A newer version is available. For the latest information, see the
current release documentation.
DirectTrustRelationshipedit
The trust relationship with external entities (remote environments, remote accounts…).
Propertiesedit
-
additional_node_names(array[string)] - A list of node names trusted in addition to those deducible from trust_allowlist and scope id. Allows trusting nodes that don't have a scoped name at the cost of maintaining the list. Mandatory if scope id is not defined.
-
certificates(array[TrustedCertificate], required) - The public ca certificate(s) to trust. Only one is required, but it is possible to specify multiple certificates in order to facilitate key rotation.
-
name(string, required) - a human readable name of the trust relationship
-
scope_id(string) - Usually an organization id or an environment id, but could really be any suitable suffix for clusters using the CA certificate of this trust. Required unless trust_all is false and trust_allowlist is empty.
-
trust_all(boolean, required) -
If true, scope_id is required and the
trust_allowlistis ignored and all clusters matching the scope id will be trusted. -
trust_allowlist(array[string)] -
The list of clusters with matching scope to trust. Only used when
trust_allis false. Providing one or more clusters makes scope_id mandatory.
Exampleedit
{
"additional_node_names" : [
"string"
],
"certificates" : [
{
"metadata" : {
"fingerprint" : "string",
"valid_from" : "2019-01-01T00:00:00Z",
"valid_to" : "2019-01-01T00:00:00Z"
},
"pem" : "string"
}
],
"name" : "string",
"scope_id" : "string",
"trust_all" : true,
"trust_allowlist" : [
"string"
]
}