forked from the-maldridge/locksmith
-
Notifications
You must be signed in to change notification settings - Fork 0
/
TODO
20 lines (16 loc) · 929 Bytes
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
A requestor puts requests a key to be registered. This checks that
the client spec is not going to be outright denied.
Once accepted, a key needs to be approved. For most networks the
approve-mode should be automatic, but for some networks it may be
desirable to have an approve step where each client is approved
asynchronously by an external policy system.
After this, the key needs to be activated for use. This is done by an
API call and installs a key into the right section of the right
network.
Once activated, a key is either static or expiring. Static keys stay
until deactivated, expiring keys are just leased to the server for a
limited amount of time.
Once activated, a client will have an IP associated with it. This IP
is issued by the server which keeps track of who is using what IP.
After wg-dynamic becomes a thing this can be removed if necessary.
There can also be IPs for static and dynamic ranges.