mochengqian commented on code in PR #971:
URL: https://github.com/apache/dubbo-go-pixiu/pull/971#discussion_r3371967118
##########
pkg/cluster/loadbalancer/load_balancer.go:
##########
@@ -63,20 +64,45 @@ type SnapshotLoadBalancer interface {
HandlerWithSnapshot(c PickContext, policy model.LbPolicy)
*model.Endpoint
}
-// HealthyOnlySnapshotLoadBalancer marks snapshot-aware balancers that do not
-// need PickContext.AllEndpoints. Unmarked snapshot balancers keep receiving
-// the full snapshot for compatibility with custom implementations.
+// HealthyOnlySnapshotLoadBalancer is retained for source compatibility with
+// callers that referenced the old marker contract.
+//
+// Deprecated: runtime fast-path decisions ignore this interface. Only trusted
+// in-tree balancers can opt in via SnapshotOptIn returning snapshotopt.Token.
type HealthyOnlySnapshotLoadBalancer interface {
UseHealthyEndpointsOnly() bool
}
-// ZeroCopySnapshotLoadBalancer marks trusted balancers that never mutate or
-// retain snapshot endpoints. Other snapshot balancers receive defensive
-// copies.
+// ZeroCopySnapshotLoadBalancer is retained for source compatibility with
+// callers that referenced the old marker contract.
+//
+// Deprecated: runtime fast-path decisions ignore this interface. Only trusted
+// in-tree balancers can opt in via SnapshotOptIn returning snapshotopt.Token.
type ZeroCopySnapshotLoadBalancer interface {
UseZeroCopySnapshot() bool
}
+// snapshotOptInBalancer is the internal opt-in surface for trusted, in-tree
+// snapshot balancers. The method returns snapshotopt.Token, whose type lives
in
+// an internal package, so only balancers under pkg/cluster/loadbalancer can
+// implement this interface. External plugins cannot name the return type and
+// therefore always fall through to the safe default (full snapshot,
defensively
+// copied). This is the trust boundary described in issue #941.
+type snapshotOptInBalancer interface {
+ SnapshotOptIn() snapshotopt.Token
+}
Review Comment:
Good catch — fixed in fceeb80d. `snapshotOptIn` now also runs a runtime
trust check: it resolves the concrete balancer's `reflect.Type.PkgPath()` and
only honors the token when the type lives under
`github.com/apache/dubbo-go-pixiu/pkg/cluster/loadbalancer`. An external type
that embeds an in-tree balancer keeps its own package path, so the promoted
`SnapshotOptIn` no longer grants the fast paths. Added
`TestEmbeddingInTreeBalancerCannotOptIntoFastPaths` in an external
`loadbalancer_test` package as the regression — it fails without the check and
passes with it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
