feat: strict behavior #474
Conversation
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Manifest Files |
|
We should make sure that we fail hard and exit if you start edge in closed mode with no tokens. |
server/src/cli.rs
Outdated
| @@ -174,6 +174,10 @@ pub struct EdgeArgs { | |||
| /// Token header to use for both edge authorization and communication with the upstream server. | |||
| #[clap(long, env, global = true, default_value = "Authorization")] | |||
| pub token_header: TokenHeader, | |||
|
|
|||
| /// If set to true, Edge starts in open mode. Open mode means that Edge will accept tokens outside of the scope of the startup tokens | |||
| #[clap(short, long, env, default_value_t = true)] | |||
There was a problem hiding this comment.
Shouldn't we default to false here?
There was a problem hiding this comment.
Good point, addressed in e31c1ce
Agreed, that's something that came to mind after our session. What do you think of this approach? 8459d1a Also touches offline mode for consistency (and scouting, seems like offline mode was happy starting with no tokens?), but I'm happy to leave that out of this PR if you prefer. |
Co-authored-by: Simon Hornby <[email protected]>
Co-authored-by: Simon Hornby <[email protected]>
Co-authored-by: Simon Hornby <[email protected]>
There was a problem hiding this comment.
Closed vs Open mode. I think this is the major thing in this project for UX. I think that we should be careful on what we name the modes. Its not clear to me what closed and open means here. I think consistent mode vs eventual cosistent or deterministic vs non deterministic might be some options to consider for this. Id like us to involve @FredrikOseberg before selecting the name of this mode.
|
Looks like I'm a bit late to the party and without that much context. But it looks to me like we already have Edge mode and Offline mode as top level modes. These modes seem to be changing the default behavior of Edge mode if I'm reading this right? So we have two sub-modes of Edge mode? Is that the correct interpretation here? |
I think that's spot on. Edge and Offline modes as top level modes, just like before. Edge behaved like the new "open" mode. We now want it to behave like the new "closed" mode by default, but leave "open" mode as an option. The difference between the modes is explained in the PR description. Essentially "open" mode allows you to hit Edge with any token. Once validated, that token is added to the list of tokens to refresh (fetch features for). "Closed" mode will return 403 for tokens that, once validated, are not subsumed by the currently known tokens. The idea is that e.g. you start Edge with a wildcard token for an environment, and any token that matches that environment should be OK, even if it's narrower in scope (e.g. same environment, but specific project). However tokens for other environments are denied, instead of dynamically added to the list. |
Is it confusing to refer to it as a mode then? I would expect mode to be a state that I can start Edge in based on the current implementation of mode. For example:
While in reality it seems like these are behaviors of edge mode. Would it make more sense to refer to it as Edge mote behavior: |
|
Okay I thought about this a lot more and I spoke to @gardleopard. What's our plan for That aside, I think @FredrikOseberg's suggestion of |
Okay. Also this. What makes sense to me is |
|
Following the recent comments and discussions I made some changes. I think dynamic/strict behaviors are nice terms for this. Definitely better than open/closed modes. I agree that we should introduce this gracefully. The default is now the "dynamic" behavior, so this means no breaking changes to existing users. However we're introducing the "strict" behavior, which is our new recommended way of starting Edge. We can have our quickstart command include The idea is that sometime later we drop this in favor of always defaulting to the "strict" behavior instead. WDYT? |
server/src/error.rs
Outdated
| @@ -204,6 +207,7 @@ impl Display for EdgeError { | |||
| EdgeError::NotReady => { | |||
| write!(f, "Edge is not ready to serve requests") | |||
| } | |||
| EdgeError::InvalidTokenOnClosedMode => write!(f, "Edge is running in closed mode and the token is not subsumed by any registered tokens"), | |||
There was a problem hiding this comment.
This needs to be updated to strict behavior I assume?
There was a problem hiding this comment.
Yes, nice catch! 1363734
|
Are we not gonna put strict as the default behaviour and deprecate but support the dynamic behaviour? |
https://linear.app/unleash/issue/2-2370/add-closed-mode
Adds the concept of "strict" and "dynamic" behaviors when running in Edge mode.
This means no change in behavior for existing users. However we recommend edge mode is started with
--strictfrom now on. The plan is to drop this sometime in the future and instead always default to strict mode.Some tests assumed the "dynamic" behavior by default, so they were adapted accordingly.