ld-relay
ld-relay copied to clipboard
launchdarkly
ld-relay does not support rotating automatic configuration key
Is your feature request related to a problem? Please describe.
ld-relay does not provide a way to load a new configuration key when rotating secrets. Currently the only way to do this is to restart the ld-relay process.
Describe the solution you'd like
Ideally https://github.com/launchdarkly/ld-relay/blob/v6/relay/relay.go would provide a method for reloading config.
When running ld-relay as a docker container the relay could watch the configuration key path for changes and reload the key when it changes as well.
Hi @simonkotwicz ,
The Relay Proxy does have a mechanism for automatically detecting and responding to environment creations/deletions and key rotations. When enabled, Relay will automatically detect that a key change has occurred and will start supporting it -- without needing to restart the application or update your configuration.
Read our automatic configuration documentation for more information. Note that this feature is only available for LaunchDarkly Enterprise customers.
Cheers, @bwoskow-ld
@bwoskow-ld I'm aware of that, I'm talking about rotating the automatic configuration key in that scenario.
@simonkotwicz If the suggestion is that Relay should automatically detect if an automatic configuration key has been deactivated and replaced, and would receive the new key automatically... that would somewhat defeat the purpose of being able to rotate the key. That is, you would be doing so if you had reason to believe that the original one had been compromised, and you wanted to prevent unauthorized people from using it. That wouldn't be possible if simply having the original key, and maintaining a connection to the Relay endpoint using that key, allowed a Relay instance (or whatever else connected to that endpoint) to automatically receive a new auto-config key.
@simonkotwicz On the other hand, if what you mean is that you'd like to be able to manually edit the auto-config key in the configuration file, and then tell Relay to pick up that new key from the file without a restart of the process - that's another matter. I'm not sure how practical it would be to allow the entire configuration to be hot-swapped in that way (it might be hard to define what the correct behavior would be for changing some of those options in midstream, and a lot of the current code has a "set these things up once at the top" pattern and would need significant restructuring) but it might be more feasible for a more narrowly scoped feature like the auto-config stream.
@eli-darkly yes I mean I'd like to be able to edit the auto-config (or sdk) key without having to kill the process running ld-relay... or at least provide a way to close ld-relay and create a new ld-relay when running ld-relay as part of another application... I think the following is part way there: https://github.com/launchdarkly/ld-relay/blob/fc38d2ffb8c27d0ecc0d32bb9ec98dfbac8e9e12/relay/relay.go#L158
Yeah - I didn't understand in my initial read that you were talking about automatic configuration keys instead of SDK/mobile keys. The issue is reopened.
@simonkotwicz
or at least provide a way to close ld-relay and create a new ld-relay when running ld-relay as part of another application
I'm not sure why there would be any problem in doing that right now, when using the code inside of another app. As you say, Close shuts it down, and to start a new one you would do exactly the same thing you did to start the first one. There isn't any global state outside of the Relay instance, or I should say there's very little and I wouldn't expect it to be significant.
@eli-darkly oh ok I was just looking at the comment there that says:
Currently this includes only the metrics components; it does not close SDK clients.
@simonkotwicz Sorry— good catch. I think that that comment is out of date; I'll double check. We should either fix the comment, or if it's accurate, fix it so that it does close everything.
@simonkotwicz As far as I can tell, that comment is indeed wrong (and possibly was never right - I think it's left over from an incomplete prerelease implementation). It looks to me like Close() should fully release all resources and connections used by the Relay instance.
I'm not sure how practical it would be to allow the entire configuration to be hot-swapped in that way... but it might be more feasible for a more narrowly scoped feature like the auto-config stream.
I guess the other part would be adding support for reloading (part of) the config if you think that's a reasonable and feasible request. The Close function definitely helps though.
Hi @simonkotwicz , just a note that I've filed a feature request for this internally. Has your situation changed at all - is this still something you want?
