search

launchdarkly / php-server-sdk

LaunchDarkly Server-side SDK for PHP
https://docs.launchdarkly.com/sdk/server-side/php
Other
36 stars 42 forks source link

SDK-KEY is mandatory when using ld-relay as proxy? #126

Closed juniorb2ss closed 5 years ago

juniorb2ss commented 5 years ago

I did some testing and realized that when using ld-relay as a proxy, sdk-key is not mandatory.

Can I use the library without configure sdk-key in the library when using with ld-relay as proxy?

If not, what are the reasons?

Thanks in advance for any help!

eli-darkly commented 5 years ago

Can you describe your test steps? The relay should always require an SDK key, mobile key, or client-side environment ID, depending on which endpoints you are accessing. This is because it can proxy multiple LaunchDarkly environments and has to be able to distinguish between them, and also just so that the relay does not become a completely unauthenticated entry point into your LD account. That's true regardless of whether you're using PHP or another platform.

juniorb2ss commented 5 years ago

Can you describe your test steps? The relay should always require an SDK key, mobile key, or client-side environment ID, depending on which endpoints you are accessing. This is because it can proxy multiple LaunchDarkly environments and has to be able to distinguish between them, and also just so that the relay does not become a completely unauthenticated entry point into your LD account. That's true regardless of whether you're using PHP or another platform.

Hello @eli-darkly, thanks for the reply.

I just passed sdk-key as null and ld-relay redis configuration and everything works normally. This is a reason I made myself this question.

Here I have one example:

<?php

include 'vendor/autoload.php';

use LaunchDarkly\Integrations\Redis;
use LaunchDarkly\LDClient;
use Domain\Api\LaunchDarkly\LaunchDarkly;
use Domain\Api\LaunchDarkly\LaunchDarklyUserFactory;

$factory = new LaunchDarklyUserFactory('mx');
$ldClient = new LDClient(
    null,
    [
        'offline' => false,
        'feature_requester_class' => Redis::featureRequester([
            'redis_host' => 'localhost',
            'redis_port' => '6379',
            'redis_prefix' => 'development-launchdarkly',
        ]),
    ]
);

$service = new LaunchDarkly([], false);

$service->setClient($ldClient);

$user = $factory->create(uniqid(), 'customer@domain.com');

$value = $service->variation('free-shipping', $user); // true

For each environment development, staging & production I have one configuration in ld-relay which contains correctly sdk-key and I'm using a unique redis server for each environment.

eli-darkly commented 5 years ago

Oh I see, you're talking about not using the relay's REST endpoints at all, just getting the flags from the database. In that case, you're right that the SDK key is not used. And in fact, as you found, the PHP SDK will not give you an error if you pass an arbitrary value like "x", or "", or even null.

In that case, I think what you're asking is whether we could make the whole parameter optional in the method signature (as opposed to making its value optional, which it already is) - so you could call new LDClient() instead of new LDClient(null). We could, but I'm unclear on the advantage of doing so. Either way, you are not being required to "configure sdk-key in the library".

juniorb2ss commented 5 years ago

Oh I see, you're talking about not using the relay's REST endpoints at all, just getting the flags from the database. In that case, you're right that the SDK key is not used. And in fact, as you found, the PHP SDK will not give you an error if you pass an arbitrary value like "x", or "", or even null.

In that case, I think what you're asking is whether we could make the whole parameter optional in the method signature (as opposed to making its value optional, which it already is) - so you could call new LDClient() instead of new LDClient(null). We could, but I'm unclear on the advantage of doing so. Either way, you are not being required to "configure sdk-key in the library".

Thanks for the clarification!

Yep, exactly that. I'm not using the endpoints from ld-relay, just redis database.

I just wondered because we have the track method, and how does this method work without sdk-key? Does it use ld-relay too?

I don't see reason to change LDClient::__construct signature, it's okay for me to pass sdk-key as null

eli-darkly commented 5 years ago

Analytics events in general—whether they are created by track, or identify, or just evaluating a feature flag—are delivered to LaunchDarkly by one of two mechanisms (directly to LD, or to an endpoint of ld-relay), but both of them require a valid SDK key. So if you want to see any event data on your dashboard from your PHP app, you do need the key.

juniorb2ss commented 5 years ago

Analytics events in general—whether they are created by track, or identify, or just evaluating a feature flag—are delivered to LaunchDarkly by one of two mechanisms (directly to LD, or to an endpoint of ld-relay), but both of them require a valid SDK key. So if you want to see any event data on your dashboard from your PHP app, you do need the key.

Oh, Thanks so much for your time! So I will pass the correctly sdk-key.