User story #12357
closedUser story #11851: Port techniques to multi-versionned format
Port "SSH authorised keys" Technique to multiversionned technique
Description
Title says it all
Updated by Nicolas CHARLES over 6 years ago
This one might help solving the painful issue of strictly enforcing keys for users, when multiple keys are set
We could first copy the file to a temp file (like for sudoers) in prehook, edit the temp file, and as a posthook copy the temp over the exact file. It implies that the posthook will do the actual reporting; but it also implies that the prehook and posthook needs to know all the user that we are managing
I'm not sure that the PRE/POST hook have the facilities to get dynamic parameter, but we can ask for the foreign data in the bundles
That's just the result of my ideas for now
Updated by François ARMAND over 6 years ago
- Translation missing: en.field_tag_list set to Blocking 4.3
I'm marking it blocking, because we need to know before 4.3-finale if there is something missing in the pre/post facility and correct it now.
Updated by Nicolas CHARLES over 6 years ago
- Translation missing: en.field_tag_list deleted (
Blocking 4.3)
- add a tag to the bundles of the Directives
- in pre-hooks, find all these bundle with tags, get all the users/flush, and for all user that have at least a flush, create an empty file .tmp (or .rudder) for the sshkey, and for the other copy the existing authorizedkey to this .rudder (or .tmp) file
- in the directive, edit the .tmp or .rudder file
- in the post-hook, for the flushed file, if .tmp is different that the sshkey file, report repaired for all the keys of this user, and for those non-flush, base the reporting on the classes defined in the directive itself
This is a non-trivial implementation, but it allows for use case that are broken at the moment, and seems the easiest way to deal with the directive by directive
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.3.0~rc3 to 4.3.0
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.3.0 to 4.3.1
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.3.1 to 4.3.2
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.3.2 to 410
Updated by Benoît PECCATTE over 6 years ago
- Target version changed from 410 to 4.3.2
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.3.2 to 4.3.3
Updated by Alexis Mousset over 6 years ago
- Related to User story #12300: Inconsistent flush of SSH authorised keys added
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.3.3 to 4.3.4
Updated by Benoît PECCATTE over 6 years ago
- Target version changed from 4.3.4 to 4.3.5
Updated by Nicolas CHARLES over 6 years ago
- Status changed from New to In progress
Updated by Nicolas CHARLES over 6 years ago
Updated by Nicolas CHARLES over 6 years ago
Updated by Nicolas CHARLES over 6 years ago
Updated by Nicolas CHARLES over 6 years ago
Updated by Nicolas CHARLES over 6 years ago
Updated by Nicolas CHARLES over 6 years ago
Updated by Nicolas CHARLES over 6 years ago
Updated by Nicolas CHARLES over 6 years ago
Updated by Nicolas CHARLES over 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/1339
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.3.5 to 4.3.6
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.3.6 to 4.3.7
Updated by Alexis Mousset about 6 years ago
- Has duplicate Bug #12374: Technique GPG Key Management and SSH Key Management don't work in audit mode added
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.3.7 to 4.3.8
Updated by Rudder Quality Assistant about 6 years ago
- Status changed from Pending technical review to Discussion
- Assignee changed from Alexis Mousset to Nicolas CHARLES
Updated by Nicolas CHARLES about 6 years ago
- Status changed from Discussion to Pending technical review
- Assignee changed from Nicolas CHARLES to Alexis Mousset
Updated by Rudder Quality Assistant about 6 years ago
- Assignee changed from Alexis Mousset to Nicolas CHARLES
Updated by Nicolas CHARLES about 6 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder-techniques|c85e0c69621127efcd5600efb8ff38152014ffbe.
Updated by Vincent MEMBRÉ almost 6 years ago
- Subject changed from Port sshKeyDistribution to multiversionned technique to Port "SSH authorised keys" Technique to multiversionned technique
Updated by Vincent MEMBRÉ almost 6 years ago
- Status changed from Pending release to Released
Updated by Nicolas CHARLES over 5 years ago
- Has duplicate User story #6997: The technique SSHKeyManagement doesn't allow to define several keys per user, and flush others added