Architecture #18730
closed
Move allowed network data to settings
Description
Having allowed networks directly in a directive create a lot of problems:
- it breaks event log rollback which are recorded for it (#18711)
- it makes complicated the possibility to add description on them,
- it's the only user configured data which is like that, creating surprises.
Updated by François ARMAND over 3 years ago
- Related to Bug #18711: rollback error when trying to revert allowed networks: "event log xxx don't have a matching commitId" added
Updated by François ARMAND almost 3 years ago
This will take place along with the refactoring of system policies.
The specs are:
- store in settings policy_servers_allowed_networks,ou=Application Properties,cn=rudder-configuration a json alike:
{
"root":
[
{ "name": "the first allowed netwok", "address": "192.168.2.0/32" },
{ "name": "an other allowed netwok!", "address": "192.168.54.42" },
...
]
,
"b1e0e408-083f-4061-974e-5a76677ad2b1":
[
{ "name": "allowed network for the relay", "address": "192.168.99.0/32" },
...
]
}
- create a system variable ALLOWED_NETWORKS that contains, for a given policy server, its allowed network in a JSON like:
[
{ "name": "allowed network #1 for root", "address": "192.168.2.0/32" },
{ "name": "allowed network #2 for root", "address": "192.168.54.42" },
...
]
- keep API as they are for now, we will be able to add name/description latter on.
Updated by François ARMAND almost 3 years ago
- Related to Architecture #19037: Refactor the system techniques by component added
Updated by François ARMAND almost 3 years ago
- Status changed from New to In progress
- Assignee set to François ARMAND
Updated by François ARMAND almost 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Vincent MEMBRÉ
- Pull Request set to https://github.com/Normation/rudder/pull/3717
Updated by François ARMAND almost 3 years ago
- Related to User story #8904: Allowed networks details added
Updated by François ARMAND almost 3 years ago
- Related to User story #18508: Missing a PATCH API for allowed networks added
Updated by François ARMAND almost 3 years ago
Finally, we already had a system variable for allowed networks (`AUTHORIZED_NETWORKS`), we keep it for now.
We evolved the setting name to rudder_policy_server and store a JSON array of policy server (for now, only id and allowed networks)
Updated by François ARMAND almost 3 years ago
After some discussion, we chose to rename AUTHORIZED_NETWORKS to ALLOWED_NETWORKS for consistency.
Updated by François ARMAND almost 3 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|4354137bacd6057987a0dabdc4b915a4b38fce81.
Updated by Félix DALLIDET almost 3 years ago
- Related to Architecture #19560: Rename the AUTHORIZED_NETWORKS parameter used in the common system techniques. added
Updated by Vincent MEMBRÉ over 2 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.0.0~beta1 which was released today.