We're adding a lockout syntax to the wire protocol. Important notes are:
request messages now have an optional field "lockout_key" which, if present, must be a string of 32 hex characters
Any request which changes state (OP_SEND, OP_CMD, OP_SET, OP_RUN, OP_CONFIG if value provided) can be locked-out, and will require a valid key to execute. OP_GET and OP_CONFIG without a value do not change state but only query it, and thus are always valid
There should be a valid cmd for each of ("lock" and "unlock" which change the state of an endpoint to locked or not locked; a provider should change not only its own lock status, but that of all of its endpoints)
The unlock cmd should support values=["force"] which will unlock without providing a key
Adding return codes 307 and 308 for access denied and invalid key formats
CLI tools (notably dripline_agent but possibly others) will support --lockout-key <str>
We're adding a lockout syntax to the wire protocol. Important notes are:
--lockout-key <str>