Skip to content

Client registration

External clients need to use TLS to communicate with the system securely. Clients must enroll in the system in order for certificates to be created for TLS communication.

Enrollment

Clients issue an enrollment request to the client controller, which handles certificate creation, and the client controller responds to the client with a unique client ID.

Client enrollment flow

This step requires an access token that can be retrieved as described here

Below is an explicit example of enrolling a client using curl

curl https://${INSIGHTS_HOSTNAME}/clientcontroller/enrol -H "Authorization: Bearer ${INSIGHTS_TOKEN}" -d '{ "name": "my-client", "topics": { "insert": "data", "query": "requests" }}'

Example response

{"message":"success","detail":"Client enrolled","url":"d0c8ae0ae920f4ed78b2b8725dffdb74"}

Topics

The topics.insert field must match the rt.sequencer.topic in Helm values file, by default this is data.

Retrieving certs and endpoints

Once the client is enrolled, they can use their unique client ID to communicate with the information service to retrieve their certificates and information about the endpoints corresponding to the topics they registered with.

Client information request

Below is an explicit example of retrieving the certs and endpoints using curl

curl https://${INSIGHTS_HOSTNAME}/informationservice/details/d0c8ae0ae920f4ed78b2b8725dffdb74 | jq .

Example response

{
  "name": "my-client",
  "topics": {
    "insert": "data",
    "query": "requests"
  },
  "ca": "<redacted>",
  "cert": "<redacted>",
  "key": "<redacted>",
  "insert": {
    "insert": [
      ":12.33.33.193:5000"
    ],
    "query": [
      ":12.33.33.193:5000"
    ]
  },
  "query": [
    ":12.44.212.322:5050"
  ]
}

Client removal

If a client is no longer being used, a removal request can be issued to delete the client's certificates from the system.

Removing a client requires an access token that can be retrieved as described here

Client removal

Below is an explicit example of removing a client using curl

curl https://${INSIGHTS_HOSTNAME}/clientcontroller/leave -H "Authorization: Bearer ${INSIGHTS_TOKEN}" -d '{ "name": "my-client" }'

Example response

{ "message": "success", "detail": "Client removed" }