cli: add --http-addr flag #7475
Conversation
|
I don't grok the test failures from CI. |
|
@tamird @mberhault what's the best place to add a test for this flag in our acceptance tests? |
| @@ -33,6 +33,7 @@ const ( | |||
| PasswordName = "password" | |||
| PortName = "port" | |||
| HTTPPortName = "http-port" | |||
| HTTPIPAddrName = "http-addr" | |||
There was a problem hiding this comment.
small nit: use HTTPAddrName, it doesn't have to be an IP address, dns names work fine.
There was a problem hiding this comment.
Actually, a bigger nit: let's stick to the same naming scheme as {host, port}, where we now have {http-host, http-port}.
|
Please hold off on merging this - it's going to conflict with multiple addresses / external address work, and the semantics aren't completely clear (i.e. we may want to move to specifying full addresses rather than addresses and ports). |
|
A test would be nice, and the acceptance tests are probably the best place since we would ideally like some networking isolation. @tamird: thoughts on the tests? Also how this may fit in with future post modifications? |
|
Marc - I agree a test or two would be nice. I had the worst time trying to get the acceptance suite to run locally. I filed #7477 about that. Tamir - okay, let me know when I might be of assistance. |
|
@tamird Have the semantics been decided? I'd like to move forward on this. Working at adding a test and fixing the nits above... |
For security, the --http-addr flags makes the Admin UI bind an IP address that can be private or distinct from the cluster. If --host is given, we default to that address if --http-addr is unspecified. Fixes #7474.
|
I've added a surgically precise test/unit test. I think an acceptance test is beyond the scope of what I, with my limited resources, can attempt at this point. Also, I've addressed the nits. @tamird, @mberhault, @knz, would you be okay with proceeding? It's a very small change, and it fixes a very big security hole. This would unblock me from serious further testing. If there's a big change later towards combined IPs and ports, this really doesn't add much more to change. |
|
Reviewed 3 of 3 files at r3. Comments from Reviewable |
|
@glycerine I'll take that one. The fact we want to do things perhaps in a different way in the future does not prevent us from accepting your patch now, for use in the interim. |
|
Thanks @knz. |
Accompanies the merged fix cockroachdb/cockroach#7475
Accompanies the merged fix cockroachdb/cockroach#7475
Accompanies the merged fix cockroachdb/cockroach#7475
Accompanies the merged fix cockroachdb/cockroach#7475
Accompanies the merged fix cockroachdb/cockroach#7475
Accompanies the merged fix cockroachdb/cockroach#7475
Accompanies the merged fix cockroachdb/cockroach#7475
Accompanies the merged fix cockroachdb/cockroach#7475
|
@jseldess Now that cockroachdb/docs#443 merged, I think the docs-todo label can be removed. |
|
Thanks, @glycerine. Just tweaking a few minor things before publishing (probably early tomorrow). |
For security, the --http-addr flags makes the Admin UI
bind an IP address that can be private or distinct from
the cluster (such as 127.0.0.1).
Fixes #7474.
This change is