Is this a new feature, an enhancement, or a change to existing functionality?
New Feature
How would you describe the priority of this feature request
Medium
Please provide a clear description of problem this feature solves
Although NICo will perform FW attestation, policies determining the actions taken for attestation results will set set by other components of the DSX stack. When NICo is deployed apart from the DSX stack it will need different external logic to perform these functions. A reference implementation of this logic will serve as a baseline and guide for operators.
Feature Description
As a site-operator, I want to define how NICo should handle attestation failures.
Describe your ideal solution
NICo should be able to use the external logic to synchronously set the eligibility of nodes to host instances based on attestation information gathered during machine lifecycle operations. This will probably be implemented as a gRPC call to an external policy engine. Policies should be data-driven and not encoded in the engine itself.
Describe any alternatives you have considered
No response
Additional context
No response
Code of Conduct
Is this a new feature, an enhancement, or a change to existing functionality?
New Feature
How would you describe the priority of this feature request
Medium
Please provide a clear description of problem this feature solves
Although NICo will perform FW attestation, policies determining the actions taken for attestation results will set set by other components of the DSX stack. When NICo is deployed apart from the DSX stack it will need different external logic to perform these functions. A reference implementation of this logic will serve as a baseline and guide for operators.
Feature Description
As a site-operator, I want to define how NICo should handle attestation failures.
Describe your ideal solution
NICo should be able to use the external logic to synchronously set the eligibility of nodes to host instances based on attestation information gathered during machine lifecycle operations. This will probably be implemented as a gRPC call to an external policy engine. Policies should be data-driven and not encoded in the engine itself.
Describe any alternatives you have considered
No response
Additional context
No response
Code of Conduct