imbajin commented on code in PR #2962:
URL: https://github.com/apache/hugegraph/pull/2962#discussion_r2930137316
##########
hugegraph-pd/hg-pd-core/src/main/java/org/apache/hugegraph/pd/raft/RaftEngine.java:
##########
@@ -326,6 +325,23 @@ public Status changePeerList(String peerList) {
latch.countDown();
});
latch.await();
+
+ // Refresh IpAuthHandler so newly added peers are not blocked
Review Comment:
‼️ This refresh closes the `RaftEngine.changePeerList()` path, but peer
membership can still be updated through `PDService.updatePdRaft()`, which calls
`node.changePeers()` directly and never reaches this block. In that case the
Raft config changes while `IpAuthHandler` keeps the old allowlist, so newly
added hostname-based peers can still be rejected. Please centralize peer
changes behind one helper that also refreshes the allowlist, or make the other
update path invoke the same refresh logic on success.
```text
peer update
|
+-- changePeerList() --------> refresh allowlist ✅
|
+-- updatePdRaft() ----------> changePeers only ❌
|
v
old allowlist remains
|
v
new peer can be blocked
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
