Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: enable runtime configuration reloads for auth #1229

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
+9 −1
Open

feat: enable runtime configuration reloads for auth #1229

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
44ba607
feat: enable runtime configuration reloads for auth
Sep 23, 2024
da18a61
Merge branch 'develop' into cs/feat-config-reloads
Oct 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ansible/files/gotrue-optimizations.service.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ Description=GoTrue (Auth) optimizations
Type=oneshot
# we don't want failures from this command to cause PG startup to fail
ExecStart=/bin/bash -c "/opt/supabase-admin-api optimize auth --destination-config-file-path /etc/gotrue/gotrue.generated.env ; exit 0"
ExecStartPost=/bin/bash -c "cp -a /etc/gotrue/gotrue.generated.env /etc/auth.d/20_generated.env ; exit 0"
Copy link
Member

@kangmingtay kangmingtay Sep 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm some projects also have a /etc/gotrue.overrides.env file which we use to overwrite configs temporarily - should those be copied over as well?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made sure to only make the changes requested in this pull request. @hf might be able to expand long term thoughts here. I did make some notes to bring up later, I'll post them here for transparency:

--

Some options:
So we now copy generated.env over in the gotrue-optimizations.service - but we don't copy "overrides" anywhere. I can't find references to it in all the source code I have access to except for the service file. I also haven't seen it in use on the ec2 instances.

One or more of the follow options if /etc/gotrue.* files should overwrite auth.d files:

ExecStartPre=-/bin/bash -c "cp -a /etc/gotrue.generated.env /etc/auth.d/20_generated.env; exit 0"
ExecStartPre=-/bin/bash -c "cp -a /etc/gotrue.env /etc/auth.d/50_auth.env; exit 0"
ExecStartPre=-/bin/bash -c "cp -a /etc/gotrue.overrides.env /etc/auth.d/70_overrides.env; exit 0"

Or one or more of the following if we only want to copy them if they don't exist already in the auth.d dir:

ExecStartPre=-/bin/bash -c "test -r /etc/auth.d/20_generated.env || cp -a /etc/gotrue.generated.env /etc/auth.d/20_generated.env; exit 0"
ExecStartPre=-/bin/bash -c "test -r /etc/auth.d/50_auth.env || cp -a /etc/gotrue.env /etc/auth.d/50_auth.env; exit 0"
ExecStartPre=-/bin/bash -c test -r /etc/auth.d/70_overrides.env || cp -a /etc/gotrue.overrides.env /etc/auth.d/70_overrides.env; exit 0"

User=postgrest

[Install]
Expand Down
2 changes: 1 addition & 1 deletion ansible/files/gotrue.service.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Description=Gotrue
[Service]
Type=simple
WorkingDirectory=/opt/gotrue
ExecStart=/opt/gotrue/gotrue
ExecStart=/opt/gotrue/gotrue --config-dir /etc/auth.d
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Existing version already accepts this flag?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I've verified by logging into a project and making sure the flag and expected version are there.

User=gotrue
Restart=always
RestartSec=3
Expand Down
7 changes: 7 additions & 0 deletions ansible/tasks/setup-gotrue.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,13 @@
owner: gotrue
mode: 0775

- name: gotrue - create /etc/auth.d
file:
path: /etc/auth.d
state: directory
owner: gotrue
mode: 0755
kangmingtay marked this conversation as resolved.
Show resolved Hide resolved

- name: gotrue - unpack archive in /opt/gotrue
unarchive:
remote_src: yes
Expand Down
Loading