feat: add self-enrollment workflow for automated PKI provisioning

- Phase 1: CLI args (--enroll flag), enroll module skeleton, config support - Phase 2: Registration request, polling loop (24h timeout), main.rs integration - Phase 3: PKI extraction, atomic cert writing, whitelist auto-append, mTLS transition - Phase 4: E2E test suite, README/DEPLOYMENT docs, CI pipeline - Phase 5: SPEC.md, API_DOCUMENTATION.md, CHANGELOG.md, ROADMAP.md sync Security review: APPROVED (0 critical, 0 high findings) Cross-distro compatible: Debian/Ubuntu, RHEL/CentOS/Fedora, Alpine, Arch Linux
2026-05-17 05:30:42 +00:00
parent 949cbb2632
commit 75ec2b8e3c
24 changed files with 4610 additions and 70 deletions
--- a/configs/config.yaml.example
+++ b/configs/config.yaml.example
@ -44,3 +44,16 @@ package_manager:
  # Primary backend (auto-detected if not specified)
  # Options: apt, dnf, yum, apk, pacman
  backend: "auto"
+
+# Enrollment Configuration (optional)
+# Uncomment and configure for self-enrollment with linux_patch_manager
+# enrollment:
+#   # URL of the enrollment manager for polling status updates
+#   manager_url: "https://manager.example.com/enroll"
+#   # Authentication token for enrollment polling requests
+#   polling_token: "your-enrollment-token-here"
+#   # How often to poll the manager in seconds (default: 60)
+#   polling_interval_seconds: 60
+#   # Maximum number of polling attempts before giving up
+#   # Default: 1440 (24 hours at 60s intervals = 86400 seconds total)
+#   max_poll_attempts: 1440