-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
argument service_control_network_fail_open is unclear #816
Comments
Actually, action="sture_true" doesn't set the default value to For --service_control_network_fail_open, we have to set default value to True. |
Correct action="store_true" sets the default value to False. And I think this is correct behavoir. What you describe is setting the default value (when the parameter is not specified) to true and the value when the parameter is specified also to true. This makes no sense. from https://docs.python.org/3/library/argparse.html
So no need to specify defaults when using store_true and notice how they use the opposite default of what they are storing |
I see your point now; If you just add the flag I will suggest to add a new flag: --service_control_network_policy=[open|close], default is open. this is more clear. |
I can not specify False for the parameter
I'm ok with your proposal for v2. But I would make the default false because this is also the curren default. And is more secure: fail safe Can the code for v1 be fixed in the following way. It will not change the behavior it will only make clear what the behavior is.
|
Due to Google availability requirement, we have to set network_fail_open to true for default ( for most users). Each individual deployment can decide to alter it. e.g. for your case, you prefer to network_fail_close for security. But as you pointed it out: --service_control_network_fail_open=False doesn't work. We need to come up a way for users to turn it off. I will implement GoogleCloudPlatform/esp-v2#345 in v1 too. In this repo. |
The current definition of the arrgument service_control_network_fail_open is unclear
Default is not on: if this parameter is not specified traffic is blocked on failure connecting to google service controle
"default=True" makes no sense with action='store_true'. it will create its own default in this case False. This creates a lot of confusion.
I propose to change the code to
The text was updated successfully, but these errors were encountered: