Add support for profiles in Get and Probe RPC. #213
Conversation
| // | ||
| // Note that the authz profile is considered independent from a SSL profile | ||
| // ID (as referenced by gnsi.Certz). | ||
| string authz_profile_id = 3; |
There was a problem hiding this comment.
I discussed with Marcus too. I think this makes sense to have here so that you can know exactly what authz policy you're probing.
However, can we add a clarification that says that you can only have one rotate operation in progress at once, to avoid the complexity of the state machine having to handle "what happens if you start multiple operations and then probe another one".
There was a problem hiding this comment.
Maybe I'm missing something, but the authz_profile_id in RotateAuthzRequest already has an extra docstring paragraph specifying "It is not permitted to rotate multiple profiles' policies at the same time ..." (lines 156--160).
My understanding from the current probe docstring is that it is supposed to query whatever the current engine state (for that profile) is. Even within a rotation, there is only one such engine state (either the initial one or the one after upload request), so I'm not quite sure where the state machine complexity is supposed to come from?
I think my point is: In contrast to the Rotate RPC, Probe and Get read to me as an "atomic", isolated operation rather than a state transition, so I don't see how it may complicate the state machine.
4 participants
While profiles have been added into the rotation via #200, the Get and Probe RPCs have remained profile-less. If a client is able to add multiple profiles, it should also be able to get and probe these profiles individually.