TLS file content is not refreshable #221
Comments
bmoylan
changed the title
|
Partially addressed in #689, but if the file contents themselves change, we'll continue using the old value |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In #171 we introduced refreshable configuration which reloads state based on a provided supplier. As a caveat, we we not able to implement refreshability for TLS (Security) parameters. Instead, a warning is logged if the values are updated.
A
*tls.Configis more complex than thenetandhttpstructs because many of its struct fields are functional types which are not compatible withreflect.DeepEqual, used internally by the refreshables. Equality checking is important because we do not want unnecessary updates to downstream listeners.There may be a solution involving an intermediate struct of all primitive types, but we need to continue to support things like certificate providers that poll on their own schedule. Maybe if they are interface types implemented by comparable structs we will get away with it, but this requires more thought and work.
The text was updated successfully, but these errors were encountered: