search

palantir / conjure-go-runtime

Go implementation of the Conjure runtime
Apache License 2.0
12 stars 22 forks source link

TLS file content is not refreshable #221

Open bmoylan opened 2 years ago

bmoylan commented 2 years ago

In #171 we introduced refreshable configuration which reloads state based on a provided supplier. As a caveat, we we not able to implement refreshability for TLS (Security) parameters. Instead, a warning is logged if the values are updated.

A *tls.Config is more complex than the net and http structs because many of its struct fields are functional types which are not compatible with reflect.DeepEqual, used internally by the refreshables. Equality checking is important because we do not want unnecessary updates to downstream listeners.

There may be a solution involving an intermediate struct of all primitive types, but we need to continue to support things like certificate providers that poll on their own schedule. Maybe if they are interface types implemented by comparable structs we will get away with it, but this requires more thought and work.

bmoylan commented 3 weeks ago

Partially addressed in #689, but if the file contents themselves change, we'll continue using the old value