How to Check Fortanix DSM's Node Join Policy

  • Updated on Jul 15, 2024
  • Published on Jun 20, 2024
  • 2 minute(s) read
Prev Next

1.0 Introduction

This article describes the methods to check the Fortanix DSM's node join policy.

2.0 Prerequisites

To find out your Fortanix DSM cluster’s node join policy you need the following:

  • A user with system administration (sysadmin) access in the Fortanix DSM cluster.

3.0 Check Fortanix DSM'S Node Join Policy

The following sections describe how to check the node join policy using two methods, first using the command line and another method using the Fortanix DSM web user interface (UI).

3.1 Method 1 - Using the Command Line

Perform the following steps:

  1. First, set up some environment variables:

    DSM_DOMAIN="amer.smartkey.io" # Replace the value with your actual DSM domain name.
EMAIL="user@domain"           # Replace the value with your actual email address
read -p "Enter your password: " PASSWORD

  2. After you enter your password in the above command and press ENTER, copy the following lines into your command line:

    BASIC=$(echo -n "$EMAIL:$PASSWORD" | base64)
BEARER_TOKEN=$(curl -s -X POST "https://$DSM_DOMAIN/sys/v1/session/auth" \
    -H "Authorization: Basic $BASIC" | jq -r .access_token)

curl -s -X POST "https://$DSM_DOMAIN/sys/v1/session/select_account" \
    -H "Authorization: Bearer $BEARER_TOKEN" -d '{"acct_id":"278fec9c-aa19-4075-a81e-5bca9649a136"}'

curl -s -X GET "https://$DSM_DOMAIN/admin/v1/cluster" \
    -H "Authorization: Bearer $BEARER_TOKEN" | jq .enrollment/code

    The last line queries the cluster configuration and extracts the parts relevant to the node join policy.
    Example output:

    {
  "join-policy": {
    "all": [
      "node-ca",
      "sgx-ias"
    ]
  },
  "allowed-sgx-types": {
    "any": [
      "standard"
    ]
  }
}

  3. To clean up, do the following:

    curl -s -X POST "https://$DSM_DOMAIN/sys/v1/session/terminate" -H "Authorization: Bearer $BEARER_TOKEN"
unset BEARER_TOKEN
unset BASIC
unset PASSWORD
unset EMAIL

3.2 Method 2 - Using the Fortanix DSM Web UI

Perform the following steps:

  1. Log in to your Fortanix DSM cluster using your sysadmin credentials.

    Screenshot from 2024-03-06 12-06-48.png

    Figure 1: Log in to the DSM cluster using sysadmin credentials

  2. Select the System Administration account. At this point, you must open your browser’s Developer console.
    In Google Chrome and Firefox, this can be done by pressing the
    "Ctrl + Shift + I" keys; other browsers might be different, but there is usually a menu item to do this. When the Developer console is open, select the Network tab.

    Screenshot from 2024-03-06 12-07-20.png

    Figure 2: Select the Network tab on the browser Developer console

  3. Then, click the Settings menu in the Fortanix DSM UI (the left-hand side menu). At this point, you should be able to find a GET call to /admin/v1/cluster, click that, and then look at the response. You should be able to see an entry for “enrollment”. That is your cluster’s node join policy.

    Screenshot from 2024-03-06 12-07-59.png

    Figure 3: Find your cluster's node join policy

Related articles