huddle-cluster 2.2.0__tar.gz → 2.3.0__tar.gz

{huddle_cluster-2.2.0/huddle_cluster.egg-info → huddle_cluster-2.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: huddle-cluster
-Version: 2.2.0
+Version: 2.3.0
 Summary: A penguin-inspired self-organizing server load balancer with adaptive thermal eviction — now with master/agent cluster management
 Author-email: Rahad Bhuiya <rahadbhuiya2021@gmail.com>
 License: MIT License
@@ -83,7 +83,7 @@ Dynamic: license-file
 A penguin-inspired, self-organizing server load balancer with adaptive thermal eviction.
 
 **Author:** Rahad Bhuiya <br>
-**Version:** 2.2.0 <br>
+**Version:** 2.3.0 <br>
 **License:** MIT <br>
 **Paper:** [HuddleCluster: A Penguin-Inspired Self-Organizing Load Balancer with Adaptive Thermal Eviction](https://github.com/rahadbhuiya/HuddleCluster/blob/main/docs/HuddleCluster.pdf)
 
@@ -524,6 +524,50 @@ agent.start()
 | `POST` | `/v1/nodes/{id}/heartbeat` | Heartbeat + metrics |
 | `DELETE` | `/v1/nodes/{id}` | Graceful departure |
 
+### Authentication & RBAC (Level 2)
+
+By default the master's API is open — no credentials needed, same as
+before this existed. To lock it down, pass `api_keys`:
+
+```python
+from huddle_cluster_pkg import MasterNode
+
+master = MasterNode(
+    port=7070,
+    api_keys={
+        "admin-secret-key":   "admin",    # can join/heartbeat/leave + read
+        "dashboard-view-key": "viewer",   # read-only: status/metrics/nodes
+    },
+)
+master.start()
+```
+
+```bash
+huddle-cluster master start --api-key admin-secret-key=admin --api-key dashboard-view-key=viewer
+```
+
+Every request then needs `Authorization: Bearer <key>` — except
+`GET /v1/health`, which is deliberately exempt so liveness probes don't
+need credentials. Agents authenticate the same way:
+
+```python
+agent = AgentNode(
+    node_id="web-01", master_url="http://master:7070", port=8080,
+    api_key="admin-secret-key",   # agents need an admin-role key
+)
+```
+
+```bash
+huddle-cluster agent start --id web-01 --master http://master:7070 --port 8080 --api-key admin-secret-key
+```
+
+The CLI's read commands (`nodes list`, `nodes status`, `cluster status`,
+`cluster metrics`) accept `--api-key` too. A missing/invalid key gets
+`401`; a valid key without enough permission (e.g. a viewer trying to
+join) gets `403` — both logged on the master side for visibility. An
+unrecognized role string is treated as no access rather than full access,
+so a typo in configuration fails closed.
+
 ### Auto Recovery (Level 2)
 
 A node that dies and recovers repeatedly within a short window is not
@@ -640,7 +684,7 @@ HuddleCluster/
 |   |   |-- nginx_lc.conf          # NGINX least-connections config
 |   |-- run_http_benchmark.bat     # Windows one-click runner
 |
-|-- tests/                         # 514 tests across 19 modules
+|-- tests/                         # 533 tests across 19 modules
 |   |-- test_rotation.py           # Rotation, eviction, feedback loop
 |   |-- test_fairness.py           # Fairness and Gini tests
 |   |-- test_stress.py             # Concurrent load tests
@@ -658,8 +702,8 @@ HuddleCluster/
 |   |-- test_redis_backend.py      # Redis backend tests (uses fakeredis mock)
 |   |-- test_grpc_cluster.py       # gRPC cluster tests (uses grpc mock)
 |   |-- test_k8s_discovery.py      # K8s discovery tests (uses k8s mock)
-|   |-- test_cluster_master.py     # MasterNode tests — 61 tests (v2.0.0)
-|   |-- test_cluster_agent.py      # AgentNode tests  — 26 tests (v2.0.0)
+|   |-- test_cluster_master.py     # MasterNode tests — 74 tests (v2.0.0)
+|   |-- test_cluster_agent.py      # AgentNode tests  — 32 tests (v2.0.0)
 |   |-- conftest.py                # Shared fixtures
 |
 |-- examples/
@@ -893,10 +937,10 @@ Setup PyPI Trusted Publishing:
 - [x] Node list with status, metrics, last-seen-ago — v2.0.0
 - [x] `huddle-cluster` CLI (master start, agent start, nodes list, cluster status) — v2.0.0
 
