Do not block startup if OIDC provider cannot be created

Fixes #1358 If a provider is down, this will prevent the service from starting. We now log an error if the provider is down. The service will try to fetch the provider during the next request where that provider is needed. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
sigstore · Oct 3, 2023 · 5d3367d · 5d3367d
1 parent aedb400
commit 5d3367d
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -229,10 +229,11 @@ func (fc *FulcioConfig) prepare() error {
 		defer cancel()
 		provider, err := oidc.NewProvider(ctx, iss.IssuerURL)
 		if err != nil {
-			return fmt.Errorf("provider %s: %w", iss.IssuerURL, err)
+			log.Logger.Errorf("error creating provider for issuer URL %q: %v", iss.IssuerURL, err)
+		} else {
+			cfg := &oidc.Config{ClientID: iss.ClientID}
+			fc.verifiers[iss.IssuerURL] = []*verifierWithConfig{{provider.Verifier(cfg), cfg}}
 		}
-		cfg := &oidc.Config{ClientID: iss.ClientID}
-		fc.verifiers[iss.IssuerURL] = []*verifierWithConfig{{provider.Verifier(cfg), cfg}}
 	}
 
 	cache, err := lru.New2Q(100 /* size */)