Provide a means for KMSs to not fail hard when their initialization fails #241
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
What would you like to be added
An option to initialize a KMS ignoring initialization errors related to side effects.
Why this is needed
When a KMS is initialized, it can happen that a system the KMS depends on is not available at the time of initialization, but could be at time of usage. Currently the behavior results in returning an error immediately on failure, which usually results in a failure to continue operating. For some use cases that's fine, such as when a CLI is used to interact with a KMS. It's different when a server process is starting up, and the KMS is not available. The server won't start in that case, unless logic is implemented for handling the specific error.
A solution could be to return a sentinel error that the caller can check for and then decide what to do with it. Another option is to provide options to initialization, affecting the initialization logic. Being able to somehow check the "health" of a KMS might also be useful, similar to how one can ping a DB from inside a process to see if it's still available.
The text was updated successfully, but these errors were encountered: