Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oplogtoredis: Add Configurable Denylist to HTTP Server #64

Merged
merged 21 commits into from
Apr 26, 2024
Merged

Oplogtoredis: Add Configurable Denylist to HTTP Server #64

merged 21 commits into from
Apr 26, 2024

Conversation

alex-goodisman
Copy link
Contributor

This adds a new feature- a configurable denylist.

The denylist is a list of rules. Each rule is a list of keys and a regex.

Every incoming oplog message will be checked against every rule. The keys will be used sequentially to index into the oplog message, and if the value found is a string, it will be checked against the regex. If the regex is found for any rule in the denylist, the oplog message will be skipped and will not be reported to Redis.

The denylist can be viewed by HTTP methods (GET /denylist and GET /denylist/:ruleID), and can be configured in the same manner (PUT /denylist and DELETE /denylist/:ruleID).

Default behavior is unchanged, since the denylist is empty.

This is useful when an external context knows that some oplog messages are not necessary to be transferred. The external context can inform Oplogtoredis via the denylist, and then monitor the internal state via the HTTP API.

torywheelwright
torywheelwright reviewed Apr 5, 2024
View reviewed changes
lib/denylist/main.go Outdated Show resolved Hide resolved
lib/denylist/main.go Outdated Show resolved Hide resolved
lib/denylist/main.go Outdated Show resolved Hide resolved
lib/denylist/main.go Outdated Show resolved Hide resolved
@aranair
Copy link
Member

aranair commented Apr 5, 2024

kinda surprised that we're adding this funtionality (presumably for us to ... toggle off/on during some restores or something). Were the other options not possible?

@alex-goodisman alex-goodisman requested a review from jswitzer April 5, 2024 14:55
@alex-goodisman
Copy link
Contributor Author

kinda surprised that we're adding this funtionality (presumably for us to ... toggle off/on during some restores or something). Were the other options not possible?

A full declarative approach doesn't look possible. Hence there must be some kind of communication between our tooling and the service. Given that, this seemed like the least intrusive approach

torywheelwright
torywheelwright reviewed Apr 23, 2024
View reviewed changes
lib/oplog/tail.go Show resolved Hide resolved
lib/denylist/http.go Show resolved Hide resolved
torywheelwright
torywheelwright approved these changes Apr 26, 2024
View reviewed changes
lib/denylist/http.go Show resolved Hide resolved
@alex-goodisman alex-goodisman merged commit 38e75cd into master Apr 26, 2024
11 checks passed
@delete-merged-branch delete-merged-branch bot deleted the alex.denylist branch April 26, 2024 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@torywheelwright torywheelwright torywheelwright approved these changes

@aranair aranair Awaiting requested review from aranair

@quickgiant quickgiant Awaiting requested review from quickgiant

@jswitzer jswitzer Awaiting requested review from jswitzer

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@alex-goodisman @aranair @torywheelwright