Runtime+Discovery: Implement Discovery as a ConfigProvider.

philipaconrad · philipaconrad · commit 3472ad371266 · 2026-04-16T18:45:01.000-04:00
This commit implements Discovery, using the `ConfigProvider`
protocol so that the `OPA.Runtime` can use it in a
plug-and-play fashion.

Signed-off-by: Philip Conrad &lt;philip_conrad@apple.com&gt;
diff --git a/Sources/Runtime/BundleLoader.swift b/Sources/Runtime/BundleLoader.swift
@@ -7,15 +7,29 @@ import Rego
 extension OPA {
 
     /// BundleLoader abstracts over the details of retrieving a bundle.
-    public protocol BundleLoader {
+    public protocol BundleLoader: Sendable {
         /// Needs a public constructor that can build from the config directly.
         init(config: OPA.Config, bundleResourceName: String) throws
 
+        /// Constructor for loading a discovery bundle.
+        ///
+        /// The loader should read the bundle location from `config.discovery`
+        /// rather than `config.bundles`. Loaders that don't support discovery
+        /// inherit a default implementation that throws.
+        init(discoveryConfig: OPA.Config) throws
+
         /// Load the bundle, based on the config and any existing state.
         mutating func load() async -> Result<OPA.Bundle, any Swift.Error>
 
         /// Compatibility check, based on what's in the OPA config.
         static func compatibleWithConfig(config: OPA.Config, bundleResourceName: String) -> Bool
+
+        /// Compatibility check for discovery bundle loading.
+        ///
+        /// Returns `true` if this loader type can handle fetching the
+        /// discovery bundle described by `config.discovery`. The default
+        /// implementation returns `false`.
+        static func compatibleWithDiscoveryConfig(config: OPA.Config) -> Bool
     }
 
     /// HTTPBundleLoader is a slightly more specialized protocol to allow greater
@@ -26,7 +40,41 @@ extension OPA {
             config: OPA.Config, bundleResourceName: String, etag: String?, headers: [String: String]?,
             httpClient: HTTPClient?) throws
 
-        /// Used by the loader-manging task to determine whether to sleep or not between polls.
+        /// Constructor for loading a discovery bundle over HTTP.
+        ///
+        /// The loader should read the bundle location from `config.discovery`
+        /// rather than `config.bundles`. Loaders that don't support discovery
+        /// inherit a default implementation that throws.
+        init(
+            discoveryConfig: OPA.Config, etag: String?, headers: [String: String]?,
+            httpClient: HTTPClient?) throws
+
+        /// Used by the loader-managing task to determine whether to sleep or not between polls.
         func isLongPollingEnabled() -> Bool
     }
 }
+
+// MARK: - Default Discovery Implementations
+
+extension OPA.BundleLoader {
+    /// Default: this loader does not support discovery.
+    public static func compatibleWithDiscoveryConfig(config: OPA.Config) -> Bool {
+        return false
+    }
+
+    /// Default: loader throws at init time.
+    public init(discoveryConfig: OPA.Config) throws {
+        throw RuntimeError(code: .discoveryNotSupported, message: "Bundle loader does not support Discovery")
+    }
+
+}
+
+extension OPA.HTTPBundleLoader {
+    /// Default: loader throws at init time.
+    public init(
+        discoveryConfig: OPA.Config, etag: String?, headers: [String: String]?,
+        httpClient: HTTPClient?
+    ) throws {
+        throw RuntimeError(code: .discoveryNotSupported, message: "Bundle loader does not support Discovery")
+    }
+}
diff --git a/Sources/Runtime/ConfigProvider.swift b/Sources/Runtime/ConfigProvider.swift
@@ -36,6 +36,6 @@ extension OPA {
         /// 2. Yield subsequent configs whenever the configuration changes.
         /// 3. Call `continuation.finish()` when done (typically in a `defer`).
         /// 4. Exit on `Task.isCancelled`.
-        func run(yielding continuation: AsyncStream<OPA.Config>.Continuation) async
+        mutating func run(yielding continuation: AsyncStream<OPA.Config>.Continuation) async
     }
 }
diff --git a/Sources/Runtime/DiskBasedBundleLoader.swift b/Sources/Runtime/DiskBasedBundleLoader.swift
@@ -37,6 +37,34 @@ extension OPA {
             self.fetchURL = url
         }
 
+        /// Constructor for loading from the `discovery` section of the config.
+        public init(discoveryConfig config: OPA.Config) throws {
+            guard let discovery = config.discovery else {
+                throw RuntimeError(
+                    code: .internalError,
+                    message: "No discovery config found."
+                )
+            }
+
+            guard let url = URL(string: discovery.resource ?? "") else {
+                throw RuntimeError(
+                    code: .internalError,
+                    message: "Invalid URL for discovery resource: \(discovery.resource ?? "")"
+                )
+            }
+
+            guard url.scheme == "file" else {
+                throw RuntimeError(
+                    code: .internalError,
+                    message: "DiskBasedBundleLoader requires a file:// URL for discovery resource."
+                )
+            }
+
+            self.name = "discovery"
+            self.fetchURL = url
+            self.polling = discovery.downloaderConfig.polling
+        }
+
         // If the resource is a file URL, we can load it.
         public static func compatibleWithConfig(config: Config, bundleResourceName: String) -> Bool {
             guard let resource = config.bundles[bundleResourceName] else {
@@ -46,6 +74,13 @@ extension OPA {
             return (URL(string: resource.resource ?? "")?.scheme == "file")
         }
 
