If a server lose access to any policy, it would keep the last state.
Instead, we now submit a new policy "intentionally left blank"
to explicitly document that node doesn't have access to anything.
This is a follow-up for af9db00760be.
Ref T1425.
Differential D2671
Avoid a server to keep access to stale Vault policies dereckson on Apr 15 2022, 19:11. Authored by Tags None Referenced Files
Subscribers None
Details
If a server lose access to any policy, it would keep the last state. Instead, we now submit a new policy "intentionally left blank" This is a follow-up for af9db00760be. Ref T1425. salt-call --local credentials.build_policies_by_node Tested on Complector, we've a correct set of policies for every node.
Diff Detail
|