New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auth: Don't build authorization drivers into the lxd-agent #13129
Conversation
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome, thanks!
This only builds the parts of the auth package that are referenced by the state.State struct used by the lxd-agent when building the lxd-agent. This significantly reduces the size of the lxd-agent. Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
// clients. It cannot be initialised until after the cluster database is operational. | ||
DriverEmbeddedOpenFGA string = "embedded-openfga" | ||
) | ||
var authorizers = map[string]func() authorizer{} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is still an OpenFGA dependency in this file which we might be able to remove. We could potentially just move the interfaces into a separate file interfaces.go
and keep the rest of the package as is?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep we can do more for sure (and should) to isolate this.
Having to use the build directives is a bit hacky for my liking. But will suffice for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think we should perhaps have a separate agent State struct rather than sharing the one with the LXD server.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah that would be better. The agent doesn't need most of it.
This only builds the parts of the auth package that are referenced by the state.State struct
used by the lxd-agent when building the lxd-agent.
This significantly reduces the size of the lxd-agent.