Check node, not group, for need of change request
For now, to check if a change request is needed for a given change, we look to groups.
But really, what we want to know, is if a node in one group must be checked, ie: it's a property of the node, not a property of the group, and the group is only a medium to set that property.
So, we need a resolver that for a node gives the list of groups applied to it, then for a rule to look for all set of group and their dependencies (from node), and then intersect that set with the list of supervised groups.
We also certainly need some explanation about why we will request change request, perhaps by logging example of node causing it.
The canonical use cases to deal with are:
- node1 and node2 in groupA, - node1 in groupB - ruleA targets groupA, - groupB is supervised ==> a change to ruleA must trigger a validation request.
- groupA is composed of groupB and other parameters, - node1 is in groupB, - ruleA targets groupA, - groupB is supervised ==> a change to ruleA must trigger a validation request.
#2 Updated by François ARMAND 2 months ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder-plugins/pull/119
#3 Updated by François ARMAND 2 months ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder:rudder-plugins|4d9f4dfaa19b6c9eb7f920c946ecc482371c771e.