-
-
Notifications
You must be signed in to change notification settings - Fork 352
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added support to block/unblock keys #317
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Hi, did you implement this by adding a persistent blocked keys table? Can it have an impact on performance because of the necessary lookup for each publish request? |
And what kind of key will be needed for this request? |
Indeed, there will be an extra lookup on each publish/subscribe request, that's the reason for an extra caching layer. Performance impact is negligible in most cases, as the lookup over a list of 20K blocked keys takes about 100 nanoseconds.
On the implementation, we actually now have an disk-persisted internal state which is replicated with gossip. This would allow us to implement shared global state with ease going forward (e.g. shared sessions, shared LUA scripts, ... ). |
There's two keys in the request a
|
So that means I'll need the master secret key to ban or unban other keys. Could it be useful to use a special permission for keyban requests? r = Read, w = Write, s = Store, l = Load, p = Presence, b = Ban/Unban |
We were just discussing this with @Florimond. Unfortunately we've ran out of permission flags (as the last one we reserved for But what are the use-cases you're thinking of? Currently I can only see the use-case where you might have manually leaked a key and want to remove it. |
I can't think of any use case now. It just came to my mind when I first saw it. It's logical to ban keys using the secret key if you create keys using the secret key. |
* Added support to block/unblock keys * avoid unnecessary notifications
This PR adds support to block or unblock keys. This can be done using
emitter/keyban/
request.The block list is replicated across the cluster and persisted to disk on each broker. In order to specify the directory, use the newly added
dir
parameter to thecluster
configuration section.