Describe the bug
EN:
ConfigChangeAspect determines the config change pointcut type from ConfigRequestInfo.srcType.
Currently, when srcType is missing or empty, the change may be classified as an RPC change
instead of reflecting that the caller did not provide a source.
Some upstream config publish entries, especially console/admin HTTP paths, may construct
ConfigRequestInfo without explicitly setting srcType. In this case, a config change triggered
from the console UI can be incorrectly treated as an RPC change by the config change aspect.
This becomes observable with external config-change plugins. For example, the file-format config
change plugin in nacos-plugin skips RPC-type change handling:
https://github.com/nacos-group/nacos-plugin/blob/develop/nacos-config-change-plugin-ext/nacos-fileformat-config-change-plugin/src/main/java/com/alibaba/nacos/plugin/config/FileFormatConfigChangePluginService.java
Because the console-originated change is incorrectly marked as RPC, invalid config content that
should be intercepted by the plugin may bypass validation.
ZH:
ConfigChangeAspect 会根据 ConfigRequestInfo.srcType 判断配置变更的切点类型。
目前当 srcType 缺失或为空时,变更可能会被归类为 RPC 变更,而不是保留真实入口来源,
或者体现调用方没有提供来源这一事实。
部分上游配置发布入口,尤其是控制台或 admin HTTP 路径,可能会构造一个没有显式设置
srcType 的 ConfigRequestInfo。这种情况下,从控制台界面触发的配置变更可能会被
配置变更切面错误判断为 RPC 变更。
这个问题在外部配置变更插件中会产生实际影响。例如 nacos-plugin 中的文件格式校验
配置变更插件会跳过 RPC 类型的变更处理:
https://github.com/nacos-group/nacos-plugin/blob/develop/nacos-config-change-plugin-ext/nacos-fileformat-config-change-plugin/src/main/java/com/alibaba/nacos/plugin/config/FileFormatConfigChangePluginService.java
由于控制台来源的变更被错误标记为 RPC,原本应该被插件拦截的错误配置内容可能无法被
正常拦截。
Expected behavior
EN:
Config changes should be routed to the correct config-change pointcut according to their real
entry source:
- HTTP or console/admin HTTP entries should be classified as HTTP changes.
- RPC entries should be classified as RPC changes.
- Missing, empty, or currently unclassifiable
srcType values should not be silently treated as
RPC.
- Delete operations should use remove pointcuts instead of publish pointcuts.
With this behavior, console config changes can still be processed by plugins that intentionally
skip RPC events.
ZH:
配置变更应该根据真实入口来源路由到正确的配置变更切点:
- HTTP 或控制台/admin HTTP 入口应该被识别为 HTTP 变更。
- RPC 入口应该被识别为 RPC 变更。
- 缺失、为空,或者当前无法明确分类的
srcType 不应该被静默当作 RPC 处理。
- 删除操作应该使用 remove 切点,而不是 publish 切点。
这样控制台配置变更仍然可以被那些有意跳过 RPC 事件的插件正常处理。
Actually behavior
EN:
When ConfigRequestInfo.srcType is not explicitly set by an upstream caller, the aspect may treat
the change as RPC. This changes the observable pointcut type passed to config-change plugins.
For the file-format config change plugin mentioned above, RPC-type changes are skipped. Therefore,
a console-originated config publish operation can be misclassified as RPC and bypass plugin
validation.
In addition, delete operations may be routed through publish pointcuts instead of remove pointcuts,
which is inconsistent with the existing pointcut model.
ZH:
当上游调用方没有显式设置 ConfigRequestInfo.srcType 时,切面可能会把该变更当作 RPC
处理。这会改变传递给配置变更插件的实际切点类型。
对于上面提到的文件格式校验配置变更插件,RPC 类型的变更会被跳过。因此,一个从控制台
发起的配置发布操作可能因为被错误识别为 RPC 而绕过插件校验。
另外,删除操作也可能会走 publish 切点,而不是 remove 切点,这与现有切点模型不一致。
How to Reproduce
EN:
- Enable or use a config-change plugin that treats HTTP and RPC pointcuts differently, for example
the file-format config change plugin from nacos-plugin.
- Configure the plugin so that invalid config content should be rejected for console or HTTP config
publish operations.
- Publish or update an invalid config from the Nacos console UI or an admin HTTP entry where
ConfigRequestInfo.srcType is not explicitly set.
- Observe that the config change can be classified as RPC.
- Because the plugin skips RPC-type changes, the invalid config may not be intercepted.
- For delete operations, observe that remove-specific pointcuts may not be used.
ZH:
- 启用或使用一个会区分 HTTP 与 RPC 切点的配置变更插件,例如
nacos-plugin 中的文件
格式校验配置变更插件。
- 配置该插件,使控制台或 HTTP 配置发布操作中的错误配置内容应该被拒绝。
- 从 Nacos 控制台界面,或者某个没有显式设置
ConfigRequestInfo.srcType 的 admin
HTTP 入口发布或更新一份错误配置。
- 观察该配置变更可能会被识别为 RPC。
- 由于插件跳过 RPC 类型变更,错误配置可能不会被正常拦截。
- 对于删除操作,可以观察 remove 专用切点可能没有被使用。
Desktop (please complete the following information):
- OS: Windows / Linux
- Version: Nacos develop branch, observed around 3.2.1-SNAPSHOT
- Module: config, console, plugin/config, ai
- SDK: original / console UI / HTTP API
Additional context
Describe the bug
EN:
ConfigChangeAspectdetermines the config change pointcut type fromConfigRequestInfo.srcType.Currently, when
srcTypeis missing or empty, the change may be classified as an RPC changeinstead of reflecting that the caller did not provide a source.
Some upstream config publish entries, especially console/admin HTTP paths, may construct
ConfigRequestInfowithout explicitly settingsrcType. In this case, a config change triggeredfrom the console UI can be incorrectly treated as an RPC change by the config change aspect.
This becomes observable with external config-change plugins. For example, the file-format config
change plugin in
nacos-pluginskips RPC-type change handling:https://github.com/nacos-group/nacos-plugin/blob/develop/nacos-config-change-plugin-ext/nacos-fileformat-config-change-plugin/src/main/java/com/alibaba/nacos/plugin/config/FileFormatConfigChangePluginService.java
Because the console-originated change is incorrectly marked as RPC, invalid config content that
should be intercepted by the plugin may bypass validation.
ZH:
ConfigChangeAspect会根据ConfigRequestInfo.srcType判断配置变更的切点类型。目前当
srcType缺失或为空时,变更可能会被归类为 RPC 变更,而不是保留真实入口来源,或者体现调用方没有提供来源这一事实。
部分上游配置发布入口,尤其是控制台或 admin HTTP 路径,可能会构造一个没有显式设置
srcType的ConfigRequestInfo。这种情况下,从控制台界面触发的配置变更可能会被配置变更切面错误判断为 RPC 变更。
这个问题在外部配置变更插件中会产生实际影响。例如
nacos-plugin中的文件格式校验配置变更插件会跳过 RPC 类型的变更处理:
https://github.com/nacos-group/nacos-plugin/blob/develop/nacos-config-change-plugin-ext/nacos-fileformat-config-change-plugin/src/main/java/com/alibaba/nacos/plugin/config/FileFormatConfigChangePluginService.java
由于控制台来源的变更被错误标记为 RPC,原本应该被插件拦截的错误配置内容可能无法被
正常拦截。
Expected behavior
EN:
Config changes should be routed to the correct config-change pointcut according to their real
entry source:
srcTypevalues should not be silently treated asRPC.
With this behavior, console config changes can still be processed by plugins that intentionally
skip RPC events.
ZH:
配置变更应该根据真实入口来源路由到正确的配置变更切点:
srcType不应该被静默当作 RPC 处理。这样控制台配置变更仍然可以被那些有意跳过 RPC 事件的插件正常处理。
Actually behavior
EN:
When
ConfigRequestInfo.srcTypeis not explicitly set by an upstream caller, the aspect may treatthe change as RPC. This changes the observable pointcut type passed to config-change plugins.
For the file-format config change plugin mentioned above, RPC-type changes are skipped. Therefore,
a console-originated config publish operation can be misclassified as RPC and bypass plugin
validation.
In addition, delete operations may be routed through publish pointcuts instead of remove pointcuts,
which is inconsistent with the existing pointcut model.
ZH:
当上游调用方没有显式设置
ConfigRequestInfo.srcType时,切面可能会把该变更当作 RPC处理。这会改变传递给配置变更插件的实际切点类型。
对于上面提到的文件格式校验配置变更插件,RPC 类型的变更会被跳过。因此,一个从控制台
发起的配置发布操作可能因为被错误识别为 RPC 而绕过插件校验。
另外,删除操作也可能会走 publish 切点,而不是 remove 切点,这与现有切点模型不一致。
How to Reproduce
EN:
the file-format config change plugin from
nacos-plugin.publish operations.
ConfigRequestInfo.srcTypeis not explicitly set.ZH:
nacos-plugin中的文件格式校验配置变更插件。
ConfigRequestInfo.srcType的 adminHTTP 入口发布或更新一份错误配置。
Desktop (please complete the following information):
Additional context