security: disable plugin in default and persist file in specified dir#7087
security: disable plugin in default and persist file in specified dir#7087ti-chi-bot[bot] merged 8 commits intotikv:masterfrom
Conversation
|
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. DetailsReviewer can indicate their review by submitting an approval review. |
|
Skipping CI for Draft Pull Request. |
ti-chi-bot
bot
added
release-note-none
ti-chi-bot
bot
added
the
size/M
ti-chi-bot
bot
removed
the
do-not-merge/work-in-progress
ti-chi-bot
bot
added
size/L
ti-chi-bot
bot
added
do-not-merge/needs-triage-completed
and removed
do-not-merge/needs-linked-issue
labels
Codecov Report
@@ Coverage Diff @@
## master #7087 +/- ##
==========================================
+ Coverage 74.31% 74.33% +0.02%
==========================================
Files 440 440
Lines 47217 47202 -15
==========================================
Hits 35088 35088
+ Misses 9034 9015 -19
- Partials 3095 3099 +4
Flags with carried forward coverage won't be shown. Click here to find out more. |
HuSharp
changed the title
pkg/schedule/config/config.go
Outdated
| defaultEnablePlacementRules = true | ||
| defaultEnableWitness = false | ||
| defaultHaltScheduling = false | ||
| defaultEnableSchedulePlugin = false |
There was a problem hiding this comment.
Maybe we need to add a release note about the default value changed
ti-chi-bot
bot
added
release-note
server/api/plugin.go
Outdated
| // @Failure 500 {string} string "PD server failed to proceed the request." | ||
| // @Router /plugin [post] | ||
| func (h *pluginHandler) LoadPlugin(w http.ResponseWriter, r *http.Request) { | ||
| if !h.GetScheduleConfig().EnableSchedulePlugin { |
There was a problem hiding this comment.
I think it's better to be a compile option, and disable by default. otherwise, hackers may enable it.
There was a problem hiding this comment.
PTAL! after make pd-server-plugin:
curl -X POST 'http://127.0.0.1:2379/pd/api/v1/plugin'
load plugin is disabled, please `make pd-server-plugin` first%
curl -X DELETE 'http://127.0.0.1:2379/pd/api/v1/plugin'
unload plugin is disabled, please `make pd-server-plugin` first%cc @lhy1024
There was a problem hiding this comment.
how about PLUGIN=1 make pd-server, similiar to SWAGGER and DASHBOARD
Signed-off-by: husharp <jinhao.hu@pingcap.com>
ti-chi-bot
bot
added
status/LGT2
|
/merge |
|
@nolouch: It seems you want to merge this PR, I will help you trigger all the tests: /run-all-tests You only need to trigger
DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
|
This pull request has been accepted and is ready to merge. DetailsCommit hash: 0859671 |
ti-chi-bot
bot
added
the
status/can-merge
|
/hold |
ti-chi-bot
bot
added
the
do-not-merge/hold
|
/hold cancel |
ti-chi-bot
bot
removed
the
do-not-merge/hold
|
@HuSharp: Your PR was out of date, I have automatically updated it for you. If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
|
/hold |
ti-chi-bot
bot
added
the
do-not-merge/hold
|
/hold cancel |
ti-chi-bot
bot
removed
the
do-not-merge/hold
|
In response to a cherrypick label: new pull request created to branch |
|
In response to a cherrypick label: new pull request created to branch |
5 participants
What problem does this PR solve?
Issue Number: Close #7094
What is changed and how does it work?
Check List
Tests
Release note