-**Level 2 — Production Ready (in progress, 3/6)**
+**Level 2 — Production Ready (in progress, 4/6)**
 - [x] Auto recovery — flapping detection (quarantine) and stale-node purge — v2.1.0
 - [ ] Web dashboard — real-time cluster topology view
-- [ ] RBAC / authentication — API key and role-based access
+- [x] RBAC / authentication — API key with admin/viewer roles — v2.3.0
 - [x] Monitoring — `unhealthy_alive_ratio` threshold + on_cluster_unhealthy/recovered — v2.2.0
 - [x] Metrics — `GET /v1/metrics` Prometheus exposition, per-node + cluster-wide — v2.2.0
 - [ ] REST API — full OpenAPI spec with versioning

{huddle_cluster-2.2.0 → huddle_cluster-2.3.0}/README.md

@@ -9,7 +9,7 @@
 A penguin-inspired, self-organizing server load balancer with adaptive thermal eviction.
 
 **Author:** Rahad Bhuiya <br>
-**Version:** 2.2.0 <br>
+**Version:** 2.3.0 <br>
 **License:** MIT <br>
 **Paper:** [HuddleCluster: A Penguin-Inspired Self-Organizing Load Balancer with Adaptive Thermal Eviction](https://github.com/rahadbhuiya/HuddleCluster/blob/main/docs/HuddleCluster.pdf)
 
@@ -450,6 +450,50 @@ agent.start()
 | `POST` | `/v1/nodes/{id}/heartbeat` | Heartbeat + metrics |
 | `DELETE` | `/v1/nodes/{id}` | Graceful departure |
 
+### Authentication & RBAC (Level 2)
+
+By default the master's API is open — no credentials needed, same as
+before this existed. To lock it down, pass `api_keys`:
+
+```python
+from huddle_cluster_pkg import MasterNode
+
+master = MasterNode(
+    port=7070,
+    api_keys={
+        "admin-secret-key":   "admin",    # can join/heartbeat/leave + read
+        "dashboard-view-key": "viewer",   # read-only: status/metrics/nodes
+    },
+)
+master.start()
+```
+
+```bash
+huddle-cluster master start --api-key admin-secret-key=admin --api-key dashboard-view-key=viewer
+```
+
+Every request then needs `Authorization: Bearer <key>` — except
+`GET /v1/health`, which is deliberately exempt so liveness probes don't
+need credentials. Agents authenticate the same way:
+
+```python
+agent = AgentNode(
+    node_id="web-01", master_url="http://master:7070", port=8080,
+    api_key="admin-secret-key",   # agents need an admin-role key
+)
+```
+
+```bash
+huddle-cluster agent start --id web-01 --master http://master:7070 --port 8080 --api-key admin-secret-key
+```
+
+The CLI's read commands (`nodes list`, `nodes status`, `cluster status`,
+`cluster metrics`) accept `--api-key` too. A missing/invalid key gets
+`401`; a valid key without enough permission (e.g. a viewer trying to
+join) gets `403` — both logged on the master side for visibility. An
+unrecognized role string is treated as no access rather than full access,
+so a typo in configuration fails closed.
+
 ### Auto Recovery (Level 2)
 
