Add protected mode. #1190
Merged
Add protected mode. #1190
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR introduces support for a "protected mode" configuration similar to Redis, allowing Garnet to bind to localhost by default unless overridden. Key changes include updating the test configuration to disable protected mode, adding a new CommandLineBooleanOption for protected mode, and updating the address parser and Dockerfiles to factor in this new setting.
Reviewed Changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| test/Garnet.test/redis.conf | Updated protected mode setting (changed from yes to no) while leaving an inconsistent comment. |
| test/Garnet.test/GarnetServerConfigTests.cs | Added test assertion for the protected mode flag. |
| libs/host/defaults.conf | Added a default protected mode setting ("yes") for non-Docker scenarios. |
| libs/host/Configuration/TypeConverters.cs | Enhanced type conversion to support CommandLineBooleanOption. |
| libs/host/Configuration/Redis/RedisOptions.cs | Introduced a new Redis option for protected mode. |
| libs/host/Configuration/Options.cs | Added option validation and integrated protected mode flag into configuration. |
| libs/host/Configuration/CommandLineTypes.cs | Defined the CommandLineBooleanOption enum with aliases for true/false. |
| libs/common/Format.cs | Updated TryParseAddressList to handle the new protected mode parameter. |
| Dockerfiles (various) | Modified ENTRYPOINTs to force disable protected mode in Docker builds. |
Comments suppressed due to low confidence (1)
test/Garnet.test/redis.conf:108
- The comment indicates that protected mode is enabled by default, but the configuration immediately below sets it to 'no'. Please update the comment to accurately reflect the intended default behavior for this test configuration.
# By default protected mode is enabled. You should disable it only if
badrishc
reviewed
May 9, 2025
badrishc
reviewed
May 9, 2025
badrishc
approved these changes
May 12, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Redis starts by default in 'protected mode' - binds to localhost only unless auth is specified. This PR adds the same to Garnet, except we don't check for auth - the user can explicitly bind elsewhere, and this override protected mode binding.
Docker builds automatically disable protected mode and so bind by default to 0.0.0.0.
Note: CommandLineBooleanOption is added to get compatibility with redis's yes/no parsing.