Page MenuHomeDevCentral

Avoid a server to keep access to stale Vault policies
ClosedPublic

Authored by dereckson on Apr 15 2022, 19:11.
Tags
None
Referenced Files
F10801038: D2671.id.diff
Sun, Jul 27, 06:03
F10796124: D2671.id6746.diff
Sun, Jul 27, 02:43
F10781119: D2671.id6746.diff
Sat, Jul 26, 16:22
F10779559: D2671.diff
Sat, Jul 26, 15:25
Unknown Object (File)
Tue, Jul 22, 17:59
Unknown Object (File)
Mon, Jul 21, 00:18
Unknown Object (File)
Sun, Jul 20, 07:39
Unknown Object (File)
Thu, Jul 10, 17:59
Subscribers
None

Details

Summary

If a server lose access to any policy, it would keep the last state.

Instead, we now submit a new policy "intentionally left blank"
to explicitly document that node doesn't have access to anything.

This is a follow-up for af9db00760be.

Ref T1425.

Test Plan

salt-call --local credentials.build_policies_by_node

Tested on Complector, we've a correct set of policies for every node.

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
docker-vault-policies-blank
Build Status
Buildable 4188
Build 4440: arc lint + arc unit