 A node that dies and recovers repeatedly within a short window is not
@@ -566,7 +610,7 @@ HuddleCluster/
 |   |   |-- nginx_lc.conf          # NGINX least-connections config
 |   |-- run_http_benchmark.bat     # Windows one-click runner
 |
-|-- tests/                         # 514 tests across 19 modules
+|-- tests/                         # 533 tests across 19 modules
 |   |-- test_rotation.py           # Rotation, eviction, feedback loop
 |   |-- test_fairness.py           # Fairness and Gini tests
 |   |-- test_stress.py             # Concurrent load tests
@@ -584,8 +628,8 @@ HuddleCluster/
 |   |-- test_redis_backend.py      # Redis backend tests (uses fakeredis mock)
 |   |-- test_grpc_cluster.py       # gRPC cluster tests (uses grpc mock)
 |   |-- test_k8s_discovery.py      # K8s discovery tests (uses k8s mock)
-|   |-- test_cluster_master.py     # MasterNode tests — 61 tests (v2.0.0)
-|   |-- test_cluster_agent.py      # AgentNode tests  — 26 tests (v2.0.0)
+|   |-- test_cluster_master.py     # MasterNode tests — 74 tests (v2.0.0)
+|   |-- test_cluster_agent.py      # AgentNode tests  — 32 tests (v2.0.0)
 |   |-- conftest.py                # Shared fixtures
 |
 |-- examples/
@@ -819,10 +863,10 @@ Setup PyPI Trusted Publishing:
 - [x] Node list with status, metrics, last-seen-ago — v2.0.0
 - [x] `huddle-cluster` CLI (master start, agent start, nodes list, cluster status) — v2.0.0
 
-**Level 2 — Production Ready (in progress, 3/6)**
+**Level 2 — Production Ready (in progress, 4/6)**
 - [x] Auto recovery — flapping detection (quarantine) and stale-node purge — v2.1.0
 - [ ] Web dashboard — real-time cluster topology view
-- [ ] RBAC / authentication — API key and role-based access
+- [x] RBAC / authentication — API key with admin/viewer roles — v2.3.0
 - [x] Monitoring — `unhealthy_alive_ratio` threshold + on_cluster_unhealthy/recovered — v2.2.0
 - [x] Metrics — `GET /v1/metrics` Prometheus exposition, per-node + cluster-wide — v2.2.0
 - [ ] REST API — full OpenAPI spec with versioning

{huddle_cluster-2.2.0 → huddle_cluster-2.3.0/huddle_cluster.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: huddle-cluster
-Version: 2.2.0
+Version: 2.3.0
 Summary: A penguin-inspired self-organizing server load balancer with adaptive thermal eviction — now with master/agent cluster management
 Author-email: Rahad Bhuiya <rahadbhuiya2021@gmail.com>
 License: MIT License
@@ -83,7 +83,7 @@ Dynamic: license-file
 A penguin-inspired, self-organizing server load balancer with adaptive thermal eviction.
 
 **Author:** Rahad Bhuiya <br>
-**Version:** 2.2.0 <br>
+**Version:** 2.3.0 <br>
 **License:** MIT <br>
 **Paper:** [HuddleCluster: A Penguin-Inspired Self-Organizing Load Balancer with Adaptive Thermal Eviction](https://github.com/rahadbhuiya/HuddleCluster/blob/main/docs/HuddleCluster.pdf)
 
@@ -524,6 +524,50 @@ agent.start()
 | `POST` | `/v1/nodes/{id}/heartbeat` | Heartbeat + metrics |
 | `DELETE` | `/v1/nodes/{id}` | Graceful departure |
 
+### Authentication & RBAC (Level 2)
+
+By default the master's API is open — no credentials needed, same as
+before this existed. To lock it down, pass `api_keys`:
+
+```python
+from huddle_cluster_pkg import MasterNode
+
+master = MasterNode(
+    port=7070,
+    api_keys={
+        "admin-secret-key":   "admin",    # can join/heartbeat/leave + read
+        "dashboard-view-key": "viewer",   # read-only: status/metrics/nodes
+    },
+)
+master.start()
+```
+
+```bash
+huddle-cluster master start --api-key admin-secret-key=admin --api-key dashboard-view-key=viewer
+```
+
+Every request then needs `Authorization: Bearer <key>` — except
+`GET /v1/health`, which is deliberately exempt so liveness probes don't
+need credentials. Agents authenticate the same way:
+
+```python
+agent = AgentNode(
+    node_id="web-01", master_url="http://master:7070", port=8080,
+    api_key="admin-secret-key",   # agents need an admin-role key
+)
+```
+
+```bash
+huddle-cluster agent start --id web-01 --master http://master:7070 --port 8080 --api-key admin-secret-key
+```
+
+The CLI's read commands (`nodes list`, `nodes status`, `cluster status`,
+`cluster metrics`) accept `--api-key` too. A missing/invalid key gets
+`401`; a valid key without enough permission (e.g. a viewer trying to
+join) gets `403` — both logged on the master side for visibility. An
+unrecognized role string is treated as no access rather than full access,
+so a typo in configuration fails closed.
+
 ### Auto Recovery (Level 2)
 
 A node that dies and recovers repeatedly within a short window is not
@@ -640,7 +684,7 @@ HuddleCluster/
 |   |   |-- nginx_lc.conf          # NGINX least-connections config
 |   |-- run_http_benchmark.bat     # Windows one-click runner
 |
-|-- tests/                         # 514 tests across 19 modules
+|-- tests/                         # 533 tests across 19 modules
 |   |-- test_rotation.py           # Rotation, eviction, feedback loop
 |   |-- test_fairness.py           # Fairness and Gini tests
 |   |-- test_stress.py             # Concurrent load tests
@@ -658,8 +702,8 @@ HuddleCluster/
 |   |-- test_redis_backend.py      # Redis backend tests (uses fakeredis mock)
 |   |-- test_grpc_cluster.py       # gRPC cluster tests (uses grpc mock)
 |   |-- test_k8s_discovery.py      # K8s discovery tests (uses k8s mock)
-|   |-- test_cluster_master.py     # MasterNode tests — 61 tests (v2.0.0)
-|   |-- test_cluster_agent.py      # AgentNode tests  — 26 tests (v2.0.0)
+|   |-- test_cluster_master.py     # MasterNode tests — 74 tests (v2.0.0)
+|   |-- test_cluster_agent.py      # AgentNode tests  — 32 tests (v2.0.0)
 |   |-- conftest.py                # Shared fixtures
 |
 |-- examples/
@@ -893,10 +937,10 @@ Setup PyPI Trusted Publishing:
 - [x] Node list with status, metrics, last-seen-ago — v2.0.0
 - [x] `huddle-cluster` CLI (master start, agent start, nodes list, cluster status) — v2.0.0
 
-**Level 2 — Production Ready (in progress, 3/6)**
+**Level 2 — Production Ready (in progress, 4/6)**
 - [x] Auto recovery — flapping detection (quarantine) and stale-node purge — v2.1.0
 - [ ] Web dashboard — real-time cluster topology view
-- [ ] RBAC / authentication — API key and role-based access
+- [x] RBAC / authentication — API key with admin/viewer roles — v2.3.0
 - [x] Monitoring — `unhealthy_alive_ratio` threshold + on_cluster_unhealthy/recovered — v2.2.0
 - [x] Metrics — `GET /v1/metrics` Prometheus exposition, per-node + cluster-wide — v2.2.0
 - [ ] REST API — full OpenAPI spec with versioning

{huddle_cluster-2.2.0 → huddle_cluster-2.3.0}/huddle_cluster.py

@@ -14,7 +14,7 @@ Rotation Rules:
   - No central coordinator needed — threshold-driven, self-organizing
 
 Author : Rahad Bhuiya (inspired by Penguin Biology)
-Version: 2.2.0
+Version: 2.3.0
 License: MIT
 
 Changelog v1.4.0
@@ -125,7 +125,7 @@ from enum import Enum
 from typing import Any, Callable, Generator, Optional
 
 #  Version 
-__version__ = "2.2.0"
+__version__ = "2.3.0"
 __author__  = "Rahad Bhuiya"
 __license__ = "MIT"
 

{huddle_cluster-2.2.0 → huddle_cluster-2.3.0}/huddle_cluster_pkg/cli.py

@@ -9,20 +9,21 @@ Commands
     huddle-cluster master start  [--host HOST] [--port PORT] [--timeout SEC]
                                  [--flap-window SEC] [--flap-threshold N]
                                  [--quarantine-recovery N] [--purge-after SEC]
+                                 [--api-key KEY=ROLE ...]
 
     huddle-cluster agent  start  --id ID --master URL --port PORT
                                  [--address IP] [--interval SEC]
-                                 [--retry N] [--meta key=val ...]
+                                 [--retry N] [--meta key=val ...] [--api-key KEY]
 
-    huddle-cluster nodes  list   [--master URL]
-    huddle-cluster nodes  status NODE_ID [--master URL]
+    huddle-cluster nodes  list   [--master URL] [--api-key KEY]
+    huddle-cluster nodes  status NODE_ID [--master URL] [--api-key KEY]
 
-    huddle-cluster cluster status [--master URL]
+    huddle-cluster cluster status [--master URL] [--api-key KEY]
     huddle-cluster cluster health [--master URL]
-    huddle-cluster cluster metrics [--master URL]
+    huddle-cluster cluster metrics [--master URL] [--api-key KEY]
 
 Author : Rahad Bhuiya
-Version: 2.2.0
+Version: 2.3.0
 License: MIT
 """
 
@@ -44,34 +45,53 @@ _DEFAULT_MASTER = "http://localhost:7070"
 # HTTP helpers
 
 
-def _get(master_url: str, path: str) -> Dict[str, Any]:
+def _build_get_request(master_url: str, path: str, api_key: Optional[str]) -> urllib.request.Request:
     url = f"{master_url.rstrip('/')}{path}"
-    try:
-        with urllib.request.urlopen(url, timeout=5.0) as resp:
-            return json.loads(resp.read())
-    except urllib.error.URLError as exc:
+    req = urllib.request.Request(url)
+    if api_key:
+        req.add_header("Authorization", f"Bearer {api_key}")
+    return req
+
+
+def _report_fetch_error(master_url: str, exc: Exception) -> None:
+    if isinstance(exc, urllib.error.HTTPError):
+        if exc.code == 401:
+            print("\n[error] Authentication required — pass --api-key, "
+                  "or the key was rejected")
+        elif exc.code == 403:
+            print("\n[error] This API key doesn't have permission for this "
+                  "request (viewer keys can't modify the cluster)")
+        else:
+            try:
+                body = json.loads(exc.read())
+                print(f"\n[error] {body.get('error', exc.reason)}")
+            except Exception:
+                print(f"\n[error] HTTP {exc.code}: {exc.reason}")
+    elif isinstance(exc, urllib.error.URLError):
         print(f"\n[error] Cannot reach master at {master_url}")
         print(f"        {exc.reason}")
         print("        Is the master running?  huddle-cluster master start")
-        sys.exit(1)
-    except Exception as exc:
+    else:
         print(f"\n[error] {exc}", file=sys.stderr)
-        sys.exit(1)
+    sys.exit(1)
 
 
-def _get_text(master_url: str, path: str) -> str:
-    url = f"{master_url.rstrip('/')}{path}"
+def _get(master_url: str, path: str, api_key: Optional[str] = None) -> Dict[str, Any]:
+    req = _build_get_request(master_url, path, api_key)
     try:
-        with urllib.request.urlopen(url, timeout=5.0) as resp:
+        with urllib.request.urlopen(req, timeout=5.0) as resp:
+            return json.loads(resp.read())
+    except Exception as exc:
+        _report_fetch_error(master_url, exc)
+
+
+def _get_text(master_url: str, path: str, api_key: Optional[str] = None) -> str:
+    req = _build_get_request(master_url, path, api_key)
+    try:
+        with urllib.request.urlopen(req, timeout=5.0) as resp:
             return resp.read().decode()
-    except urllib.error.URLError as exc:
-        print(f"\n[error] Cannot reach master at {master_url}")
-        print(f"        {exc.reason}")
-        print("        Is the master running?  huddle-cluster master start")
-        sys.exit(1)
     except Exception as exc:
-        print(f"\n[error] {exc}", file=sys.stderr)
-        sys.exit(1)
+        _report_fetch_error(master_url, exc)
 
 
 def _print_json(data: Dict) -> None:
@@ -81,7 +101,6 @@ def _print_json(data: Dict) -> None:
 
 # Command handlers
 
-
 def cmd_master_start(args: argparse.Namespace) -> None:
     """Start a MasterNode (blocking until Ctrl-C)."""
     import logging
@@ -93,6 +112,17 @@ def cmd_master_start(args: argparse.Namespace) -> None:
         datefmt="%H:%M:%S",
     )
 
+    api_keys: Optional[Dict[str, str]] = None
+    if args.api_key:
+        api_keys = {}
+        for item in args.api_key:
+            if "=" not in item:
+                print(f"[warn] ignoring malformed --api-key entry: {item!r} "
+                      f"(expected KEY=ROLE, e.g. --api-key secret123=admin)")
+                continue
+            k, role = item.split("=", 1)
+            api_keys[k.strip()] = role.strip()
+
     master = MasterNode(
         host=args.host,
         port=args.port,
@@ -101,6 +131,7 @@ def cmd_master_start(args: argparse.Namespace) -> None:
         flap_threshold=args.flap_threshold,
         quarantine_recovery_heartbeats=args.quarantine_recovery,
         purge_after_sec=args.purge_after,
+        api_keys=api_keys,
     )
 
     def on_join(node):
@@ -133,6 +164,7 @@ def cmd_master_start(args: argparse.Namespace) -> None:
           f"{args.flap_window:.0f}s, recover after {args.quarantine_recovery} heartbeats")
     if args.purge_after:
         print(f"  Purge     : dead nodes removed after {args.purge_after:.0f}s")
+    print(f"  Auth      : {'enabled (' + str(len(api_keys)) + ' key(s))' if api_keys else 'disabled (open API)'}")
     print(f"  API prefix: http://{args.host}:{args.port}{_API_V1}/")
     print("\n  Press Ctrl-C to stop.\n")
 
@@ -171,6 +203,7 @@ def cmd_agent_start(args: argparse.Namespace) -> None:
         address=args.address or None,
         heartbeat_interval_sec=args.interval,
         metadata=meta,
+        api_key=args.api_key,
     )
     agent.start(retry=args.retry)
 
@@ -192,7 +225,7 @@ def cmd_agent_start(args: argparse.Namespace) -> None:
 
 
 def cmd_nodes_list(args: argparse.Namespace) -> None:
-    data  = _get(args.master, f"{_API_V1}/nodes")
+    data  = _get(args.master, f"{_API_V1}/nodes", args.api_key)
     nodes = data.get("nodes", [])
 
     if not nodes:
@@ -210,12 +243,12 @@ def cmd_nodes_list(args: argparse.Namespace) -> None:
 
 
 def cmd_nodes_status(args: argparse.Namespace) -> None:
-    data = _get(args.master, f"{_API_V1}/nodes/{args.node_id}")
+    data = _get(args.master, f"{_API_V1}/nodes/{args.node_id}", args.api_key)
     _print_json(data)
 
 
 def cmd_cluster_status(args: argparse.Namespace) -> None:
-    data = _get(args.master, f"{_API_V1}/status")
+    data = _get(args.master, f"{_API_V1}/status", args.api_key)
 
     print(f"\nHuddleCluster Status")
     print(f"  Master      : {data.get('master')}")
@@ -238,7 +271,7 @@ def cmd_cluster_health(args: argparse.Namespace) -> None:
 
 
 def cmd_cluster_metrics(args: argparse.Namespace) -> None:
-    text = _get_text(args.master, f"{_API_V1}/metrics")
+    text = _get_text(args.master, f"{_API_V1}/metrics", args.api_key)
     print(text, end="")
 
 
@@ -277,6 +310,10 @@ def build_parser() -> argparse.ArgumentParser:
     ms.add_argument("--purge-after", type=float, default=None,
                     help="Remove dead nodes from the registry after this many seconds "
                          "(default: never purge)")
+    ms.add_argument("--api-key", action="append", metavar="KEY=ROLE",
+                    help="Add an API key with a role (admin or viewer); repeatable, "
+                         "e.g. --api-key secret123=admin --api-key view456=viewer. "
+                         "If never given, the API is open (no auth).")
     ms.set_defaults(func=cmd_master_start)
 
     
@@ -301,6 +338,8 @@ def build_parser() -> argparse.ArgumentParser:
                     help="Join retry attempts  (default: 5)")
     ag.add_argument("--meta",     nargs="*", metavar="KEY=VAL",
                     help="Metadata key=value pairs, e.g. --meta region=us-east role=lb")
+    ag.add_argument("--api-key",  default=None,
+                    help="API key to authenticate with the master, if it requires auth")
     ag.set_defaults(func=cmd_agent_start)
 
