Page MenuHomeDevCentral

Avoid a server to keep access to stale Vault policies
ClosedPublic

Authored by dereckson on Apr 15 2022, 19:11.
Tags
None
Referenced Files
F11663563: D2671.id.diff
Sun, Sep 7, 13:00
Unknown Object (File)
Sat, Sep 6, 02:58
Unknown Object (File)
Sat, Sep 6, 00:37
Unknown Object (File)
Thu, Sep 4, 00:42
Unknown Object (File)
Tue, Sep 2, 19:09
Unknown Object (File)
Tue, Sep 2, 16:32
Unknown Object (File)
Mon, Sep 1, 20:36
Unknown Object (File)
Sat, Aug 30, 05:15
Subscribers
None

Details

Summary

If a server lose access to any policy, it would keep the last state.

Instead, we now submit a new policy "intentionally left blank"
to explicitly document that node doesn't have access to anything.

This is a follow-up for af9db00760be.

Ref T1425.

Test Plan

salt-call --local credentials.build_policies_by_node

Tested on Complector, we've a correct set of policies for every node.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable