Project

General

Profile

Actions

User story #12357

closed

User story #11851: Port techniques to multi-versionned format

Port "SSH authorised keys" Technique to multiversionned technique

Added by Nicolas CHARLES about 6 years ago. Updated over 5 years ago.

Status:
Released
Priority:
N/A
Category:
Techniques
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
Fix check:
Regression:

Description

Title says it all


Related issues 3 (0 open3 closed)

Related to Rudder - User story #12300: Inconsistent flush of SSH authorised keysRejectedActions
Has duplicate Rudder - Bug #12374: Technique GPG Key Management and SSH Key Management don't work in audit modeReleasedActions
Has duplicate Rudder - User story #6997: The technique SSHKeyManagement doesn't allow to define several keys per user, and flush othersRejectedActions
Actions #1

Updated by Nicolas CHARLES about 6 years ago

This one might help solving the painful issue of strictly enforcing keys for users, when multiple keys are set
We could first copy the file to a temp file (like for sudoers) in prehook, edit the temp file, and as a posthook copy the temp over the exact file. It implies that the posthook will do the actual reporting; but it also implies that the prehook and posthook needs to know all the user that we are managing
I'm not sure that the PRE/POST hook have the facilities to get dynamic parameter, but we can ask for the foreign data in the bundles

That's just the result of my ideas for now

Actions #2

Updated by François ARMAND about 6 years ago

  • Translation missing: en.field_tag_list set to Blocking 4.3

I'm marking it blocking, because we need to know before 4.3-finale if there is something missing in the pre/post facility and correct it now.

Actions #3

Updated by Nicolas CHARLES about 6 years ago

  • Translation missing: en.field_tag_list deleted (Blocking 4.3)
So, after discussing of the solution with Benoît, we will:
  • add a tag to the bundles of the Directives
  • in pre-hooks, find all these bundle with tags, get all the users/flush, and for all user that have at least a flush, create an empty file .tmp (or .rudder) for the sshkey, and for the other copy the existing authorizedkey to this .rudder (or .tmp) file
  • in the directive, edit the .tmp or .rudder file
  • in the post-hook, for the flushed file, if .tmp is different that the sshkey file, report repaired for all the keys of this user, and for those non-flush, base the reporting on the classes defined in the directive itself

This is a non-trivial implementation, but it allows for use case that are broken at the moment, and seems the easiest way to deal with the directive by directive

Actions #4

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.3.0~rc3 to 4.3.0
Actions #5

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.3.0 to 4.3.1
Actions #6

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.3.1 to 4.3.2
Actions #7

Updated by Vincent MEMBRÉ about 6 years ago

  • Target version changed from 4.3.2 to 410
Actions #8

Updated by Benoît PECCATTE almost 6 years ago

  • Target version changed from 410 to 4.3.2
Actions #9

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 4.3.2 to 4.3.3
Actions #10

Updated by Alexis Mousset almost 6 years ago

Actions #11

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 4.3.3 to 4.3.4
Actions #12

Updated by Benoît PECCATTE almost 6 years ago

  • Target version changed from 4.3.4 to 4.3.5
Actions #13

Updated by Nicolas CHARLES almost 6 years ago

  • Status changed from New to In progress
Actions #14

Updated by Nicolas CHARLES almost 6 years ago

  • Assignee set to Nicolas CHARLES
Actions #23

Updated by Nicolas CHARLES over 5 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
  • Pull Request set to https://github.com/Normation/rudder-techniques/pull/1339
Actions #24

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.3.5 to 4.3.6
Actions #25

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.3.6 to 4.3.7
Actions #26

Updated by Alexis Mousset over 5 years ago

  • Has duplicate Bug #12374: Technique GPG Key Management and SSH Key Management don't work in audit mode added
Actions #27

Updated by Vincent MEMBRÉ over 5 years ago

  • Target version changed from 4.3.7 to 4.3.8
Actions #28

Updated by Rudder Quality Assistant over 5 years ago

  • Status changed from Pending technical review to Discussion
  • Assignee changed from Alexis Mousset to Nicolas CHARLES
Actions #29

Updated by Nicolas CHARLES over 5 years ago

  • Status changed from Discussion to Pending technical review
  • Assignee changed from Nicolas CHARLES to Alexis Mousset
Actions #30

Updated by Rudder Quality Assistant over 5 years ago

  • Assignee changed from Alexis Mousset to Nicolas CHARLES
Actions #31

Updated by Nicolas CHARLES over 5 years ago

  • Status changed from Pending technical review to Pending release
Actions #32

Updated by Vincent MEMBRÉ over 5 years ago

  • Subject changed from Port sshKeyDistribution to multiversionned technique to Port "SSH authorised keys" Technique to multiversionned technique
Actions #33

Updated by Vincent MEMBRÉ over 5 years ago

  • Status changed from Pending release to Released
This bug has been fixed in Rudder 4.3.8 and 5.0.4 which were released today.
Changelog
Changelog
Actions #34

Updated by Nicolas CHARLES about 5 years ago

  • Has duplicate User story #6997: The technique SSHKeyManagement doesn't allow to define several keys per user, and flush others added
Actions

Also available in: Atom PDF