--cert-principal-map should allow operators to update the map after init without restarting #54155
Labels
A-authentication
Pertains to authn subsystems
A-cc-enablement
Pertains to current CC production issues or short-term projects
A-cli-server
CLI commands that pertain to CockroachDB server processes
A-kv-server
Relating to the KV-level RPC server
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
S-3-ux-surprise
Issue leaves users wondering whether CRDB is behaving properly. Likely to hurt reputation/adoption.
T-server-and-security
DB Server & Security
X-server-triaged-202105
Comments
|
Hi @aaron-crl, please add a C-ategory label to your issue. Check out the label system docs. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan. |
aaron-crl
added
the
C-enhancement
knz
added
the
S-3-ux-surprise
knz
added
A-cli-server
knz
added
A-authentication
|
Isn't this #47196? |
|
Solving the other issue will also solve this one, yes, but if we decide that we refuse to do the PG thing we still need to fix the cert principal map. |
|
We now support the ident map. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue
As implemented, an operator must restart nodes to update the values of
--cert-principal-map. This is also a command line flag suggesting it only applies to the instance when it should(?) represent a cluster setting. This constitutes a UX surprise.Proposed solution
Add the ability for an operator to update/override the mappings as a cluster setting that will persist through restarts.
cc @thtruo @knz
The text was updated successfully, but these errors were encountered: