add subnet mask IP support for maintenance mode #10570
Conversation
|
@ajpevers I like the idea, however I'm not really a fan of adding additional dependency to solve a single problem, since it requires an adapter on magento side, to make sure it can be replaceable and testable. |
|
Sure, it's a proof of concept. I'll see if I can get it to work with existing dependencies. Doesn't look like very exotic functionality so I expect it would be somewhere in ZF or Symfony or something. As long as it works with IPv6 as well. I'll come back on this. |
|
Hi @ishakhsuvarov I took a good hard look but there is no existing code that does the cidr check for IPv6. So I included The IpValidator could be built using the existing Zend_Validate_Ip. What do you think, should we just copy the one file (https://github.com/symfony/http-foundation/blob/master/IpUtils.php) and risk missing bug fixes, or should we include the package as part of the dependencies? |
|
@ajpevers I don't think just copying a single file is a good idea, however adding a dependency requires a wrapper on the Magento side, which would allow to use any different dependency in place without breaking existing API. |
|
Okay, I'll work it out. Can you point out an existing wrapper so that I can follow the example? |
|
@ajpevers I guess more common name would be Adapter, you may refer to the wiki for the basic description. |
|
Great, that is clear enough |
|
I don't think adapter is suitable here, looks more like a https://en.wikipedia.org/wiki/Facade_pattern to me. So, the idea is that Symfony's For example, it can be |
|
Hi @ajpevers Thanks |
|
Hi @ishakhsuvarov, The thing I need most is spare time :) can you help me with that? Cheers, Anton |
|
@ajpevers can you please merge it with the latest mainline? |
|
@vrann done |
…aintenance should be on, not off
| @@ -58,7 +58,7 @@ public function testisOnWithIP() | |||
| ]; | |||
| $this->flagDir->expects($this->exactly(2))->method('isExist') | |||
| ->will(($this->returnValueMap($mapisExist))); | |||
| $this->assertFalse($this->model->isOn()); | |||
| $this->assertTrue($this->model->isOn()); | |||
There was a problem hiding this comment.
This test was wrong, it basically stated:
If there is a maintenance flag file AND if there is an empty maintenance op file maintenance mode should be off.
This is not true. If the ip file is present but empty maintenance mode should be on, not off.
There was a problem hiding this comment.
Oh, nice catch 👍 Just still don't see corresponding changes in implementation which could invert this assertion.
There was a problem hiding this comment.
Wait... this cannot be right... Ha! https://github.com/magento/magento2/pull/10570/files#diff-4b45df6c223e8d98dcc949e45bfc4f1bR73 This is the wrong way around! Sorry.
There was a problem hiding this comment.
Just to clarify: this needs to be changed or currently logic is correct? How this test worked with incorrect previous logic though...
There was a problem hiding this comment.
Hi @orlangur, sorry for the silence. I need to free some time to test why this worked without the PR and why it needs a change with the PR. I have it on my task list. Keep you posted.
There was a problem hiding this comment.
@orlangur I revisited this PR and it appears that this test is testing !in_array("", [""]) which results in false.
So if your IP is "" (the default value of the first and only isON() parameter) and the list of whitelisted IP's is [""] then you are marked as whitelisted and maintenance is not on for you. This is wrong.
If maintenance mode is on and the ip whitelist file is present but empty, maintenance mode should be on for everyone and not off. So this test is incorrect. I will fix this by adding an array_filter around the whitelisted IP's so that you can never compare against [""], but in that case against [], which will never have a false positive on in_array comparisons.
| $cidr = 32; | ||
| $ip = $range; | ||
| if (strpos($range, '/') !== false) { | ||
| list($ip, $cidr) = explode('/', $range); |
There was a problem hiding this comment.
cidr? Is there some existing logic in ZF2 or Symfony which can be reused?
There was a problem hiding this comment.
Maybe there is, but I havent found it. And it seems overkill to include another class as replacement for a list = explode.
There was a problem hiding this comment.
I mean this logic in general - splitting by slash etc.
There was a problem hiding this comment.
Still not sure what "cidr" means, https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation looks like after splitting by slash there should be $networkMask instead.
There was a problem hiding this comment.
Ah that's what you mean. Yes you are right. I'll rename it.
There was a problem hiding this comment.
I'll call it $subnetMask as that is the name I heard most for this.
| continue; | ||
| } | ||
|
|
||
| $ipv4Validator = new \Zend_Validate_Ip(['allowipv6' => false, 'allowipv4' => true]); |
There was a problem hiding this comment.
We must not add code using ZF1 classes. Looks like there is ZF2 equivalent https://framework.zend.com/manual/2.1/en/modules/zend.validator.ip.html
| } | ||
|
|
||
| $ipv4Validator = new \Zend_Validate_Ip(['allowipv6' => false, 'allowipv4' => true]); | ||
| $max = $ipv4Validator->isValid($ip) ? 32 : 128; |
There was a problem hiding this comment.
Please choose a more meaningful name. $maxBits?
* upstream/2.3-develop: (37 commits) MAGETWO-81033: Create GraphQL single product fetch endpoint - Address static failure MAGETWO-81033: Remove unnecessary classes MAGETWO-81033: Create GraphQL endpoint for fetching single product - Adds functional tests, fixtures, and client - Adds support for simple and configurable product magento#11524: Fix Filter Customer Report Review - Integration test updated MAGETWO-82561: [TASK] Moved Customer Groups Menu Item from Other settings to Customers magento#11652 MQE-478: Deliver Pangolins Sprint 11 MQE-478: Deliver Pangolins Sprint 11 MQE-478: Deliver Pangolins Sprint 11 magento#11522: Fix Filter Customer Report Review - Integration test updated magento#11524: Fix Filter Customer Report Review - Integration test added Fix Magento/Backend/Block/Media/Uploader.php getConfigJson() method, using undefined class property _coreData MAGETWO-77673: <![CDATA[]]>in system.xml translate phrase not work, if comment starts from new line[port from 2.2-develop]. MQE-478: Deliver Pangolins Sprint 11 MQE-440: metadata changes for path parameters bug fix. MQE-237: [Generator] Add before and after logic to suites MQE-394: Pre-Install Script MQE-440: Added configurable product related metadata, data, and a sample test. MQE-429: Added a sample test to perform api PUT request. MQE-453: [DevOps] Add optional arg for consolidated test run MQE-345: [DevOps] [Customizability] Create suite schema declaration and supporting interpretation ...
|
Hi @orlangur |
|
@okorshenko waiting, otherwise I would resolve JIRA issue. |
|
Hi @ajpevers @orlangur do we have any progress on this? Do you need some help? |
|
Last comment from author was 15 days ago #10570 (comment) Basically, the changes seem pretty good to me, just that unit test needs to be investigated. |
|
@ajpevers let's close this for now and reopen when you or me have some new information regarding odd unit test behavior. |
Description
Maintenance mode should accept IP ranges instead of separate IP's so that for instance you can add the whole range of your payment service provider or CDN etc...
Fixed Issues (if relevant)
Manual testing scenarios
bin/magento maintenance:enablebin/magento maintenance:allow-ips 192.168.33.0/16(for instance)Mostly I am curious what you think about this kind of functionality and the use of darsyn/ip for this. I did take IPv6 into account.
Contribution checklist