Actions
Bug #23011
open
“SSH authorized keys” system technique breaks when changed from “audit” to “enforce” mode
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Getting started - demo | first install | Technique editor and level 1 Techniques
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
If a directive is created in “audit” mode using the “SSH authorized keys” system technique with parameters as in attached screenshot, and after having been ran on the nodes, the directive is later on changed to “enforce” mode, then after being ran on the nodes again, their compliance displays a “bad policy mode” error as in attached screenshot.
Furthermore, if the directive is changed to “audit” mode again, it will display a spurious “The keys for user blah could not be flushed”, where the authorized_keys file do actually have the proper contents (thus should be considered compliant and shouldn't need to be flushed).
Files
| authorized_keys_directive_parameters.png (111 KB) authorized_keys_directive_parameters.png | Directive parameters | ||
| Bad_policy_mode_230705a.png (171 KB) Bad_policy_mode_230705a.png | Error : bad policy mode. | ||
| authorized_keys_could_not_be_flushed.png (128 KB) authorized_keys_could_not_be_flushed.png | “Could not be flushed” error message. | ||
| Bad_policy_mode_230706a.png (166 KB) Bad_policy_mode_230706a.png | Error on freshly added node | ||
| Bad_policy_mode_230706b.png (189 KB) Bad_policy_mode_230706b.png | Same error for directive recreated in enforce mode |
Updated by 
Updated by 
Updated by 
Actions