Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit/Metadata of Configuration #10

Open
atsticks opened this issue Oct 31, 2017 · 9 comments
Open

Audit/Metadata of Configuration #10

atsticks opened this issue Oct 31, 2017 · 9 comments

Comments

@atsticks
Copy link
Contributor

In sensitive environments I would like to know the source of each configuration entry. Configuration can change the behaviour of an whole application, so the final source of an entry provided by the configuration system during runtime is a relevant topic. So my questions:

  • How the information can be accessed from a configuration about the source (and optionally other metdata) of an entry? From the API side this could be soemthing as
    Map<String,String> getMetadata(String key);
  • Do you see alternatives how this requirement can be covered?

Unfortunately the API is the more simple aspect. The question is how the configuration system get's to this information. I see the following options:

  1. The ConfigSource is extended with the same API method to provide metadata for an entry. This comes with the disadvantage that the configuration has to reevaluate each access to the API method, since ConfigSources can change and any cached metadata gets invalid if a more significant ConfigSource provides a value for a key later.
  2. The ConfigSource returns not only a String, but a more complex value, which also contains the corresponding metadata. This is how it is done in Tamaya with PropertyValue, PropertySource

Other use cases, where this metadata mechanism has shown to be useful is support for collections, where I can provide the expected collection type (set, list, map, subtype mappings) as metadata.
@struberg
Copy link
Contributor

The whole point of Config is that the application (the user code) does not need to know where the configured value is coming from.

I fear this will also add tons of complexity for a very limited benefit.
What are the use cases where you need this meta info?

@atsticks
Copy link
Contributor Author

atsticks commented Oct 31, 2017 via email

@struberg
Copy link
Contributor

all apps with higher sensitivity. Core banking, medical systems, machine control....

Sorry no, that's simply not true from my experience in working in all those fields!
An application might only need information from a certain location. But then it should not use JSR-382 for this very attribute as it would be overkill. It might simply use Properties#load instead and be done.

The main goal of this very JSR is to completely decouple the configuration consumer from the configuration providers.
We don't win anything if the config consumer (user code) does need to know the specific setup of the ConfigSources, etc.

The other thing is: if you have untrusted code running in your own JVM then you need a SecurityManager and an isolating ClassLoader anyway. In which case you could restrict access in there as well.

Please re-read the initial message to the EG: no overengineering, no feature bloat - just plain straight forward functionality pretty please.

@atsticks
Copy link
Contributor Author

atsticks commented Oct 31, 2017 via email

@atsticks
Copy link
Contributor Author

atsticks commented Nov 1, 2017

BTW etcd for example provides metadata by prefixing it's keys with an underscore, e.g.

foo=bar
_foo.ttl=123456

This would still work without any API extensions. The problem about it is, that considering meta-entries from multiple config sources gets more complex, but not impossible. I have no problem, when we decide not to include any API features for it, but I wanted to have the topic discussed ;-).

@jmesnil
Copy link
Contributor

jmesnil commented Nov 16, 2017

This is a valid use case to be able to inspect the actual values used by the application but I don't think this requires to be exposed by the API.

As an example in the WildFly implementation of the Config API, I added some management methods (similar to JMX operations) to list the config-sources used by an application/deployment:

[standalone@localhost:9990 /] /deployment=demo.war/subsystem=microprofile-config/configuration=default:list-config-sources
{
    "outcome" => "success",
    "result" => [
        {
            "name" => "SysPropConfigSource",
            "ordinal" => 400
        },
        {
            "name" => "EnvConfigSource",
            "ordinal" => 300
        },
        {
            "name" => "PropertiesConfigSource[source=vfs:/content/demo.war/WEB-INF/classes/META-INF/microprofile-config.properties]",
            "ordinal" => 100
        }
    ]
}

It can also be used to evaluate the actual values that are provided for a given key:

[standalone@localhost:9990 /] /deployment=demo.war/subsystem=microprofile-config/configuration=default:eval-property(name=FOO)
{
    "outcome" => "success",
    "result" => [
        {
            "value" => "comes from the sys props",
            "config-source" => {
                "name" => "SysPropConfigSource",
                "ordinal" => 400
            }
        },
        {
            "value" => "My FOO property comes from the microprofile-config.properties file",
            "config-source" => {
                "name" => "PropertiesConfigSource[source=vfs:/content/demo.war/WEB-INF/classes/META-INF/microprofile-config.properties]",
                "ordinal" => 100
            }
        }
    ]
}

Such management operation are useful and provides additional value but I agree with @struberg that we should not clutter the Config user API with them.
One key aspect of the JSR is to decouple the config from its sources.

We can however mention in the spec that the implementation SHOULD provide some ways to inspect and list config sources actually used by an application.

@lilian-benoit
Copy link

I agree with @jmesnil , It is interesting for debug goal

We can however mention in the spec that the implementation SHOULD provide some ways to inspect and list config sources actually used by an application

@atsticks
Copy link
Contributor Author

We have a Tamaya branch currently in development, where the JSR API is used as a base, so we have a complete standalone and independent JSR implementation. It has shown that metadata can be added in various ways without having to add the feature as part of the API. So IMO if agreed, we can close this issue.

@jmesnil jmesnil mentioned this issue Jan 31, 2018
Closed
@Emily-Jiang
Copy link
Member

Emily-Jiang commented Apr 24, 2019
edited
Loading

@struberg and I met up today and discussed a bit. @jmesnil @atsticks should we revisit this to see whether this needs to be done?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jmesnil @struberg @atsticks @lilian-benoit @Emily-Jiang