Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to start Trustify (with importers) while using my own DB + OIDC provider #1126

Open
carlosthe19916 opened this issue Jan 7, 2025 · 4 comments

Comments

@carlosthe19916
Copy link
Member

Somehow partially might be related to changes done at #1063

cargo run --bin trustd will start the server + local postgresql + embedded oidc + allow the importers to run. Excellent, everything works here!

What I need to develop things locally as a client

  • I need to provide my own oidc instance like Keycloak to properly test things.
  • I can also provide my own database
  • Start the server pointing to my own Keycloak and Postgres instance and be able to make the Importers to run.

Here is the problem:

  • cargo run --bin trustd will not point to my own Keycloak + Postgresql
  • cargo run --bin trustd api --authentication-client-id myclient --authentication-issuer-url http://myoidcserver ... etc. etc will start the server but unable to run the importers
  • cargo run --bin trustd api --devmode --authentication-client-id myclient --authentication-issuer-url http://myoidcserver ... etc. etc ... starts the server but is unable to run importers.

So how to start the server + allow importers to run + point to my own db/oidc instance? with the current status I suspect the only way is to orchestrate things like in the Helm Chart which is way too much for a developer to do. Seems like if I want the importers to run I am forced to accept that I can not provide my own oidc neither my own database. But I can definitely be wrong.

let api = Trustd::parse_from([
"trustd",
"api",
#[cfg(feature = "garage-door")]
"--embedded-oidc",
"--sample-data",
"--db-port",
&postgres.settings().port.to_string(),
]);
let importer = Trustd::parse_from([
"trustd",
"importer",
"--working-dir",
".trustify/importer",
"--db-port",
&postgres.settings().port.to_string(),
]);
LocalSet::new()
.run_until(async {
select! {
ret = spawn_local(api.run())=> { ret },
ret = spawn_local(importer.run())=> { ret },
}
})
.await?

On a similar topic: What is --devmode? do we need it?

What is the exact difference between cargo run --bin trustd and cargo run --bin trustd api --devmode ?

it is confusing to have 2 things that apparently would serve the same purpose but clearly they don't because cargo run --bin trustd allows to run importers while cargo run --bin trustd api --devmode does not allow the importers to run

@jcrossley3
Copy link
Contributor

Somehow partially might be related to changes done at #1063

Maybe "wholly" rather than "partially". :)

Those changes resulted in a new subcommand, importer, that you now must run in addition to the api subcommand. PM mode runs both of them.

You'll need to fire up the importer with the same db settings you pass to api, e.g.

cargo run --bin trustd importer --working-dir .trustify/importer --db-port 44444

On a similar topic: What is --devmode? do we need it?

Good question. I regret that we have both "PM mode" and "dev mode". I think it's more confusing than helpful.

What is the exact difference between cargo run --bin trustd and cargo run --bin trustd api --devmode ?

The first command is "PM mode". I believe the second will run an api server with an embedded OIDC instance and run migrations against the configured database. So essentially a shortcut for 1) passing --embedded-oidc and b) running cargo run --bin trustd db migrate.

I think we can do away with "dev mode" and remove some confusion.

@ctron
Copy link
Contributor

ctron commented Jan 13, 2025

The idea of running the api command is to run only the "API server" (nothing else). Having the importers, you need to run the importer command. And I think that --help should already give a clue about that. And that's what @jcrossley3 explained.

I agree that there's a lot of room for improvement. But I'd prefer not to do any more rash "doesn't work for me" changes. People use things differently, and I don't expect that we get an optimal --work-for-everyone switch.

I think "PM mode" is important. As well as having control over individual features (as that's what we need to deployments). If we can have a --devmode flag for individual services (like api or importer) which preset some values, and reduce the number of individual flags for developers, that would be great too.

@ctron
Copy link
Contributor

ctron commented Jan 13, 2025

@carlosthe19916 Did you try starting cargo run --bin trustd importer?

@carlosthe19916
Copy link
Member Author

@carlosthe19916 Did you try starting cargo run --bin trustd importer?

I confirm it works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants