Skip to content

[BUG] Conceptional issue with Environment names and configuration options, for flagd and the providers #1573

Open
1 of 1 issue completed
Open
[BUG] Conceptional issue with Environment names and configuration options, for flagd and the providers#1573
1 of 1 issue completed
Labels
Needs TriageThis issue needs to be investigated by a maintainerbugSomething isn't workinghack.commit.push

Description

@aepfli
aepfli
opened on Feb 24, 2025

Summary

We support configuration via environment variables to simplify the setup of multiple services. This allows both flagd and its providers to share configuration options by using the same environment variable names. However, there is a conceptual mismatch concerning port configuration, which leads to inconsistent and potentially insecure behavior.

Observed Behavior

  • General Approach:
    Environment variables are used to configure both flagd and its providers. Typically, providers use the same variable names (FLAGD_*) as flagd for options such as the port.

  • Port Configuration:

    • flagd exposes two relevant configuration options:
      • port: Used for the primary server port.
      • syncPort: Used for synchronization (RPC) mode.
    • These ports were intentionally separated to provide a basic security boundary (e.g., to prevent unauthorized fetching of targeting configurations when only RPC mode is enabled).

  • Current Implementation:

    • All providers use a single config property called port, mapped to the environment variable FLAGD_PORT.
    • In practice, this refers only to the remote mode.
    • Issue: In-process providers should use FLAGD_SYNC_PORT instead of FLAGD_PORT. Currently, this is not the case.

  • Resulting Problem:

    • Environment variable configuration is broken for all in-process providers.
    • Providers refer to the wrong variable for the port, resulting in misconfiguration and potential security or functional issues.

Expected Behavior

  • Adapt the configuration gherkin tests in the testbed to reflect this correct behavior.
  • Update provider implementations to:
    • Correctly distinguish between FLAGD_PORT (for the main port/remote mode) and FLAGD_SYNC_PORT (for sync/in-process providers).
    • Ensure that environment variables are mapped appropriately and consistently between flagd and its providers.

Steps to Reproduce

No response provided

Additional Context

The differentiation between port and syncPort was designed for enhanced security and clarity, but the uniform use of FLAGD_PORT for all scenarios undermines this intention.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Needs TriageThis issue needs to be investigated by a maintainerbugSomething isn't workinghack.commit.push

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    hack.commit.push
    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions