mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-19 07:54:10 +00:00
848860a9a3
Changes based on independent Codex review:
1. Elevated log level from Debug to Warn for permissive mode fallback
- Operators now see "SECURITY: Cluster validation unavailable" in
journalctl at default log level
- Added similar warning on startup when running in permissive mode
- Makes it obvious when node validation is bypassed
2. Added runtime fallback for AF_NETLINK restrictions
- New discoverLocalHostAddressesFallback() shells out to 'ip addr'
- Triggered when net.Interfaces() fails with netlinkrib error
- Ensures existing installations work even without systemd unit update
- Logs recommendation to update systemd unit for better performance
3. Improved security awareness
- Changed message to explicitly state "allowing all nodes"
- Recommends configuring allowed_nodes for security
- Makes permissive fallback behavior transparent to operators
Related to #571 - temperature monitoring on standalone nodes
These changes ensure the fix works for existing installations that
haven't updated their systemd units, while clearly communicating when
the proxy is running in an insecure permissive mode.
|
||
|---|---|---|
| .. | ||
| audit.go | ||
| audit_test.go | ||
| auth.go | ||
| auth_test.go | ||
| capabilities.go | ||
| cleanup.go | ||
| config.example.yaml | ||
| config.go | ||
| main.go | ||
| main_test.go | ||
| metrics.go | ||
| ssh.go | ||
| ssh_test.go | ||
| throttle.go | ||
| throttle_test.go | ||
| validation.go | ||
| validation_fuzz_test.go | ||
| validation_test.go | ||