Skip to content

feat(cas-backend): introduce fallback mechanism #2629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Piskoo wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat(cas-backend): introduce fallback mechanism #2629

Piskoo wants to merge 9 commits into from
+710 −179

Conversation

@Piskoo
Copy link
Collaborator

@Piskoo Piskoo commented Dec 21, 2025
edited
Loading

Adds support for configuring a fallback CAS backend that is automatically used when the default backend becomes unavailable.

Changes

  • Added fallback boolean field to CAS backends
  • A backend cannot be both default and fallback
  • Creating a new fallback backend automatically unsets the previous one
  • Fallback backends are included in periodic validation (every 30 minutes)
  • During attestation process cas backend is decided as follows:
    • Try default backend
    • If default invalid, try fallback backend
    • If fallback invalid or missing, return error
  • Added --fallback flag to all casbackend add commands.

Example

$ chainloop casbackend add oci --repo index.docker.io/repo --username name --password password  --name fallbacktest --fallback

┌───────────────┬────────────────────────┬──────────┬─────────────┬───────────────┬─────────┬──────────┬────────┐
│ NAME          │ LOCATION               │ PROVIDER │ DESCRIPTION │ LIMITS        │ DEFAULT │ FALLBACK │ STATUS │
├───────────────┼────────────────────────┼──────────┼─────────────┼───────────────┼─────────┼──────────┼────────┤
│ fallbacktest  │ index.docker.io/repo   │ OCI      │             │ MaxSize: 300M │ false   │ true     │ valid  │
└───────────────┴────────────────────────┴──────────┴─────────────┴───────────────┴─────────┴──────────┴────────┘

During attestation init cas backend is decided seamlessly, we will provide information on what cas backend was used in the attestation itself.

@Piskoo
add fallback backends
cb2ce28 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo
update checker comment
ac1be49 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo
add fallback column to cli output
89d99b2 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo
update middleware; update inline create
1a3ea1b 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo
update tests
c16521e 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo
add tests; rename checker opts
00125b4 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo
rename checker opts
ec54743 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo
refactor
d529c3e 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo
lint
e0de212 
Signed-off-by: Sylwester Piskozub <[email protected]>
@Piskoo Piskoo requested review from jiparis and migmartri December 22, 2025 13:09
@Piskoo Piskoo marked this pull request as ready for review December 22, 2025 13:09
migmartri
migmartri requested changes Dec 23, 2025
View reviewed changes
app/controlplane/pkg/biz/casbackend.go
// Attempts to use the default backend first, if invalid it uses the fallback backend.
func (uc *CASBackendUseCase) FindDefaultOrFallbackBackend(ctx context.Context, orgID string) (*CASBackend, error) {
// Find the default backend
defaultBackend, err := uc.FindDefaultBackend(ctx, orgID)
Copy link
Member

@migmartri migmartri Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can defaultBackend be nil?

app/controlplane/internal/service/attestation.go
backend, err := s.casUC.FindDefaultOrFallbackBackend(context.Background(), robotAccount.OrgID)
if err != nil {
if biz.IsNotFound(err) {
return nil, errors.NotFound("not found", "default CAS backend not found")
Copy link
Member

@migmartri migmartri Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we might be able to use something called handle_errors?

Copy link
Member

@migmartri migmartri Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this error message is not accurate, let's try to use handle_errors

app/controlplane/internal/service/attestation.go
if err != nil {
if biz.IsNotFound(err) {
return nil, errors.NotFound("not found", "default CAS backend not found")
} else if biz.IsErrValidation(err) {
Copy link
Member

@migmartri migmartri Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should return ErrorCasBackendErrorReasonInvalid no?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@migmartri migmartri migmartri requested changes

@jiparis jiparis Awaiting requested review from jiparis

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Piskoo @migmartri