commit 8456ddf02aea2e1015805f18ef1871812c5cb7f6
author Serge Bazanski <serge@monogon.tech> Mon Oct 30 18:56:59 2023 +0100
committer Serge Bazanski <serge@monogon.tech> Mon Oct 30 22:12:01 2023 +0000
tree 7ea30de34d2ed42e2da1c044fb62576464b4e2cc
parent 7acd92dae19109fff8e6036d0a7fcd64aa1851c1

metropolis: implement node Deletion and framework for Decommissioning

This implements the basic ability to remove nodes from a cluster.

We prepare for a more complex workflow involving multi-sage
decommissioning, but first implement the 'worst case' workflow, in which
a node needs to be deleted if it hasn't been gracefully decommissioned.
This is what we currently need most in practice, as we have node
failures we'd like to deal with.

The Delete functionality is still not fully complete though, as we're
still accepting client certificates from decommissioned nodes. But we'll
fix that in an upcoming CR.

Change-Id: I7322cb1464a9e5bc924363321534033dcc8a6246
Reviewed-on: https://review.monogon.dev/c/monogon/+/2270
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

metropolis/proto/ext/authorization.proto

diff --git a/metropolis/proto/ext/authorization.proto b/metropolis/proto/ext/authorization.proto
index 208e4b6..1a0e759 100644
--- a/metropolis/proto/ext/authorization.proto
+++ b/metropolis/proto/ext/authorization.proto
@@ -26,6 +26,8 @@
     PERMISSION_UPDATE_NODE_ROLES = 5;
     PERMISSION_READ_NODE_LOGS = 6;
     PERMISSION_UPDATE_NODE = 7;
+    PERMISSION_DECOMMISSION_NODE = 8;
+    PERMISSION_DELETE_NODE = 9;
 }
 
 // Authorization policy for an RPC method. This message/API does not have the