Thread FulcioConfig through from main via ctx
#249
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This makes explicit where the config is loaded (incl. error handling), where it is infused into the `ctx` and how it is loaded from `ctx`. Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
mattmoor
force-pushed
the
fulcio-config-context
branch
from
d839b48
to
db76d7d
Compare
mattmoor
commented
Nov 30, 2021
Comment on lines
+52
to
+53
| $(SWAGGER) generate server -f openapi.yaml -q -r COPYRIGHT.txt -t pkg/generated --exclude-main -A fulcio_server --exclude-spec --flag-strategy=pflag --principal github.com/coreos/go-oidc/v3/oidc.IDToken --additional-initialism=SCT | ||
| $(SWAGGER) generate client -f openapi.yaml -q -r COPYRIGHT.txt -t pkg/generated --principal github.com/coreos/go-oidc/v3/oidc.IDToken |
There was a problem hiding this comment.
I did this because it wasn't clear to me what -P was.
mattmoor
changed the title
FulcioConfig through from main via ctx
mattmoor
requested review from
dlorenc and
bobcallaway
and removed request for
dlorenc
sounds great - do you have a list you could share? |
Not yet really, I'm sort of taking it all in and trying to form a plan for it atm. I'll try to socialize the pieces of it as I form a clearer picture. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thread
FulcioConfigthrough to handlers viactxbased on a value that's explicitlyLoad()ed at application start. This is the first of what I expect will be a bunch of refactoring PRs for Fulcio, but I'm trying to take them in bite-sized chunks. This change:ctxas a way we can pass configuration downstream to handlers (here withFulcioConfig, but I'd like to kill the usage ofviperin our library code)FulcioConfig(and eventually others!) periodically (or even via an informer!) to avoid needing to cycle pods to force config reloads.There are some other auxiliary benefits to passing
ctxlike enabling us to model the K8s lifecycle properly by "draining" pods onSIGTERM, which I'm not sure we properly handle today (would require us to switch to something likeknative.dev/pkg/signals.NewContext).Signed-off-by: Matt Moore mattmoor@chainguard.dev
Release Note