-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CheckPoint: cluster member policy inheritance #7653
Conversation
Codecov Report
@@ Coverage Diff @@
## master #7653 +/- ##
============================================
- Coverage 73.71% 73.70% -0.01%
+ Complexity 41552 41547 -5
============================================
Files 3264 3264
Lines 163796 163800 +4
Branches 19669 19669
============================================
- Hits 120738 120733 -5
- Misses 33621 33625 +4
- Partials 9437 9442 +5
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed 2 of 2 files at r2, all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @arifogel and @sfraint)
projects/batfish/src/main/java/org/batfish/vendor/check_point_gateway/representation/CheckPointGatewayConfiguration.java, line 641 at r2 (raw file):
cluster.isPresent() ? cluster.get().getPolicy().getAccessPolicyName() : gateway.getPolicy().getAccessPolicyName();
did we determine that the cluster member can't have a policy configured? or have we just not seen that?
If the latter, I think we should at least check and warn if a policy is configured on the cluster member
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on @arifogel and @corinaminer)
projects/batfish/src/main/java/org/batfish/vendor/check_point_gateway/representation/CheckPointGatewayConfiguration.java, line 641 at r2 (raw file):
Previously, corinaminer (Corina Miner) wrote…
did we determine that the cluster member can't have a policy configured? or have we just not seen that?
If the latter, I think we should at least check and warn if a policy is configured on the cluster member
It sounds like the policy should be defined on the cluster object. So, the members should never have policies directly attached.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @arifogel)
projects/batfish/src/main/java/org/batfish/vendor/check_point_gateway/representation/CheckPointGatewayConfiguration.java, line 641 at r2 (raw file):
Previously, sfraint (Spencer Fraint) wrote…
It sounds like the policy should be defined on the cluster object. So, the members should never have policies directly attached.
ok, easy enough to change later if we were to out differently
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on @arifogel)
projects/batfish/src/main/java/org/batfish/vendor/check_point_gateway/representation/CheckPointGatewayConfiguration.java, line 641 at r2 (raw file):
Previously, corinaminer (Corina Miner) wrote…
ok, easy enough to change later if we were to out differently
*find out
For cluster members, apply the policy from the cluster.