8000 Mark --javascript.* options as Coordinator only by Simran-B · Pull Request #11232 · arangodb/arangodb · GitHub
[go: up one dir, main page]
Skip to content

Mark --javascript.* options as Coordinator only #11232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Mar 12, 2020
Merged

Mark --javascript.* options as Coordinator only #11232

merged 11 commits into from
Mar 12, 2020

Conversation

@Simran-B
Copy link
Contributor
@Simran-B Simran-B commented Mar 4, 2020
edited
Loading

Scope & Purpose

Mark arangod --javascript.*, --foxx.* and --frontend.* startup options as Coordinator and single server only.

  • Bug-Fix for devel-branch (i.e. no need for backports?)
  • The behavior in this PR can be (and was) manually tested (support / qa / customers can test it)
  • The behavior change can be verified via automatic tests

Testing & Verification

simran@c9 ~/o/w/ArangoDB> ./build/bin/arangod --dump-options | jq '.["javascript.endpoints-whitelist"]'
{
  "category": "option",
  "component": [
    "coordinator"
  ],
  "default": [],
  "deprecatedIn": null,
  "description": "endpoints that can be connected to via @arangodb/request module in JavaScript actions",
  "dynamic": false,
  "enterpriseOnly": false,
  "hidden": false,
  "introducedIn": [
    "v3.5.0"
  ],
  "obsolete": false,
  "os": [
    "linux",
    "macos",
    "windows"
  ],
  "requiresValue": true,
  "section": "javascript",
  "type": "string..."
}

Documentation

  • Added a Changelog Entry (referencing the corresponding public or internal issue number)
  • Added entry to Release Notes

@Simran-B Simran-B added 1 Bug 3 Foxx 9 WIP 3 JS API Server internal JavaScript API issues labels Mar 4, 2020
@Simran-B Simran-B added this to the 3.7 milestone Mar 4, 2020
@Simran-B Simran-B requested a review from jsteemann March 4, 2020 23:07
@Simran-B Simran-B self-assigned this Mar 4, 2020
dothebart
dothebart approved these changes Mar 5, 2020
View reviewed changes
Copy link
Contributor
@dothebart dothebart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the harden options are also available on arangosh - though thats rather for testing them.

otherwise lgtm.

@Simran-B
Add to arangosh as well
63dc15d 
However, it is unclear to me when this code path is reached...
@Simran-B Simran-B mentioned this pull request Mar 5, 2020
Merged
1 task
@Simran-B
Copy link
Contributor Author
Simran-B commented Mar 5, 2020

Reverted the changes regarding the disallowed endpoint printing as it will be covered by #11236, leaving just the option flag changes in this PR.

@Simran-B Simran-B changed the title V8 security: Tell user disallowed endpoint Mark --javascript.* options as Coordinator only Mar 5, 2020
@ObiWahn
Copy link
Contributor
ObiWahn commented Mar 5, 2020

Thank you for resolving the potential conflict! I just wanted to ask if you want me to merge this with my PR.

@Simran-B
Copy link
Contributor Author
Simran-B commented Mar 5, 2020

Should also mark foxx and frontend as single server / coordinator only
https://www.arangodb.com/docs/stable/programs-arangod-options.html#foxx

@Simran-B
Copy link
Contributor Author
Simran-B commented Mar 12, 2020

https://jenkins01.arangodb.biz/view/PR/job/arangodb-matrix-pr/8999/

@ObiWahn Both PRs are independent. This one can be merged as soon as Jenkins in blue and will not affect anything regarding JS security. It only sets flags for startup options.

@Simran-B Simran-B marked this pull request as ready for review March 12, 2020 15:12
@Simran-B Simran-B merged commit 75b3b2e into devel Mar 12, 2020
@Simran-B Simran-B deleted the bug-fix/js-security branch March 12, 2020 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dothebart dothebart dothebart approved these changes

+2 more reviewers

@ObiWahn ObiWahn ObiWahn approved these changes

@jsteemann jsteemann jsteemann approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@Simran-B Simran-B

Labels

1 Bug 3 Foxx 3 JS API Server internal JavaScript API issues

Projects

None yet

Milestone

3.7

Development

Successfully merging this pull request may close these issues.

5 participants

@Simran-B @ObiWahn @jsteemann @dothebart
0