From 37dca7257961e708bc60bbfd2d2ece1a43fbcc2e Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 16 Apr 2021 14:19:51 -0400 Subject: [PATCH] Allow managercandidates to limit switch interrogation If a switch is a node and has denoted allowed managers, do not interrogate that switch if this member is not permitted. --- confluent_server/confluent/networking/netutil.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/confluent_server/confluent/networking/netutil.py b/confluent_server/confluent/networking/netutil.py index 13692292..a1fd6d08 100644 --- a/confluent_server/confluent/networking/netutil.py +++ b/confluent_server/confluent/networking/netutil.py @@ -14,16 +14,24 @@ # See the License for the specific language governing permissions and # limitations under the License. import confluent.util as util +import confluent.noderange as noderange +import confluent.collective.manager as collective def get_switchcreds(configmanager, switches): switchcfg = configmanager.get_node_attributes( switches, ('secret.hardwaremanagementuser', 'secret.snmpcommunity', - 'secret.hardwaremanagementpassword'), decrypt=True) + 'secret.hardwaremanagementpassword', + 'collective.managercandidates'), decrypt=True) switchauth = [] for switch in switches: if not switch: continue + candmgrs = switchcfg.get(switch, {}).get('collective.managercandidates', {}).get('value', None) + if candmgrs: + candmgrs = noderange.NodeRange(candmgrs, configmanager).nodes + if collective.get_myname() not in candmgrs: + continue switchparms = switchcfg.get(switch, {}) user = None password = switchparms.get(