Allow managercandidates to limit switch interrogation

If a switch is a node and has denoted allowed managers, do not interrogate that switch if this member is not permitted.
2025-01-14 11:48:57 +00:00 · 2021-04-16 14:19:51 -04:00 · 2021-04-16 14:19:51 -04:00 · 37dca72579
commit 37dca72579
parent 1aea406852
1 changed files with 9 additions and 1 deletions
--- a/confluent_server/confluent/networking/netutil.py
+++ b/confluent_server/confluent/networking/netutil.py
@ -14,16 +14,24 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 import confluent.util as util
+import confluent.noderange as noderange
+import confluent.collective.manager as collective


 def get_switchcreds(configmanager, switches):
    switchcfg = configmanager.get_node_attributes(
        switches, ('secret.hardwaremanagementuser', 'secret.snmpcommunity',
-                   'secret.hardwaremanagementpassword'), decrypt=True)
+                   'secret.hardwaremanagementpassword',
+                   'collective.managercandidates'), decrypt=True)
    switchauth = []
    for switch in switches:
        if not switch:
            continue
+        candmgrs = switchcfg.get(switch, {}).get('collective.managercandidates', {}).get('value', None)
+        if candmgrs:
+            candmgrs = noderange.NodeRange(candmgrs, configmanager).nodes
+            if collective.get_myname() not in candmgrs:
+                continue
        switchparms = switchcfg.get(switch, {})
        user = None
        password = switchparms.get(