Fixes #4444: don't duplicate allowusers - rudder-code part

rudder-core/src/main/scala/com/normation/rudder/services/policies/SystemVariableService.scala

@@ -122,11 +122,13 @@ class SystemVariableServiceImpl(
     var varManagedNodes = systemVariableSpecService.get("MANAGED_NODES_NAME").toVariable()
     var varManagedNodesId = systemVariableSpecService.get("MANAGED_NODES_ID").toVariable()
     var varAllowedNetworks = systemVariableSpecService.get("AUTHORIZED_NETWORKS").toVariable()
+    var varManagedNodesAdmin = systemVariableSpecService.get("MANAGED_NODES_ADMIN").toVariable()
 
     val allowConnect = collection.mutable.Set[String]()
 
     val clientList = collection.mutable.Set[String]()
 
+
     // If we are facing a policy server, we have to allow each child to connect, plus the policy parent,
     // else it's only the policy server
     if(nodeInfo.isPolicyServer) {
@@ -165,6 +167,23 @@ class SystemVariableServiceImpl(
       val children = allNodeInfos.filter(_.policyServerId == nodeInfo.id).toSeq
       varManagedNodes = varManagedNodes.copyWithSavedValues(children.map(_.hostname))
       varManagedNodesId = varManagedNodesId.copyWithSavedValues(children.map(_.id.value))
+
+      val varNameForAdminUsers = "${rudder.hasPolicyServer-" + nodeInfo.id.value + ".target.admin}"
+      val allowedUserVarSpec = SystemVariableSpec(name = varNameForAdminUsers, description = "", multivalued = true)
+      val allowedUserVar = SystemVariable(allowedUserVarSpec, Seq()).copyWithSavedValues(Seq(varNameForAdminUsers))
+
+      parameterizedValueLookupService.lookupRuleParameterization(Seq(allowedUserVar), allNodeInfos, groupLib, directiveLib, allRules) match {
+        case Full(variable) =>
+          varManagedNodesAdmin = varManagedNodesAdmin.copyWithSavedValues(variable.flatMap(x => x.values).distinct)
+        case Empty =>
+          logger.warn(s"No variable parametrized found for ${varNameForAdminUsers}")
+        case f: Failure =>
+          val e = f ?~! "Failure when fetching the list of administrators of managed nodes"
+          logger.error(e.messageChain)
+          return e
+      }
+
+
     }
 
     allNodeInfos.find( _.id == nodeInfo.policyServerId) match {
@@ -212,6 +231,7 @@ class SystemVariableServiceImpl(
       , (varManagedNodesId.spec.name, varManagedNodesId)
       , (varManagedNodes.spec.name, varManagedNodes)
       , (varAllowedNetworks.spec.name, varAllowedNetworks)
+      , (varManagedNodesAdmin.spec.name, varManagedNodesAdmin)
       , (varWebdavUser.spec.name, varWebdavUser)
       , (varWebdavPassword.spec.name, varWebdavPassword)
       , (syslogPortConfig.spec.name, syslogPortConfig)