Recovery options for IProxyConfigProvider.GetConfig() validation failures

[almostjulian]

Hello,

We are using an implementation of IProxyConfigProvider to handle our YARP Configuration. We're struggling with a way to handle situations where the updated config becomes invalid and the proxy is unable to listen for future changes. We'd like to be able to correct the invalid configuration without having to restart YARP.

We looked to implement IConfigValidtor and signal the IChangeToken once validated, but the internal validation methods are not publicly exposed, and ideally we would want to apply the same validation rules that are being used internally.

Can the internal validation methods be exposed? Or, is there a way to reset IChangeToken once it gets short-circuited?

[samsp-msft]

@MihaZupan if the new config is invalid, does it actually get applied or is it ignored?

[almostjulian]

It's ignored and YARP continues with the last good config.

[benjaminpetit]

If the config is invalid, it should try to reload it automatically after 5 mins. It's a bit long, but you could inject the IConfigValidator in your custom IProxyConfigProvider to check for config validity before updating it.

Do you have debug logs on your issue? You don't see any change even after 5 mins?

[almostjulian]

If the config is invalid, it should try to reload it automatically after 5 mins.

This has not been my experience. Once an invalid config is attempted, it will no longer retry. I think this is consistent with the documentation here:

Source (https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/yarp/config-providers?view=aspnetcore-9.0#reload)

If GetConfig() throws the proxy will be unable to listen for future changes because IChangeTokens are single-use.

It's a bit long, but you could inject the IConfigValidator in your custom IProxyConfigProvider to check for config validity before updating it.

I'd be fine with this, if your internal validation methods were publically exposed. I want to use the same validation rules YARP itself uses. I can mass copy/paste if needed, but trying to avoid that.

I don't have debug logs, I'll try to turn things up to generate them

[MihaZupan]

You can look at the InMemoryConfigProvider implementation (or potentially just use that).
A given IChangeToken is single use, but you can swap the config and signal the new one, even if the previous config you provided was invalid.

If you need to be notified when there are issues, you can subscribe to events via IConfigChangeListener, e.g. ConfigurationApplyingFailed.

[benjaminpetit]

I'd be fine with this, if your internal validation methods were publically exposed. I want to use the same validation rules YARP itself uses. I can mass copy/paste if needed, but trying to avoid that.

Not sure what I am missing here, but the methods from IConfigValidator are public.

[almostjulian]

Sorry, I should have realized the default implementation was registered in DI, I thought I had to implement my own.