Commit a5fc994
authored
feat(policy)!: Add manager column to provider configuration for multi-instance support (#2601)
### Proposed Changes
This PR implements the provider configuration manager column enhancement
and includes a significant architecture improvement to eliminate code
duplication.
Core Features
- ✅ Added manager column to provider_config table with composite unique
constraint (provider_name + manager)
- ✅ Database migration with backward compatibility (existingrecords
default to 'local' manager)
- ✅ Updated protobuf definitions to require manager field in API
requests
- ✅ Enhanced SQL queries and audit logging to support manager field
Key Benefits
1. Multiple Instance Support: Create multiple provider configs with same
name but different manager types
2. No Code Duplication: Trust system is single source of truth for
available managers
3. Automatic Discovery: Well-known configuration endpoint automatically
exposes registered trust key managers
4. Premium Integration: Custom managers integrate seamlessly via
existing WithTrustKeyManagerFactories pattern
5. Backward Compatibility: Existing providers automatically assigned
'local' manager type
Technical Changes
- Database: Added manager column with composite unique constraint
- API: Manager field now required in CreateProviderConfig, optional in
UpdateProviderConfig
- Service: Validates against RegistrationParams.KeyManagerFactories
instead of separate registry
- Well-known Config: Dynamically populated from trust key manager
factories
- Tests: Updated to reflect new validation approach
Usage for Custom Managers
Premium builds can add custom managers using the existing
pattern:
```go
server.Start(
server.WithTrustKeyManagerFactories(
trust.NamedKeyManagerFactory{Name: "premium-hsm",
Factory: hsmFactory},
trust.NamedKeyManagerFactory{Name: "premium-vault",
Factory: vaultFactory},
),
)
```
### Checklist
- [ ] I have added or updated unit tests
- [ ] I have added or updated integration tests (if appropriate)
- [ ] I have added or updated documentation
### Testing Instructions1 parent 6fb1515 commit a5fc994
File tree
25 files changed
+1693
-684
lines changed- docs
- grpc
- openapi/policy
- kasregistry
- keymanagement
- unsafe
- protocol/go/policy
- keymanagement
- service
- integration
- internal/fixtures
- kas
- policy
- db
- migrations
- queries
- keymanagement
- wellknownconfiguration
25 files changed
+1693
-684
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 3 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Lines changed: 20 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments