AQL - Setting whitelist of of over 32 IPs gives AEROSPIKE_INVALID_WHITELIST

jonathan · April 17, 2020, 9:33pm

I’m trying to set a whitelist for a role using AQL.

$ aql -U root -P root -c "set whitelist $WHITELIST for $ROLE"
OK

This works fine until the whitelist contains over 32 IP addresses.

$ aql -U root -P root -c "set whitelist $BIGGER_WHITELIST for $ROLE"
Error: (73) AEROSPIKE_INVALID_WHITELIST

The logs show that this behavior is expected.

Apr 17 2020 23:04:59 GMT: WARNING (security): (security_role.c:629) too many IP-nets in whitelist
Apr 17 2020 23:04:59 GMT: WARNING (security): (security.c:3534) set whitelist - bad whitelist

What is the correct way to create a whitelist for a role with a whitelist of over 32 IP addresses?

Tony_Chung · April 24, 2020, 7:24pm

Currently, there is a max limit of 32 entries but you can specify CIDR notations. So you could have 32 subnets (e.g. 192.168.10.0/24).

In addition, you can assign multiple roles to a user. So with 5 roles, you could have 5*32 = 160 entries.

Topic		Replies	Views
Aql client overwhelmed by "WARN AEROSPIKE_ERR_TIMEOUT" AQL	29	6116	February 8, 2017
Error: (11) AEROSPIKE_ERR_CLUSTER AQL	2	3110	March 6, 2015
Aerospike bins count limitation - removing a bin name Java Client	7	7073	August 19, 2016
Not able to login using "admin":"admin" password in AQL AQL aql	6	3106	July 29, 2018
C client query 900+ bin but only return 214 bins? C Client Library	7	1242	June 29, 2017

AQL - Setting whitelist of of over 32 IPs gives AEROSPIKE_INVALID_WHITELIST

Related topics