Skip to content

Commit f08b6a4

Browse files
committed
Add protected mode.
1 parent 2448beb commit f08b6a4

14 files changed

+47
-11
lines changed

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,4 +52,4 @@ USER $APP_UID
5252
# For inter-container communication.
5353
EXPOSE 6379
5454

55-
ENTRYPOINT ["/app/GarnetServer"]
55+
ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

Dockerfile.alpine

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,4 +50,4 @@ USER $APP_UID
5050
# For inter-container communication.
5151
EXPOSE 6379
5252

53-
ENTRYPOINT ["/app/GarnetServer"]
53+
ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

Dockerfile.cbl-mariner

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -50,4 +50,4 @@ USER $APP_UID
5050
# For inter-container communication.
5151
EXPOSE 6379
5252

53-
ENTRYPOINT ["/app/GarnetServer"]
53+
ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

Dockerfile.chiseled

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,4 +46,4 @@ VOLUME /data
4646
# For inter-container communication.
4747
EXPOSE 6379
4848

49-
ENTRYPOINT ["/app/GarnetServer"]
49+
ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

Dockerfile.nanoserver

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,4 @@ COPY --from=build /app .
2222
# For inter-container communication.
2323
EXPOSE 6379
2424

25-
ENTRYPOINT ["/app/GarnetServer.exe"]
25+
ENTRYPOINT ["/app/GarnetServer.exe", "--protected-mode no"]

Dockerfile.ubuntu

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,4 +54,4 @@ USER $APP_UID
5454
# For inter-container communication.
5555
EXPOSE 6379
5656

57-
ENTRYPOINT ["/app/GarnetServer"]
57+
ENTRYPOINT ["/app/GarnetServer", "--protected-mode no"]

libs/common/Format.cs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,16 +46,18 @@ static EndPoint[] defaultBindLoopBack(int port)
4646
/// <param name="port">Endpoint Port</param>
4747
/// <param name="endpoints">List of endpoints generated from the input IPs</param>
4848
/// <param name="errorHostnameOrAddress">Output error if any</param>
49+
/// <param name="protectedMode">Is protected mode enabled?</param>
4950
/// <param name="logger">Logger</param>
5051
/// <returns>True if parse and address validation was successful, otherwise false</returns>
51-
public static bool TryParseAddressList(string addressList, int port, out EndPoint[] endpoints, out string errorHostnameOrAddress, ILogger logger = null)
52+
public static bool TryParseAddressList(string addressList, int port, out EndPoint[] endpoints, out string errorHostnameOrAddress,
53+
bool protectedMode = false, ILogger logger = null)
5254
{
5355
endpoints = null;
5456
errorHostnameOrAddress = null;
5557
// Check if input null or empty
5658
if (string.IsNullOrEmpty(addressList) || string.IsNullOrWhiteSpace(addressList))
5759
{
58-
endpoints = defaultBindAny(port);
60+
endpoints = protectedMode ? defaultBindLoopBack(port) : defaultBindAny(port);
5961
return true;
6062
}
6163

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
// Copyright (c) Microsoft Corporation.
2+
// Licensed under the MIT license.
3+
4+
namespace Garnet
5+
{
6+
/// <summary>
7+
/// Enum to specify boolean variable over command line.
8+
/// </summary>
9+
public enum CommandLineBooleanOption
10+
{
11+
False = 0,
12+
No = 0,
13+
True = 1,
14+
Yes = 1
15+
}
16+
}

libs/host/Configuration/Options.cs

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -533,6 +533,10 @@ internal sealed class Options
533533
[Option("enable-debug-command", Required = false, HelpText = "Enable DEBUG command for 'no', 'local' or 'all' connections")]
534534
public ConnectionProtectionOption EnableDebugCommand { get; set; }
535535

536+
[OptionValidation]
537+
[Option("protected-mode", Required = false, HelpText = "Enable protected mode.")]
538+
public CommandLineBooleanOption ProtectedMode { get; set; }
539+
536540
[DirectoryPathsValidation(true, false)]
537541
[Option("extension-bin-paths", Separator = ',', Required = false, HelpText = "List of directories on server from which custom command binaries can be loaded by admin users")]
538542
public IEnumerable<string> ExtensionBinPaths { get; set; }
@@ -682,7 +686,8 @@ public GarnetServerOptions GetServerOptions(ILogger logger = null)
682686
var checkpointDir = CheckpointDir;
683687
if (!useAzureStorage) checkpointDir = new DirectoryInfo(string.IsNullOrEmpty(checkpointDir) ? (string.IsNullOrEmpty(logDir) ? "." : logDir) : checkpointDir).FullName;
684688

685-
if (!Format.TryParseAddressList(Address, Port, out var endpoints, out _) || endpoints.Length == 0)
689+
if (!Format.TryParseAddressList(Address, Port, out var endpoints, out _, ProtectedMode == CommandLineBooleanOption.True)
690+
|| endpoints.Length == 0)
686691
throw new GarnetException($"Invalid endpoint format {Address} {Port}.");
687692

688693
EndPoint[] clusterAnnounceEndpoint = null;

libs/host/Configuration/Redis/RedisOptions.cs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,9 @@ internal class RedisOptions
2727
[RedisOption("bind", nameof(Options.Address), BindWarning)]
2828
public Option<string> Bind { get; set; }
2929

30+
[RedisOption("protected-mode", nameof(Options.ProtectedMode))]
31+
public Option<CommandLineBooleanOption> ProtectedMode { get; set; }
32+
3033
[RedisOption("enable-debug-command", nameof(Options.EnableDebugCommand))]
3134
public Option<RedisConnectionProtectionOption> EnableDebugCommand { get; set; }
3235

0 commit comments

Comments
 (0)