gluster
doc: REST API authentication
@aravindavk The document looks good, maybe we can add another heading stating the error received by the user if the auth fails or if proper authentication steps are not followed. It can be a part of another document (capturing all errors and their solutions) as well.
I think confusion here is user documentation vs developer documentation. I should convert this as developer documentation since users need not make any change to glustercli arguments if deployment is unchanged.(Like custom localstatedir)
I will remove the last section which talks about the temporary arrangement to use this from outside the cluster. Once user management is implemented then they can use those credentials for making REST calls.
Till the user management is implemented, we can't use these REST APIs from outside the cluster.
Added comment about Shared token vs Shared secret approach here https://github.com/gluster/glusterd2/issues/1030
Apart from that, I have a concern about using the GD2 secret by external tools.
This is temporary till the user management is in place. Once we implement user management, only glustercli will use the secret file. Future REST API documentation may looks like,
- Create user/app using
glustercli useradd <username>which will prompt for secret and creates the user. For example:glustercli useradd webui - Once the user is created, REST APIs can be consumed from any node by authenticating using the credentials specified in previous command. For example,
glustercli --user webui --secret-file=~/.gluster/webui.secret peer status. Secret can be specified using--secret,--secret-file, env var etc.
@aravindavk ping, can you address review comments and resolve the merge conflict so that we can get this PR in.