thtruo @knz
The text was updated successfully, but these errors were encountered: