Project

General

Profile

Actions

Architecture #18730

closed

Move allowed network data to settings

Added by François ARMAND about 4 years ago. Updated over 3 years ago.

Status:
Released
Priority:
N/A
Category:
Web - Config management
Target version:
Effort required:
Name check:
To do
Fix check:
To do
Regression:

Description

Having allowed networks directly in a directive create a lot of problems:

- it breaks event log rollback which are recorded for it (#18711)
- it makes complicated the possibility to add description on them,
- it's the only user configured data which is like that, creating surprises.


Subtasks 1 (0 open1 closed)

Architecture #19536: Do not fail technique parsing on missing system variableReleasedNicolas CHARLESActions

Related issues 5 (1 open4 closed)

Related to Rudder - Bug #18711: rollback error when trying to revert allowed networks: "event log xxx don't have a matching commitId"RejectedFrançois ARMANDActions
Related to Rudder - Architecture #19037: Refactor the system techniques by componentReleasedAlexis MoussetActions
Related to Rudder - User story #8904: Allowed networks detailsNewActions
Related to Rudder - User story #18508: Missing a PATCH API for allowed networksReleasedVincent MEMBRÉActions
Related to Rudder - Architecture #19560: Rename the AUTHORIZED_NETWORKS parameter used in the common system techniques.ReleasedNicolas CHARLESActions
Actions #1

Updated by François ARMAND about 4 years ago

  • Related to Bug #18711: rollback error when trying to revert allowed networks: "event log xxx don't have a matching commitId" added
Actions #2

Updated by François ARMAND over 3 years ago

This will take place along with the refactoring of system policies.
The specs are:

- store in settings policy_servers_allowed_networks,ou=Application Properties,cn=rudder-configuration a json alike:

{

"root":
[
{ "name": "the first allowed netwok", "address": "192.168.2.0/32" }, 
{ "name": "an other allowed netwok!", "address": "192.168.54.42" }, 
...
]
, 

"b1e0e408-083f-4061-974e-5a76677ad2b1":
[
{ "name": "allowed network for the relay", "address": "192.168.99.0/32" }, 

...
]

}

- create a system variable ALLOWED_NETWORKS that contains, for a given policy server, its allowed network in a JSON like:

[
{ "name": "allowed network #1 for root", "address": "192.168.2.0/32" }, 
{ "name": "allowed network #2 for root", "address": "192.168.54.42" }, 
...
]

- keep API as they are for now, we will be able to add name/description latter on.

Actions #3

Updated by François ARMAND over 3 years ago

Actions #4

Updated by François ARMAND over 3 years ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions #5

Updated by François ARMAND over 3 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/3717
Actions #6

Updated by François ARMAND over 3 years ago

Actions #7

Updated by François ARMAND over 3 years ago

Actions #8

Updated by François ARMAND over 3 years ago

Finally, we already had a system variable for allowed networks (`AUTHORIZED_NETWORKS`), we keep it for now.
We evolved the setting name to rudder_policy_server and store a JSON array of policy server (for now, only id and allowed networks)

Actions #9

Updated by François ARMAND over 3 years ago

After some discussion, we chose to rename AUTHORIZED_NETWORKS to ALLOWED_NETWORKS for consistency.

Actions #10

Updated by François ARMAND over 3 years ago

  • Status changed from Pending technical review to Pending release
Actions #11

Updated by Félix DALLIDET over 3 years ago

  • Related to Architecture #19560: Rename the AUTHORIZED_NETWORKS parameter used in the common system techniques. added
Actions #12

Updated by Vincent MEMBRÉ over 3 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 7.0.0~beta1 which was released today.

Actions

Also available in: Atom PDF