fix #1976: Add support for configurable pinning only on untrusted peers
This commit is contained in:
parent
d1c6ba9346
commit
90fd8c0f51
|
@ -136,8 +136,10 @@ func (c *Cluster) filterMetrics(ctx context.Context, mSet api.MetricsSet, numMet
|
|||
// discard blacklisted peers
|
||||
continue
|
||||
case c.config.PinOnlyOnTrustedPeers && !c.consensus.IsTrustedPeer(ctx, m.Peer):
|
||||
// discard peer that are not trusted when
|
||||
// configured.
|
||||
// discard peers that are not trusted
|
||||
continue
|
||||
case c.config.PinOnlyOnUntrustedPeers && c.consensus.IsTrustedPeer(ctx, m.Peer):
|
||||
// discard peers that are trusted
|
||||
continue
|
||||
case containsPeer(currentAllocs, m.Peer):
|
||||
curPeersMap[m.Peer] = append(curPeersMap[m.Peer], m)
|
||||
|
|
|
@ -29,22 +29,23 @@ var DefaultListenAddrs = []string{
|
|||
|
||||
// Configuration defaults
|
||||
const (
|
||||
DefaultEnableRelayHop = true
|
||||
DefaultStateSyncInterval = 5 * time.Minute
|
||||
DefaultPinRecoverInterval = 12 * time.Minute
|
||||
DefaultMonitorPingInterval = 15 * time.Second
|
||||
DefaultPeerWatchInterval = 5 * time.Second
|
||||
DefaultReplicationFactor = -1
|
||||
DefaultLeaveOnShutdown = false
|
||||
DefaultPinOnlyOnTrustedPeers = false
|
||||
DefaultDisableRepinning = true
|
||||
DefaultPeerstoreFile = "peerstore"
|
||||
DefaultConnMgrHighWater = 400
|
||||
DefaultConnMgrLowWater = 100
|
||||
DefaultConnMgrGracePeriod = 2 * time.Minute
|
||||
DefaultDialPeerTimeout = 3 * time.Second
|
||||
DefaultFollowerMode = false
|
||||
DefaultMDNSInterval = 10 * time.Second
|
||||
DefaultEnableRelayHop = true
|
||||
DefaultStateSyncInterval = 5 * time.Minute
|
||||
DefaultPinRecoverInterval = 12 * time.Minute
|
||||
DefaultMonitorPingInterval = 15 * time.Second
|
||||
DefaultPeerWatchInterval = 5 * time.Second
|
||||
DefaultReplicationFactor = -1
|
||||
DefaultLeaveOnShutdown = false
|
||||
DefaultPinOnlyOnTrustedPeers = false
|
||||
DefaultPinOnlyOnUntrustedPeers = false
|
||||
DefaultDisableRepinning = true
|
||||
DefaultPeerstoreFile = "peerstore"
|
||||
DefaultConnMgrHighWater = 400
|
||||
DefaultConnMgrLowWater = 100
|
||||
DefaultConnMgrGracePeriod = 2 * time.Minute
|
||||
DefaultDialPeerTimeout = 3 * time.Second
|
||||
DefaultFollowerMode = false
|
||||
DefaultMDNSInterval = 10 * time.Second
|
||||
)
|
||||
|
||||
// ConnMgrConfig configures the libp2p host connection manager.
|
||||
|
@ -141,6 +142,9 @@ type Config struct {
|
|||
// PinOnlyOnTrustedPeers limits allocations to trusted peers only.
|
||||
PinOnlyOnTrustedPeers bool
|
||||
|
||||
// PinOnlyOnUntrustedPeers limits allocations to untrusted peers only.
|
||||
PinOnlyOnUntrustedPeers bool
|
||||
|
||||
// If true, DisableRepinning, ensures that no repinning happens
|
||||
// when a node goes down.
|
||||
// This is useful when doing certain types of maintenance, or simply
|
||||
|
@ -169,27 +173,28 @@ type Config struct {
|
|||
// saved using JSON. Most configuration keys are converted into simple types
|
||||
// like strings, and key names aim to be self-explanatory for the user.
|
||||
type configJSON struct {
|
||||
ID string `json:"id,omitempty"`
|
||||
Peername string `json:"peername"`
|
||||
PrivateKey string `json:"private_key,omitempty" hidden:"true"`
|
||||
Secret string `json:"secret" hidden:"true"`
|
||||
LeaveOnShutdown bool `json:"leave_on_shutdown"`
|
||||
ListenMultiaddress config.Strings `json:"listen_multiaddress"`
|
||||
EnableRelayHop bool `json:"enable_relay_hop"`
|
||||
ConnectionManager *connMgrConfigJSON `json:"connection_manager"`
|
||||
DialPeerTimeout string `json:"dial_peer_timeout"`
|
||||
StateSyncInterval string `json:"state_sync_interval"`
|
||||
PinRecoverInterval string `json:"pin_recover_interval"`
|
||||
ReplicationFactorMin int `json:"replication_factor_min"`
|
||||
ReplicationFactorMax int `json:"replication_factor_max"`
|
||||
MonitorPingInterval string `json:"monitor_ping_interval"`
|
||||
PeerWatchInterval string `json:"peer_watch_interval"`
|
||||
MDNSInterval string `json:"mdns_interval"`
|
||||
PinOnlyOnTrustedPeers bool `json:"pin_only_on_trusted_peers"`
|
||||
DisableRepinning bool `json:"disable_repinning"`
|
||||
FollowerMode bool `json:"follower_mode,omitempty"`
|
||||
PeerstoreFile string `json:"peerstore_file,omitempty"`
|
||||
PeerAddresses []string `json:"peer_addresses"`
|
||||
ID string `json:"id,omitempty"`
|
||||
Peername string `json:"peername"`
|
||||
PrivateKey string `json:"private_key,omitempty" hidden:"true"`
|
||||
Secret string `json:"secret" hidden:"true"`
|
||||
LeaveOnShutdown bool `json:"leave_on_shutdown"`
|
||||
ListenMultiaddress config.Strings `json:"listen_multiaddress"`
|
||||
EnableRelayHop bool `json:"enable_relay_hop"`
|
||||
ConnectionManager *connMgrConfigJSON `json:"connection_manager"`
|
||||
DialPeerTimeout string `json:"dial_peer_timeout"`
|
||||
StateSyncInterval string `json:"state_sync_interval"`
|
||||
PinRecoverInterval string `json:"pin_recover_interval"`
|
||||
ReplicationFactorMin int `json:"replication_factor_min"`
|
||||
ReplicationFactorMax int `json:"replication_factor_max"`
|
||||
MonitorPingInterval string `json:"monitor_ping_interval"`
|
||||
PeerWatchInterval string `json:"peer_watch_interval"`
|
||||
MDNSInterval string `json:"mdns_interval"`
|
||||
PinOnlyOnTrustedPeers bool `json:"pin_only_on_trusted_peers"`
|
||||
PinOnlyOnUntrustedPeers bool `json:"pin_only_on_untrusted_peers"`
|
||||
DisableRepinning bool `json:"disable_repinning"`
|
||||
FollowerMode bool `json:"follower_mode,omitempty"`
|
||||
PeerstoreFile string `json:"peerstore_file,omitempty"`
|
||||
PeerAddresses []string `json:"peer_addresses"`
|
||||
}
|
||||
|
||||
// connMgrConfigJSON configures the libp2p host connection manager.
|
||||
|
@ -287,6 +292,10 @@ func (cfg *Config) Validate() error {
|
|||
return errors.New("cluster.peer_watch_interval is invalid")
|
||||
}
|
||||
|
||||
if cfg.PinOnlyOnTrustedPeers && cfg.PinOnlyOnUntrustedPeers {
|
||||
return errors.New("cluster.pin_only_on_trusted_peers and pin_only_on_untrusted_peers cannot both be true")
|
||||
}
|
||||
|
||||
rfMax := cfg.ReplicationFactorMax
|
||||
rfMin := cfg.ReplicationFactorMin
|
||||
|
||||
|
@ -379,6 +388,7 @@ func (cfg *Config) setDefaults() {
|
|||
cfg.PeerWatchInterval = DefaultPeerWatchInterval
|
||||
cfg.MDNSInterval = DefaultMDNSInterval
|
||||
cfg.PinOnlyOnTrustedPeers = DefaultPinOnlyOnTrustedPeers
|
||||
cfg.PinOnlyOnUntrustedPeers = DefaultPinOnlyOnUntrustedPeers
|
||||
cfg.DisableRepinning = DefaultDisableRepinning
|
||||
cfg.FollowerMode = DefaultFollowerMode
|
||||
cfg.PeerstoreFile = "" // empty so it gets omitted.
|
||||
|
@ -469,6 +479,7 @@ func (cfg *Config) applyConfigJSON(jcfg *configJSON) error {
|
|||
cfg.PeerAddresses = peerAddrs
|
||||
cfg.LeaveOnShutdown = jcfg.LeaveOnShutdown
|
||||
cfg.PinOnlyOnTrustedPeers = jcfg.PinOnlyOnTrustedPeers
|
||||
cfg.PinOnlyOnUntrustedPeers = jcfg.PinOnlyOnUntrustedPeers
|
||||
cfg.DisableRepinning = jcfg.DisableRepinning
|
||||
cfg.FollowerMode = jcfg.FollowerMode
|
||||
|
||||
|
@ -520,6 +531,7 @@ func (cfg *Config) toConfigJSON() (jcfg *configJSON, err error) {
|
|||
jcfg.PeerWatchInterval = cfg.PeerWatchInterval.String()
|
||||
jcfg.MDNSInterval = cfg.MDNSInterval.String()
|
||||
jcfg.PinOnlyOnTrustedPeers = cfg.PinOnlyOnTrustedPeers
|
||||
jcfg.PinOnlyOnUntrustedPeers = cfg.PinOnlyOnUntrustedPeers
|
||||
jcfg.DisableRepinning = cfg.DisableRepinning
|
||||
jcfg.PeerstoreFile = cfg.PeerstoreFile
|
||||
jcfg.PeerAddresses = []string{}
|
||||
|
|
|
@ -213,6 +213,22 @@ func TestLoadJSON(t *testing.T) {
|
|||
t.Error("default conn manager values not set")
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("expected pin_only_on_untrusted_peers", func(t *testing.T) {
|
||||
cfg, err := loadJSON2(
|
||||
t,
|
||||
func(j *configJSON) {
|
||||
j.PinOnlyOnTrustedPeers = false
|
||||
j.PinOnlyOnUntrustedPeers = true
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
if !cfg.PinOnlyOnUntrustedPeers {
|
||||
t.Error("expected pin_only_on_untrusted_peers to be true")
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestToJSON(t *testing.T) {
|
||||
|
@ -283,4 +299,11 @@ func TestValidate(t *testing.T) {
|
|||
if cfg.Validate() == nil {
|
||||
t.Fatal("expected error validating")
|
||||
}
|
||||
|
||||
cfg.Default()
|
||||
cfg.PinOnlyOnTrustedPeers = true
|
||||
cfg.PinOnlyOnUntrustedPeers = true
|
||||
if cfg.Validate() == nil {
|
||||
t.Fatal("expected error validating")
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user