Add 'check' to permit comparison against current value

For implementing some security policies, it is useful to check new value against current value.
2025-01-27 19:37:57 +00:00 · 2019-09-17 09:48:02 -04:00 · 2019-09-17 09:48:02 -04:00 · ed320f4a17
commit ed320f4a17
parent de8292f6dd
2 changed files with 27 additions and 0 deletions
--- a/confluent_server/confluent/core.py
+++ b/confluent_server/confluent/core.py
@ -398,6 +398,7 @@ def _init_core():

    nodegroupresources = {
        'attributes': {
+            'check': PluginRoute({'handler': 'attributes'}),
            'rename': PluginRoute({'handler': 'attributes'}),
            'all': PluginRoute({'handler': 'attributes'}),
            'current': PluginRoute({'handler': 'attributes'}),
--- a/confluent_server/confluent/plugins/configuration/attributes.py
+++ b/confluent_server/confluent/plugins/configuration/attributes.py
@ -164,6 +164,20 @@ def update(nodes, element, configmanager, inputdata):


 def update_nodegroup(group, element, configmanager, inputdata):
+    if element == 'check':
+        check = inputdata.attribs
+        decrypt = configmanager.decrypt
+        configmanager.decrypt = True
+        currinfo = configmanager.get_nodegroup_attributes(group, list(check))
+        configmanager.decrypt = decrypt
+        for inf in check:
+            checkvalue = check[inf]
+            if isinstance(checkvalue, dict):
+                checkvalue = checkvalue.get('value', None)
+            currvalue = currinfo.get(inf, {}).get('value')
+            if checkvalue == currvalue:
+                raise exc.InvalidArgumentException('Checked value matches existing value')
+        return retrieve_nodegroup(group, element, configmanager, inputdata)
    if 'rename' in element:
        namemap = {}
        namemap[group] = inputdata.attribs['rename']
@ -221,6 +235,18 @@ def update_nodes(nodes, element, configmanager, inputdata):
        raise exc.InvalidArgumentException(
            'No action to take, noderange is empty (if trying to define '
            'group attributes, use nodegroupattrib)')
+    if element[-1] == 'check':
+        for node in nodes:
+            check = inputdata.get_attributes(node, allattributes.node)
+            currinfo = configmanager.get_node_attributes(node, list(check), decrypt=True)
+            for inf in check:
+                checkvalue = check[inf]
+                if isinstance(checkvalue, dict):
+                    checkvalue = checkvalue.get('value', None)
+                currvalue = currinfo.get(node, {}).get(inf, {}).get('value')
+                if checkvalue == currvalue:
+                    raise exc.InvalidArgumentException('Checked value matches existing value')
+        return retrieve(nodes, element, configmanager, inputdata)
    if 'rename' in element:
        namemap = {}
        for node in nodes: