Merge branch 'topic/christian/management-default-listen-interfaces'

* topic/christian/management-default-listen-interfaces:
  Management framework: bump external cluster testsuite
  Management framework: switch default network visibilities

CHANGES

@@ -1,3 +1,9 @@
+5.1.0-dev.30 | 2022-06-14 12:02:46 -0700
+
+  * Management framework: bump external cluster testsuite (Christian Kreibich, Corelight)
+
+  * Management framework: switch default network visibilities (Christian Kreibich, Corelight)
+
 5.1.0-dev.27 | 2022-06-14 11:30:28 -0700
 
   * chore: Set permissions for GitHub actions (naveen)

VERSION

@@ -1 +1 @@
-5.1.0-dev.27
+5.1.0-dev.30

scripts/policy/frameworks/management/agent/boot.zeek

@@ -8,12 +8,16 @@
 
 @load ./config
 
-# The agent needs the supervisor to listen for node management requests.  We
-# need to tell it to do so, and we need to do so here, in the agent
-# bootstrapping code, so the redef applies prior to the fork of the agent
-# process itself.
+# The agent needs the supervisor to listen for node management requests, which
+# by default it does not. We need to tell it to do so here, in the agent
+# bootstrap code, so the redef applies prior to the fork of the agent process.
 redef SupervisorControl::enable_listen = T;
 
+# The Supervisor listens on Broker's default address: any interface. In the
+# Management framework there's no need for other machines to interact with
+# instance Supervisors directly, so restrict it to listening locally.
+redef Broker::default_listen_address = "127.0.0.1";
+
 event zeek_init()
 	{
 	if ( ! Supervisor::is_supervisor() )

scripts/policy/frameworks/management/agent/config.zeek

@@ -106,7 +106,7 @@ function endpoint_info(): Broker::EndpointInfo
 	else if ( Management::default_address != "" )
 		network$address = Management::default_address;
 	else
-		network$address = "127.0.0.1";
+		network$address = "0.0.0.0";
 
 	if ( Management::Agent::listen_port != "" )
 		network$bound_port = to_port(Management::Agent::listen_port);

scripts/policy/frameworks/management/config.zeek

@@ -19,9 +19,8 @@ export {
 
 	## The fallback listen address if more specific adddresses, such as
 	## the controller's :zeek:see:`Management::Controller::listen_address`
-	## remains empty. Unless redefined, this uses Broker's own default
-	## listen address.
-	const default_address = Broker::default_listen_address &redef;
+	## remains empty. Unless redefined, this listens on all interfaces.
+	const default_address = "0.0.0.0" &redef;
 
 	## The retry interval for Broker connnects. Defaults to a more
 	## aggressive value compared to Broker's 30s.

scripts/policy/frameworks/management/controller/config.zeek

@@ -86,7 +86,7 @@ function network_info(): Broker::NetworkInfo
 	else if ( Management::default_address != "" )
 		ni$address = Management::default_address;
 	else
-		ni$address = "127.0.0.1";
+		ni$address = "0.0.0.0";
 
 	if ( Management::Controller::listen_port != "" )
 		ni$bound_port = to_port(Management::Controller::listen_port);

testing/external/commit-hash.zeek-testing-cluster

@@ -1 +1 @@
-837a20a947645b63340a4231d5a8665126283f66
+a1c8c09c8c661a1ea9299e0356f3652502b8dcd2