Fetch/List Registration Entries should have ability to ignore expired entries

[amoore877]

Registration entries have an optional expiration, so it would be helpful to add ability for Fetch/List to only return unexpired and non-expirable entries.

[azdagron]

Hi @amoore877! Can you provide a good use case for returning this filtered list from the Registration API? Is there a specific scenario it lights up? We can add that filtering server-side, but want to make sure it justifies growing the registration API. In particular, this sort of change would need to get pushed down all the way into the datastore layer to properly support paging.

[amoore877]

https://github.com/spiffe/spire/commits/master/pkg/server/registration / #1056 and related

Work on automated registration pruning overlapped creation of this issue. Originally pruning was every 2 hours / configurable, now it is hard-coded every 5 minutes.

I was trying to reduce the mass of data sent over a network in a high volume environment with an additional filter, however if pruning is every 5 minutes... this is much less of a concern for me.

It can still be applicable in the scenario where a Server User wants to check if they should re-register a workload, though even then if the registration exists (but is expired) that would be a TTL Update not a straight Registration Create. For my case here this would be more an argument for something like a Upsert API than a Read filter.

All of that being said, we should make a doc update that I'm realizing now would have been valuable in initial Pruning work: For completeness the Registration Fetch / List API doc should state that it may return expired registrations that have not yet been pruned (assuming we don't get #1234 or similar merged).

[github-actions[bot]]

This issue is stale because it has been open for 365 days with no activity.

[github-actions[bot]]

This issue was closed because it has been inactive for 30 days since being marked as stale.