PageCache/AccessList: Add CIDR support #37809
Conversation
|
Hi @tdgroot. Thank you for your contribution! Add the comment under your pull request to deploy test or vanilla Magento instance:
❗ Automated tests can be triggered manually with an appropriate comment:
Allowed build names are:
You can find more information about the builds here For more details, review the Code Contributions documentation. |
tdgroot
force-pushed
the
page_cache_acl_cidr
branch
from
24526c2 to
1c7183c
Compare
engcom-Hotel
added
the
Priority: P2
|
@magento run all tests |
|
@magento create issue |
engcom-Hotel
added
Triage: Need PO Confirmation
|
Hello @tdgroot, Thanks for the contribution! But as this is feature enhancement, we need a PO confirmation to proceed with this PR. We have started the process for the same. Meanwhile we are moving this PR Thanks |
|
@magento run all tests |
|
Hello @tdgroot, We have received an approval for this PR for further evaluation. Hence moving it to appropriate bucket. Thanks |
engcom-Hotel
left a comment
engcom-Hotel
left a comment
There was a problem hiding this comment.
Hello @tdgroot,
Thank you for your contribution to add CIDR notation support to PageCache access lists. This is a valuable enhancement that would allow for more flexible IP-based access control.
However, the PR currently only modifies the validation pattern without implementing the actual CIDR functionality. For full CIDR support, we need changes in:
- The component that performs IP matching against the access list
- A utility method to properly compare an IP against a CIDR range
Thanks
| @@ -24,7 +24,7 @@ public function beforeSave() | |||
| parent::beforeSave(); | |||
|
|
|||
| $value = $this->getValue(); | |||
| if (!is_string($value) || !preg_match('/^[\w\s\.\-\,\:]+$/', $value)) { | |||
| if (!is_string($value) || !preg_match('/^[\w\s\.\-\,\:(\/\d+)?]+$/', $value)) { | |||
There was a problem hiding this comment.
- The pattern places
(\/\d+)?inside a character class([...]), which means these are treated as individual characters rather than a sequence. - The pattern remains overly permissive and would validate strings like "this is: a more / or less, valid string.... oh, lets add numbers 12345" which aren't valid IP addresses or CIDR notations
There was a problem hiding this comment.
The extra CIDR validation regex should indeed be moved outside of the character class, so should become something like this: ^[\w\s\.\-\,\:]+(\/\d+)?$
Good remark!
There was a problem hiding this comment.
Updated. The suffix is now outside of the character class and the regex is now applied for each item in the CSV list. Instead of accepting any /\d+, it is now limited from 0-32.
engcom-Hotel
removed
the
Triage: Need PO Confirmation
engcom-Hotel
moved this from Review in Progress
to Changes Requested
in Pull Requests Dashboard
ct-prd-projects-boards-automation
bot
added
Progress: needs update
and removed
Progress: review
labels
That's not really true, the only place where we use this configuration value is over here: Which is used to output the access list into the VCL file that Magento generates for Varnish. Varnish already supports CIDR notation in ACL's, so there is no need for extra matching or parsing. One thing that I'm not sure about, but maybe @tdgroot can clarify, is that the Varnish docs say to put the IP address in double quotes and the CIDR part outside of those quotes: https://varnish-cache.org/docs/trunk/users-guide/vcl-example-acls.html#acls |
|
@magento run all tests |
|
@magento run all tests |
|
@magento run all tests |
|
@magento run all tests |
|
@magento run Functional Tests B2B, Functional Tests EE |
|
I have fixed all the static test failures, moving it to review again. |
ct-prd-projects-boards-automation
bot
moved this from Changes Requested
to Review in Progress
in Community Dashboard
ct-prd-projects-boards-automation
bot
moved this from Review in Progress
to Ready for Testing
in Community Dashboard
|
@magento run all tests |
|
Hi @tdgroot, Thanks for the collaboration & contribution! ✔️ QA PassedPreconditions:
Manual testing scenarios
Before: ✖️ 
After: ✔️ 
Builds are failed. Hence, moving this PR to Extended Testing. Thanks. |
engcom-Bravo
moved this from Ready for Testing
to Extended testing (optional)
in Community Dashboard
|
@magento run Functional Tests B2B, Functional Tests EE, Functional Tests CE, WebAPI Tests |
|
Few Functional B2B, EE and CE failures in recent 2 builds are not consistent. They are neither part of this PR nor failing because of the PR changes, seems to be flaky. The consistent once are known issues hence moving it to Merge In Progress. Known Issues:
|
engcom-Charlie
moved this from Extended testing (optional)
to Merge in Progress
in Community Dashboard
magento-devops-reposync-svc
merged commit b62122d
into
magento:2.4-develop
ct-prd-projects-boards-automation
bot
moved this from Merge in Progress
to Recently Merged
in Community Dashboard
8 participants
Description (*)
When accepting purge requests within a network, it's easier to just supply a CIDR range.
Related Pull Requests
None.
Fixed Issues (if relevant)
None.
Manual testing scenarios (*)
172.16.0.1/24Questions or comments
Contribution checklist (*)
Resolved issues: