Skip to content

Introduce an external facing Fioconfig API #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
doanac merged 6 commits into from
Oct 21, 2025
Merged

Introduce an external facing Fioconfig API #71

doanac merged 6 commits into from
Oct 21, 2025

Conversation

@doanac
Copy link
Member

@doanac doanac commented Oct 20, 2025

This set of changes does some minor cleanups and then exposes the bare minimum of an API for other Golang modules to use.

The current internal module is quite large, so I did something similar to how we gradually cleaned up the Fioup API and am just wrapping what we need. We can eventually clean this up more if we ever choose to.

doanac added 5 commits October 20, 2025 11:11
@doanac
lint: Improve time comparsion
11064d9 
Signed-off-by: Andy Doan <andy@foundries.io>
@doanac
lint: Simplify construction of object
c5ea989 
Signed-off-by: Andy Doan <andy@foundries.io>
@doanac
app: change secrets_dir to secretsDir
7fe60e3 
Signed-off-by: Andy Doan <andy@foundries.io>
@doanac
sotatoml: Provide method for find config path search order
9d569a1 
This allows a caller of the API to understand what config paths are
being used.

Signed-off-by: Andy Doan <andy@foundries.io>
@doanac
internal: Add new api for creating App with sotatoml already parsed
2e66569 
Signed-off-by: Andy Doan <andy@foundries.io>
@doanac doanac requested review from detsch and mike-sul October 20, 2025 18:19
@doanac
Copy link
Member Author

doanac commented Oct 20, 2025

I was able to get something going pretty quick in fioup with:

diff --git a/cmd/fioup/daemon.go b/cmd/fioup/daemon.go
index 44f8023..a6fa880 100644
--- a/cmd/fioup/daemon.go
+++ b/cmd/fioup/daemon.go
@@ -6,9 +6,11 @@ package main
 import (
 	"errors"
 	"log/slog"
+	"os"
 	"strconv"
 	"time"
 
+	fioconfig "github.com/foundriesio/fioconfig/app"
 	"github.com/foundriesio/fioup/internal/events"
 	"github.com/foundriesio/fioup/pkg/api"
 	"github.com/foundriesio/fioup/pkg/client"
@@ -19,6 +21,12 @@ import (
 type (
 	daemonOptions struct {
 		runOnce bool
+
+		// FioConfig related options
+		runFioConfig    bool
+		secretsDir      string
+		unsafeHandlers  bool
+		configExtracted bool
 	}
 )
 
@@ -35,7 +43,11 @@ func init() {
 		Args: cobra.NoArgs,
 	}
 	cmd.Flags().BoolVar(&opts.runOnce, "run-once", false, "Run a single update check and exit.")
+	cmd.Flags().BoolVar(&opts.runFioConfig, "fioconfig", true, "Include FioConfig daemon logic.")
+	cmd.Flags().StringVar(&opts.secretsDir, "secrets-dir", "/run/secrets", "Directory to hold FioConfig secrets when enabled.")
+	cmd.Flags().BoolVar(&opts.unsafeHandlers, "unsafe-handlers", false, "Enable unsafe FioConfig handlers.")
 	_ = cmd.Flags().MarkHidden("run-once")
+	_ = cmd.Flags().MarkHidden("unsafe-handlers")
 	rootCmd.AddCommand(cmd)
 }
 
@@ -54,6 +66,17 @@ func doDaemon(cmd *cobra.Command, opts *daemonOptions) {
 		slog.Error("Failed to create gateway client", "error", err)
 		return
 	}
+
+	var configApp *fioconfig.App
+
+	if opts.runFioConfig {
+		configApp, err = fioconfig.NewAppWithConfig(config.TomlConfig(), opts.secretsDir, opts.unsafeHandlers)
+		if err != nil {
+			slog.Error("Failed to create FioConfig handle", "error", err)
+			return
+		}
+	}
+
 	if eventSender, err = events.NewEventSender(config, gwClient); err != nil {
 		slog.Error("Failed to create event sender", "error", err)
 		return
@@ -62,6 +85,10 @@ func doDaemon(cmd *cobra.Command, opts *daemonOptions) {
 	defer eventSender.Stop()
 
 	for {
+		if opts.runFioConfig {
+			configCheck(opts, configApp)
+		}
+
 		err := api.Update(cmd.Context(), config, -1,
 			api.WithGatewayClient(gwClient),
 			api.WithEventSender(eventSender),
@@ -81,3 +108,27 @@ func doDaemon(cmd *cobra.Command, opts *daemonOptions) {
 		}
 	}
 }
+
+func configCheck(opts *daemonOptions, app *fioconfig.App) {
+	if _, err := os.Stat(opts.secretsDir); os.IsNotExist(err) {
+		slog.Debug("Creating FioConfig secrets directory", "dir", opts.secretsDir)
+		if err := os.MkdirAll(opts.secretsDir, 0o700); err != nil {
+			slog.Error("Failed to create secrets directory", "dir", opts.secretsDir, "error", err)
+			return
+		}
+	}
+	if !opts.configExtracted {
+		slog.Debug("Running FioConfig secret extraction")
+		if err := app.Extract(); err != nil {
+			slog.Error("FioConfig secret extraction failed", "error", err)
+		} else {
+			slog.Debug("FioConfig extraction completed successfully")
+			opts.configExtracted = true
+		}
+	}
+	if err := app.CheckIn(); err != nil {
+		if err != fioconfig.NotModifiedError {
+			slog.Error("FioConfig check-in failed", "error", err)
+		}
+	}
+}

vkhoroz
vkhoroz reviewed Oct 20, 2025
View reviewed changes
detsch
detsch approved these changes Oct 20, 2025
View reviewed changes
Copy link
Member

@detsch detsch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@doanac
Create an API for external golang apps
ae762fe 
This exposes the minimum surface area of Fioconfig while avoiding some
of the more complex things like certificate rotation which aren't
supported in Fioup or the community edition of FoundriesFactory.

Signed-off-by: Andy Doan <andy@foundries.io>
mike-sul
mike-sul approved these changes Oct 21, 2025
View reviewed changes
Copy link
Contributor

@mike-sul mike-sul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@doanac doanac merged commit ae762fe into foundriesio:main Oct 21, 2025
2 checks passed
@doanac doanac deleted the external-api branch October 21, 2025 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vkhoroz vkhoroz vkhoroz left review comments

@detsch detsch detsch approved these changes

@mike-sul mike-sul mike-sul approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@doanac @vkhoroz @detsch @mike-sul