diff --git a/allocate.go b/allocate.go index 521dd57d..e7a5c422 100644 --- a/allocate.go +++ b/allocate.go @@ -136,8 +136,10 @@ func (c *Cluster) filterMetrics(ctx context.Context, mSet api.MetricsSet, numMet // discard blacklisted peers continue case c.config.PinOnlyOnTrustedPeers && !c.consensus.IsTrustedPeer(ctx, m.Peer): - // discard peer that are not trusted when - // configured. + // discard peers that are not trusted + continue + case c.config.PinOnlyOnUntrustedPeers && c.consensus.IsTrustedPeer(ctx, m.Peer): + // discard peers that are trusted continue case containsPeer(currentAllocs, m.Peer): curPeersMap[m.Peer] = append(curPeersMap[m.Peer], m) diff --git a/cluster_config.go b/cluster_config.go index bc261e08..0cc81e1f 100644 --- a/cluster_config.go +++ b/cluster_config.go @@ -29,22 +29,23 @@ var DefaultListenAddrs = []string{ // Configuration defaults const ( - DefaultEnableRelayHop = true - DefaultStateSyncInterval = 5 * time.Minute - DefaultPinRecoverInterval = 12 * time.Minute - DefaultMonitorPingInterval = 15 * time.Second - DefaultPeerWatchInterval = 5 * time.Second - DefaultReplicationFactor = -1 - DefaultLeaveOnShutdown = false - DefaultPinOnlyOnTrustedPeers = false - DefaultDisableRepinning = true - DefaultPeerstoreFile = "peerstore" - DefaultConnMgrHighWater = 400 - DefaultConnMgrLowWater = 100 - DefaultConnMgrGracePeriod = 2 * time.Minute - DefaultDialPeerTimeout = 3 * time.Second - DefaultFollowerMode = false - DefaultMDNSInterval = 10 * time.Second + DefaultEnableRelayHop = true + DefaultStateSyncInterval = 5 * time.Minute + DefaultPinRecoverInterval = 12 * time.Minute + DefaultMonitorPingInterval = 15 * time.Second + DefaultPeerWatchInterval = 5 * time.Second + DefaultReplicationFactor = -1 + DefaultLeaveOnShutdown = false + DefaultPinOnlyOnTrustedPeers = false + DefaultPinOnlyOnUntrustedPeers = false + DefaultDisableRepinning = true + DefaultPeerstoreFile = "peerstore" + DefaultConnMgrHighWater = 400 + DefaultConnMgrLowWater = 100 + DefaultConnMgrGracePeriod = 2 * time.Minute + DefaultDialPeerTimeout = 3 * time.Second + DefaultFollowerMode = false + DefaultMDNSInterval = 10 * time.Second ) // ConnMgrConfig configures the libp2p host connection manager. @@ -141,6 +142,9 @@ type Config struct { // PinOnlyOnTrustedPeers limits allocations to trusted peers only. PinOnlyOnTrustedPeers bool + // PinOnlyOnUntrustedPeers limits allocations to untrusted peers only. + PinOnlyOnUntrustedPeers bool + // If true, DisableRepinning, ensures that no repinning happens // when a node goes down. // This is useful when doing certain types of maintenance, or simply @@ -169,27 +173,28 @@ type Config struct { // saved using JSON. Most configuration keys are converted into simple types // like strings, and key names aim to be self-explanatory for the user. type configJSON struct { - ID string `json:"id,omitempty"` - Peername string `json:"peername"` - PrivateKey string `json:"private_key,omitempty" hidden:"true"` - Secret string `json:"secret" hidden:"true"` - LeaveOnShutdown bool `json:"leave_on_shutdown"` - ListenMultiaddress config.Strings `json:"listen_multiaddress"` - EnableRelayHop bool `json:"enable_relay_hop"` - ConnectionManager *connMgrConfigJSON `json:"connection_manager"` - DialPeerTimeout string `json:"dial_peer_timeout"` - StateSyncInterval string `json:"state_sync_interval"` - PinRecoverInterval string `json:"pin_recover_interval"` - ReplicationFactorMin int `json:"replication_factor_min"` - ReplicationFactorMax int `json:"replication_factor_max"` - MonitorPingInterval string `json:"monitor_ping_interval"` - PeerWatchInterval string `json:"peer_watch_interval"` - MDNSInterval string `json:"mdns_interval"` - PinOnlyOnTrustedPeers bool `json:"pin_only_on_trusted_peers"` - DisableRepinning bool `json:"disable_repinning"` - FollowerMode bool `json:"follower_mode,omitempty"` - PeerstoreFile string `json:"peerstore_file,omitempty"` - PeerAddresses []string `json:"peer_addresses"` + ID string `json:"id,omitempty"` + Peername string `json:"peername"` + PrivateKey string `json:"private_key,omitempty" hidden:"true"` + Secret string `json:"secret" hidden:"true"` + LeaveOnShutdown bool `json:"leave_on_shutdown"` + ListenMultiaddress config.Strings `json:"listen_multiaddress"` + EnableRelayHop bool `json:"enable_relay_hop"` + ConnectionManager *connMgrConfigJSON `json:"connection_manager"` + DialPeerTimeout string `json:"dial_peer_timeout"` + StateSyncInterval string `json:"state_sync_interval"` + PinRecoverInterval string `json:"pin_recover_interval"` + ReplicationFactorMin int `json:"replication_factor_min"` + ReplicationFactorMax int `json:"replication_factor_max"` + MonitorPingInterval string `json:"monitor_ping_interval"` + PeerWatchInterval string `json:"peer_watch_interval"` + MDNSInterval string `json:"mdns_interval"` + PinOnlyOnTrustedPeers bool `json:"pin_only_on_trusted_peers"` + PinOnlyOnUntrustedPeers bool `json:"pin_only_on_untrusted_peers"` + DisableRepinning bool `json:"disable_repinning"` + FollowerMode bool `json:"follower_mode,omitempty"` + PeerstoreFile string `json:"peerstore_file,omitempty"` + PeerAddresses []string `json:"peer_addresses"` } // connMgrConfigJSON configures the libp2p host connection manager. @@ -287,6 +292,10 @@ func (cfg *Config) Validate() error { return errors.New("cluster.peer_watch_interval is invalid") } + if cfg.PinOnlyOnTrustedPeers && cfg.PinOnlyOnUntrustedPeers { + return errors.New("cluster.pin_only_on_trusted_peers and pin_only_on_untrusted_peers cannot both be true") + } + rfMax := cfg.ReplicationFactorMax rfMin := cfg.ReplicationFactorMin @@ -379,6 +388,7 @@ func (cfg *Config) setDefaults() { cfg.PeerWatchInterval = DefaultPeerWatchInterval cfg.MDNSInterval = DefaultMDNSInterval cfg.PinOnlyOnTrustedPeers = DefaultPinOnlyOnTrustedPeers + cfg.PinOnlyOnUntrustedPeers = DefaultPinOnlyOnUntrustedPeers cfg.DisableRepinning = DefaultDisableRepinning cfg.FollowerMode = DefaultFollowerMode cfg.PeerstoreFile = "" // empty so it gets omitted. @@ -469,6 +479,7 @@ func (cfg *Config) applyConfigJSON(jcfg *configJSON) error { cfg.PeerAddresses = peerAddrs cfg.LeaveOnShutdown = jcfg.LeaveOnShutdown cfg.PinOnlyOnTrustedPeers = jcfg.PinOnlyOnTrustedPeers + cfg.PinOnlyOnUntrustedPeers = jcfg.PinOnlyOnUntrustedPeers cfg.DisableRepinning = jcfg.DisableRepinning cfg.FollowerMode = jcfg.FollowerMode @@ -520,6 +531,7 @@ func (cfg *Config) toConfigJSON() (jcfg *configJSON, err error) { jcfg.PeerWatchInterval = cfg.PeerWatchInterval.String() jcfg.MDNSInterval = cfg.MDNSInterval.String() jcfg.PinOnlyOnTrustedPeers = cfg.PinOnlyOnTrustedPeers + jcfg.PinOnlyOnUntrustedPeers = cfg.PinOnlyOnUntrustedPeers jcfg.DisableRepinning = cfg.DisableRepinning jcfg.PeerstoreFile = cfg.PeerstoreFile jcfg.PeerAddresses = []string{} diff --git a/cluster_config_test.go b/cluster_config_test.go index a945a44c..11a57ff4 100644 --- a/cluster_config_test.go +++ b/cluster_config_test.go @@ -213,6 +213,22 @@ func TestLoadJSON(t *testing.T) { t.Error("default conn manager values not set") } }) + + t.Run("expected pin_only_on_untrusted_peers", func(t *testing.T) { + cfg, err := loadJSON2( + t, + func(j *configJSON) { + j.PinOnlyOnTrustedPeers = false + j.PinOnlyOnUntrustedPeers = true + }, + ) + if err != nil { + t.Fatal(err) + } + if !cfg.PinOnlyOnUntrustedPeers { + t.Error("expected pin_only_on_untrusted_peers to be true") + } + }) } func TestToJSON(t *testing.T) { @@ -283,4 +299,11 @@ func TestValidate(t *testing.T) { if cfg.Validate() == nil { t.Fatal("expected error validating") } + + cfg.Default() + cfg.PinOnlyOnTrustedPeers = true + cfg.PinOnlyOnUntrustedPeers = true + if cfg.Validate() == nil { + t.Fatal("expected error validating") + } }