     
@@ -313,12 +352,16 @@ def build_parser() -> argparse.ArgumentParser:
     nl = nodes_s.add_parser("list", help="List all registered nodes")
     nl.add_argument("--master", default=_DEFAULT_MASTER,
                     help=f"Master URL  (default: {_DEFAULT_MASTER})")
+    nl.add_argument("--api-key", default=None,
+                    help="API key, if the master requires auth")
     nl.set_defaults(func=cmd_nodes_list)
 
     ns = nodes_s.add_parser("status", help="Detailed status for one node")
     ns.add_argument("node_id", help="Node ID to inspect")
     ns.add_argument("--master", default=_DEFAULT_MASTER,
                     help=f"Master URL  (default: {_DEFAULT_MASTER})")
+    ns.add_argument("--api-key", default=None,
+                    help="API key, if the master requires auth")
     ns.set_defaults(func=cmd_nodes_status)
 
     
@@ -331,6 +374,8 @@ def build_parser() -> argparse.ArgumentParser:
     cs = cluster_s.add_parser("status", help="Show cluster status summary")
     cs.add_argument("--master", default=_DEFAULT_MASTER,
                     help=f"Master URL  (default: {_DEFAULT_MASTER})")
+    cs.add_argument("--api-key", default=None,
+                    help="API key, if the master requires auth")
     cs.set_defaults(func=cmd_cluster_status)
 
     ch = cluster_s.add_parser("health", help="Quick health check (exit 1 if not ok)")
@@ -341,6 +386,8 @@ def build_parser() -> argparse.ArgumentParser:
     cm = cluster_s.add_parser("metrics", help="Print Prometheus text exposition")
     cm.add_argument("--master", default=_DEFAULT_MASTER,
                     help=f"Master URL  (default: {_DEFAULT_MASTER})")
+    cm.add_argument("--api-key", default=None,
+                    help="API key, if the master requires auth")
     cm.set_defaults(func=cmd_cluster_metrics)
 
     return parser

{huddle_cluster-2.2.0 → huddle_cluster-2.3.0}/huddle_cluster_pkg/cluster_agent.py

@@ -9,7 +9,7 @@ communication with the MasterNode:
   - Deregisters gracefully on shutdown   (DELETE /v1/nodes/{id})
 
 Author : Rahad Bhuiya
-Version: 2.0.0
+Version: 2.3.0
 License: MIT
 """
 
@@ -77,6 +77,7 @@ class AgentNode:
         heartbeat_interval_sec: float = DEFAULT_HEARTBEAT_INTERVAL,
         request_timeout_sec: float = DEFAULT_REQUEST_TIMEOUT,
         metadata: Optional[Dict[str, Any]] = None,
+        api_key: Optional[str] = None,
         on_master_unreachable: Optional[Callable[[], None]] = None,
         on_recovered: Optional[Callable[[], None]] = None,
     ) -> None:
@@ -95,6 +96,7 @@ class AgentNode:
         self._interval = heartbeat_interval_sec
         self._request_timeout = request_timeout_sec
         self._metadata = metadata or {}
+        self._api_key  = api_key
         self._on_unreachable = on_master_unreachable
         self._on_recovered   = on_recovered
 
@@ -195,6 +197,7 @@ class AgentNode:
     
     # Internal — join
     
+
     def _join_with_retry(self, max_retry: int) -> None:
         for attempt in range(1, max_retry + 1):
             if self._send_join():
@@ -300,7 +303,7 @@ class AgentNode:
                 if master_reachable and self._consecutive_failures % 3 == 0:
                     should_rejoin = True
 
-        # -- fire actions OUTSIDE the lock --
+        #  fire actions OUTSIDE the lock 
 
         if should_rejoin:
             if self._send_join():
@@ -333,6 +336,8 @@ class AgentNode:
         url = f"{self._master}{_API_V1}/nodes/{self._node_id}"
         req = urllib.request.Request(url, method="DELETE")
         req.add_header("Content-Type", "application/json")
+        if self._api_key:
+            req.add_header("Authorization", f"Bearer {self._api_key}")
         try:
             with urllib.request.urlopen(req, timeout=self._request_timeout):
                 pass
@@ -357,6 +362,8 @@ class AgentNode:
         req  = urllib.request.Request(url, data=data, method="POST")
         req.add_header("Content-Type",   "application/json")
         req.add_header("Content-Length", str(len(data)))
+        if self._api_key:
+            req.add_header("Authorization", f"Bearer {self._api_key}")
         try:
             with urllib.request.urlopen(req, timeout=self._request_timeout) as resp:
                 return json.loads(resp.read())