[FEATURE REQUEST] autosign_grains option to match on ALL grains #67430
amalaguti
started this conversation in
Feature Requests
Replies: 2 comments
-
|
Any update on this ? |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Check out #65426 - it enables flexible auto accept scenarios via custom runners |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Is your feature request related to a problem? Please describe.
Yes, and a very important one given unwanted minions seem to be auto accepted.
Describe the solution you'd like
The autosign_grains feature allows to set multiple grains for matching, but it seems to match on ANY grain that matches the criteria, it does not seem to match on ALL grains.
Given autosign_grains is set to match on 3 different grains like
The minion should be accepted only if provide matching values for the 3 grains.
Currently, matching on 1 grain seems to be enough to accept the minion.
A minion with the right value for custom_grains but incorrect values for os and domain is automatically acceptd by the master.
Minion should be accepted only if matching on os + domain + custom grain
Additional context
Salt 3004.2, Linux and Windows minions
Please Note
If this feature request would be considered a substantial change or addition, this should go through a SEP process here https://github.com/saltstack/salt-enhancement-proposals, instead of a feature request.
Beta Was this translation helpful? Give feedback.
All reactions