Unify community and enterprise inventories with sensitive data obfuscation #7829
Description
Description
Currently NethServer sends 2 different inventories:
- Community: very complete, used by phone-home
- Enterprise: structured to satisfy the current my portal
For the new my portal, it would be useful to use the complete phone-home inventory, adding:
- Cluster ui_name
- Node ui_name, role (leader, worker), uptime, kernel, timezone, fqdn, public_ip (ipv4 e ipv6)
- Module ui_name, app certification level, domain references from Traefik routes, user_domains (array if multiple domains to same module)
- Domain details
- core and module updates available
Privacy concern
Some labels may contain sensitive data such as customer names, location names, or other identifying information.
Proposed solution
Use a single inventory with obfuscation of sensitive data for community (non-registered) installations.
To maintain data consistency (e.g., tracking that a domain has X connected elements), it is proposed to use a seed for random generation. This way, data remains consistent and traceable even when obfuscated.
Current example
Enterprise inventory (my):
{
"node_id": 15,
"domain_id": "ad.nethesis.it",
"module_id": "webtop9",
"instance_of": "webtop",
"total_users": 103,
"active_users": 82,
"total_groups": 33
}Community inventory (phone-home):
{
"id": "webtop3",
"version": "1.5.4",
"name": "webtop",
"node": "6"
}There is information present in one but not the other (e.g., version, domain_id). The goal is to have all information in a single inventory, useful for both statistics and aggregate metrics.
Benefits
- Single data source easier to manage
- Ability to create aggregates also for community
- My portal can then decide which information to display
- Consistent data between the two modes