feat(version): advertise broker_egress capability in version --json#36
Merged
Conversation
The runner probes `fduty version --json` to learn whether the bundled fduty can act as a broker-mode client (read FLASHDUTY_CRED_FD and dial over the inherited control fd). It advertises broker mode to safari only when the probe reports broker_egress=true; otherwise safari would deliver the per-person key out-of-band to an fduty that cannot read it, breaking auth. broker_egress is a compile-time capability (true on unix, where broker_dial_unix.go is built; false elsewhere) — not a version comparison — so dev builds and future versions are handled uniformly. An older fduty ignores --json for the version command and prints the plain line, so the missing field reads as 'not capable', and the runner falls back to the legacy env-key path.
…rect - check fmt.Fprintln/Fprintf returns (errcheck under golangci-lint v2.11) - assert broker_egress matches the compile-time capability (true on unix, false on windows) instead of hard-asserting true, which failed the windows build
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
fduty version --jsonnow includes abroker_egressboolean — the capability the runner probes to decide whether to advertise broker mode to safari.{ "broker_egress": true, "commit": "...", "date": "...", "version": "..." }Plain
fduty versionoutput is unchanged.Why
A runner built with broker support always advertises
broker=1, which makes safari deliver the per-person app_key out-of-band (never in the bash env). If that runner's bundled fduty is older than broker support, it can't readFLASHDUTY_CRED_FDand auth breaks. The runner doesn't refresh fduty on self-update, so a fleet runner can carry a stale fduty.This field lets the runner gate its
broker=1advertisement on the actual capability of its bundled fduty (companion runner PR). Stale fduty → no advertisement → safari falls back to the env-key path → old fduty keeps working. Self-healing, and works in zero-egress BYOC (no fduty refresh needed).Design notes
broker_egressis a compile-time capability (const brokerEgressCapable: true on unix wherebroker_dial_unix.gois built, false elsewhere) — not a version-number comparison, so dev builds (version "") and future releases are handled uniformly.--jsonforversionand prints the plain line → not valid JSON / no field → reads as 'not capable'.marshalStructured(honors --json and --output-format toon).Test
TestVersionJSONAdvertisesBrokerEgresslocks the contract;TestVersionPlainOutputkeeps the human line stable.Part of the egress-auth broker rollout (follows #35).