Koooooo-7 opened a new pull request, #11076: URL: https://github.com/apache/dubbo/pull/11076
## What is the purpose of the change > Background: Dubbo QoS supports docking with kubernetes probes, but foreignIp needs to be enabled. Due to the high-risk instructions in qos, this will lead to a series of security problems. We should distinguish those commands with low-risk and high-risk, and support all client to request low-risk command for healthy check or metrics collection purpose. TODO: - Indicate the permission level for each cmd. - related test cases. close #11015 ## Brief changelog Add new config `qos.anonymous.access.permission.level` to enable any foreign ip access. Default is `Cmd.PermissionLevel.NONE`, can not access any cmd (equivalent to disable the anonymous access config). ## Verifying this change <!-- Follow this checklist to help us incorporate your contribution quickly and easily: --> ## Checklist - [x] Make sure there is a [GitHub_issue](https://github.com/apache/dubbo/issues) field for the change (usually before you start working on it). Trivial changes like typos do not require a GitHub issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue. - [ ] Each commit in the pull request should have a meaningful subject line and body. - [ ] Write a pull request description that is detailed enough to understand what the pull request does, how, and why. - [ ] Check if is necessary to patch to Dubbo 3 if you are work on Dubbo 2.7 - [ ] Write necessary unit-test to verify your logic correction, more mock a little better when cross module dependency exist. If the new feature or significant change is committed, please remember to add sample in [dubbo samples](https://github.com/apache/dubbo-samples) project. - [ ] Add some description to [dubbo-website](https://github.com/apache/dubbo-website) project if you are requesting to add a feature. - [ ] GitHub Actions works fine on your own branch. - [ ] If this contribution is large, please follow the [Software Donation Guide](https://github.com/apache/dubbo/wiki/Software-donation-guide). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@dubbo.apache.org For additional commands, e-mail: notifications-h...@dubbo.apache.org
