Allow specifying statuses for fetcher failover#96
Allow specifying statuses for fetcher failover#96grantisu wants to merge 1 commit intoatlassian:mainfrom
Conversation
|
I remember having a discussion about this and my response at the time was "no let's not do this". The case where someone was seeing keys not being propagated was related to the dev environment iirc. Are you seeing one key repository 404 while another one isn't - if so let's try and get that fixed at an infrastructure level (or provide a means to opt into the behaviour you are desiring through this change - but not have it as the default) |
|
The reason I need this is to allow a service running in production to talk to a service running in staging. Beyond that, handling split-brain in keyservers doesn't seem like a terrible idea; if a server really needs to make sure a key isn't fetched from elsewhere, it can use a 410. |
| def __init__(self, key_repository_urls, failover_on=None): | ||
| if not isinstance(key_repository_urls, list): | ||
| raise TypeError('keystore_urls must be a list of urls.') | ||
| if failover_on is None: |
There was a problem hiding this comment.
I don't think we should have this "active" by default.
2 participants
The goal here is to allow using key servers with disjoint sets of keys, which is why 404 doesn't cause an immediate failure.