-
Notifications
You must be signed in to change notification settings - Fork 11
Harden edgezero #269 runtime config-store load (HTTP layer) #783
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
prk-Jr
wants to merge
28
commits into
main
Choose a base branch
from
feature/edgezero-269-http
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
28 commits
Select commit
Hold shift + click to select a range
edb7f0c
Add EdgeZero-backed ts CLI
ChristianPavilonis 51aaecc
Update CLI EdgeZero revision
ChristianPavilonis 9b4d6fc
Push Trusted Server config as a blob
ChristianPavilonis f4411cb
Use configured Fastly config store name for EdgeZero bootstrap
ChristianPavilonis 6e44a98
Refactor trusted-server CLI around typed EdgeZero blob config
ChristianPavilonis ffc2ba3
Fix host CLI clippy and integration lock
ChristianPavilonis 76040ca
Fix integration dependency parity check
ChristianPavilonis 36d5605
Seed integration app config blob
ChristianPavilonis 621e740
Update EdgeZero integration canary
ChristianPavilonis 57ace6a
Read EdgeZero rollout flag as raw Fastly config
ChristianPavilonis 65188b5
Make EdgeZero integration probe non-fatal
ChristianPavilonis 3831cf2
Generate integration Viceroy configs
ChristianPavilonis 2ca44fe
support config diff
ChristianPavilonis bdb9284
Add Trusted Server audit command
ChristianPavilonis 14eb507
Add ConfigStoreUnavailable error variant mapping to 503
prk-Jr 4d6509f
Classify config-store read failures as ConfigStoreUnavailable (503)
prk-Jr 61fea54
Lock adapter 503 response for ConfigStoreUnavailable
prk-Jr 854edef
Add HTTP-layer config-store 503 design doc
prk-Jr bca5e22
Merge main into feature/edgezero-269-http
prk-Jr ca2e77a
Address PR review: accurate chunk-read hint and retryable 503 body
prk-Jr 3105e6c
Backtick EdgeZero in ec probe doc comments for clippy doc_markdown
prk-Jr 44c2dff
Address automated review: EnvConfig store-name fallback and JA4 503 p…
prk-Jr b075078
Remove duplicated CI steps and docs introduced by main merge
prk-Jr d7e47eb
Format doc
prk-Jr 7e22561
Merge branch 'main' into feature/edgezero-269-http
prk-Jr 27b3ec6
Align edgezero.toml store ids with runtime and drop incidental drift
prk-Jr 8a36c06
Load Spin startup config from a key-value store
prk-Jr 03fc21c
Make Spin startup errors visible and status-accurate
prk-Jr File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| # Spin runtime configuration for the Trusted Server adapter. | ||
| # | ||
| # Declares the `app_config` key-value store that holds the Trusted Server | ||
| # app-config blob loaded at startup and seeded by `ts config push --adapter | ||
| # spin`. Spin auto-provides only the `default` label; any other label (here | ||
| # `app_config`) must be declared here or `spin up` fails with | ||
| # `unknown key_value_stores label app_config`. | ||
| # | ||
| # `type = "spin"` uses Spin's built-in SQLite key-value backend (a local | ||
| # `.spin/sqlite_key_value.db` file), matching what `ts config push --adapter | ||
| # spin --local` writes to. Point it at redis/azure/etc. for a shared backend. | ||
| # | ||
| # Load it explicitly: `spin up --runtime-config-file runtime-config.toml`. | ||
| [key_value_store.app_config] | ||
| type = "spin" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Automated review: Present-but-corrupt Spin app-config bytes are reported as retryable store unavailability.
This
String::from_utf8failure means theapp_configkey was successfully opened and read, but the stored value is corrupt/not a valid text config blob. Because the error is returned asPlatformError::ConfigStore,read_config_entry()wraps it inTrustedServerError::ConfigStoreUnavailable, so Spin returns the new retryable 503 path instead of the intended 500-class "read succeeded but reconstruct/verify failed" path. In practice, an operator who accidentally seeds binary/corrupt bytes gets misleading retryable behavior and clients may keep retrying a terminal bad config.Suggested fix: keep open/get/missing-key failures on the 503 path, but make a present value that cannot be decoded feed the verification/configuration path (for example, have this adapter convert invalid UTF-8 into a
TrustedServerError::Configuration, or decode lossily/otherwise pass bytes forward sosettings_from_config_blobfails as a 500), and add a Spin-specific regression test for non-UTF-8 bytes.