OPA: Fail fast on discovery or bundle download errors #3120
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Magnus Jungsbluth <[email protected]>
mjungsbluth
commented
Jun 27, 2024
| @@ -476,25 +477,71 @@ func (registry *OpenPolicyAgentRegistry) new(store storage.Store, configBytes [] | |||
| // Start asynchronously starts the policy engine's plugins that download | |||
| // policies, report status, etc. | |||
| func (opa *OpenPolicyAgentInstance) Start(ctx context.Context, timeout time.Duration) error { | |||
| err := opa.manager.Start(ctx) | |||
| discoveryPlugin := discovery.Lookup(opa.manager) | |||
| bundlePlugin := bundle.Lookup(opa.manager) | |||
There was a problem hiding this comment.
I guess this needs to happen later when the discovery plugin is actually ready
mjungsbluth
commented
Jun 27, 2024
|
|
||
| discoveryPlugin.RegisterListener("startuplistener", func(status bundle.Status) { | ||
| if len(status.Errors) > 0 { | ||
| select { |
There was a problem hiding this comment.
I don't think the select is needed here (I wouldn't know what it even does in this case), sending to a channel can be done without it.
mjungsbluth
commented
Jun 27, 2024
| err = waitFunc(ctx, pluginsReady, 100*time.Millisecond) | ||
| // Add listener for bundle plugin on discovery plugin OK, because bundlePlugin is dependent on the configuration | ||
| // discovered using the discovery configs | ||
| bundlePlugin.Register("startuplistener", func(status bundle.Status) { |
There was a problem hiding this comment.
Given the comment above, the check on status seems to be missing...
Pushpalanka
force-pushed
the
opa_fail_fast_startup
branch
from
73bdf5a
to
583fc58
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As part of #3119, this PR changes the behaviour on starting up OPA instances inside the OPA based Skipper filters.
Currently even in the face of download errors of bundles, the default timeout of 30s is applied.
By using listeners both for bundle download and discovery bundle download, we can detect a failure early despite the respective plugins still waiting for the bundles to become available.
Still a draft because tests are missing, there are some cleanups in the code that need to be done.