AQL - Setting whitelist of of over 32 IPs gives AEROSPIKE_INVALID_WHITELIST

I’m trying to set a whitelist for a role using AQL.

$ aql -U root -P root -c "set whitelist $WHITELIST for $ROLE"
OK

This works fine until the whitelist contains over 32 IP addresses.

$ aql -U root -P root -c "set whitelist $BIGGER_WHITELIST for $ROLE"
Error: (73) AEROSPIKE_INVALID_WHITELIST

The logs show that this behavior is expected.

Apr 17 2020 23:04:59 GMT: WARNING (security): (security_role.c:629) too many IP-nets in whitelist
Apr 17 2020 23:04:59 GMT: WARNING (security): (security.c:3534) set whitelist - bad whitelist

What is the correct way to create a whitelist for a role with a whitelist of over 32 IP addresses?

Currently, there is a max limit of 32 entries but you can specify CIDR notations. So you could have 32 subnets (e.g. 192.168.10.0/24).

In addition, you can assign multiple roles to a user. So with 5 roles, you could have 5*32 = 160 entries.

© 2015 Copyright Aerospike, Inc. | All rights reserved. Creators of the Aerospike Database.