Architecture #18730
closedMove allowed network data to settings
Description
Having allowed networks directly in a directive create a lot of problems:
- it breaks event log rollback which are recorded for it (#18711)
- it makes complicated the possibility to add description on them,
- it's the only user configured data which is like that, creating surprises.
Updated by François ARMAND about 4 years ago
- Related to Bug #18711: rollback error when trying to revert allowed networks: "event log xxx don't have a matching commitId" added
Updated by François ARMAND over 3 years ago
This will take place along with the refactoring of system policies.
The specs are:
- store in settings policy_servers_allowed_networks,ou=Application Properties,cn=rudder-configuration
a json alike:
{ "root": [ { "name": "the first allowed netwok", "address": "192.168.2.0/32" }, { "name": "an other allowed netwok!", "address": "192.168.54.42" }, ... ] , "b1e0e408-083f-4061-974e-5a76677ad2b1": [ { "name": "allowed network for the relay", "address": "192.168.99.0/32" }, ... ] }
- create a system variable ALLOWED_NETWORKS
that contains, for a given policy server, its allowed network in a JSON like:
[ { "name": "allowed network #1 for root", "address": "192.168.2.0/32" }, { "name": "allowed network #2 for root", "address": "192.168.54.42" }, ... ]
- keep API as they are for now, we will be able to add name/description latter on.
Updated by François ARMAND over 3 years ago
- Related to Architecture #19037: Refactor the system techniques by component added
Updated by François ARMAND over 3 years ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND over 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/3717
Updated by François ARMAND over 3 years ago
- Related to User story #8904: Allowed networks details added
Updated by François ARMAND over 3 years ago
- Related to User story #18508: Missing a PATCH API for allowed networks added
Updated by François ARMAND over 3 years ago
Finally, we already had a system variable for allowed networks (`AUTHORIZED_NETWORKS`), we keep it for now.
We evolved the setting name to rudder_policy_server
and store a JSON array of policy server
(for now, only id and allowed networks)
Updated by François ARMAND over 3 years ago
After some discussion, we chose to rename AUTHORIZED_NETWORKS
to ALLOWED_NETWORKS
for consistency.
Updated by François ARMAND over 3 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|4354137bacd6057987a0dabdc4b915a4b38fce81.
Updated by Félix DALLIDET over 3 years ago
- Related to Architecture #19560: Rename the AUTHORIZED_NETWORKS parameter used in the common system techniques. added
Updated by Vincent MEMBRÉ over 3 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.0.0~beta1 which was released today.