+        public static func compatibleWithDiscoveryConfig(config: Config) -> Bool {
+            guard let discovery = config.discovery else {
+                return false
+            }
+            return URL(string: discovery.resource ?? "")?.scheme == "file"
+        }
+
         public func load() async -> Result<Bundle, any Swift.Error> {
             var isDirectory: ObjCBool = false
             if FileManager.default.fileExists(atPath: self.fetchURL.path, isDirectory: &isDirectory) {
diff --git a/Sources/Runtime/Error.swift b/Sources/Runtime/Error.swift
@@ -16,6 +16,9 @@ public struct RuntimeError: Sendable, Swift.Error {
             case bundleRootConflictError
             case bundleUnpreparedError
             case invalidArgumentError
+
+            // Discovery errors
+            case discoveryNotSupported
         }
 
         private let internalCode: InternalCode
@@ -32,6 +35,9 @@ public struct RuntimeError: Sendable, Swift.Error {
         public static let bundleUnpreparedError = Code(.bundleUnpreparedError)
         public static let internalError = Code(.internalError)
         public static let invalidArgumentError = Code(.invalidArgumentError)
+
+        // Discovery-related codes
+        public static let discoveryNotSupported = Code(.discoveryNotSupported)
     }
 
     /// A code representing the high-level domain of the error.
diff --git a/Sources/Runtime/RESTClientBundleLoader.swift b/Sources/Runtime/RESTClientBundleLoader.swift
@@ -66,6 +66,52 @@ extension OPA {
             self.longPollingEnabled = false
         }
 
+        /// Constructor for loading from the `discovery` section of the config.
+        public init(
+            discoveryConfig config: OPA.Config,
+            etag: String? = nil,
+            headers: [String: String]? = nil,
+            httpClient: HTTPClient? = nil
+        ) throws {
+            guard let discovery = config.discovery else {
+                throw RuntimeError(
+                    code: .internalError,
+                    message: "No discovery config found."
+                )
+            }
+
+            guard !discovery.service.isEmpty else {
+                throw RuntimeError(
+                    code: .internalError,
+                    message: "No service config was provided for discovery."
+                )
+            }
+
+            guard let service = config.services[discovery.service] else {
+                throw RuntimeError(
+                    code: .internalError,
+                    message: "Service '\(discovery.service)' referenced by discovery config not found."
+                )
+            }
+
+            self.name = "discovery"
+            self.fetchURL = service.url.appending(
+                path: discovery.resource ?? "/bundles/discovery")
+            self.etag = etag ?? ""
+            self.serviceConfig = service
+            self.bundleConfig = try BundleSourceConfig(
+                downloaderConfig: discovery.downloaderConfig,
+                service: discovery.service,
+                resource: discovery.resource,
+                signing: discovery.signing
+            )
+            self.customHeaders = headers ?? [:]
+            self.httpClient = httpClient ?? HTTPClient.shared
+            self.polling = discovery.downloaderConfig.polling
+            self.lastBundle = nil
+            self.longPollingEnabled = false
+        }
+
         // If the resource is for a compatible bundle source, we can load it.
         public static func compatibleWithConfig(config: Config, bundleResourceName: String) -> Bool {
             guard let resource = config.bundles[bundleResourceName] else {
@@ -88,6 +134,26 @@ extension OPA {
             }
         }
 
+        public static func compatibleWithDiscoveryConfig(config: Config) -> Bool {
+            guard let discovery = config.discovery else {
+                return false
+            }
+
+            let isFileURL = (URL(string: discovery.resource ?? "")?.scheme == "file")
+            guard !isFileURL && !discovery.service.isEmpty else {
+                return false
+            }
+
+            guard let service = config.services[discovery.service] else {
+                return false
+            }
+
+            switch service.credentials {
+            case .defaultNoAuth, .bearer(_), .clientTLS(_): return true
+            default: return false
+            }
+        }
+
         // Adjust headers, then call the appropriate backend for fetching the bundle.
         // Mutation required for Etag header handling (also requires caching last good bundle).
         public mutating func load() async -> Result<OPA.Bundle, any Swift.Error> {
diff --git a/Sources/Runtime/Runtime.swift b/Sources/Runtime/Runtime.swift
@@ -48,7 +48,7 @@ extension OPA {
         /// Optional config provider (e.g. discovery) that produces
         /// configuration updates over time. Built at init from the boot
         /// config or injected directly as an init parameter.
-        private let configProvider: (any OPA.ConfigProvider)?
+        private var configProvider: (any OPA.ConfigProvider)?
 
         /// The ID this Runtime instance uses to identify itself in logs and traces.
         public nonisolated let instanceID: String
@@ -285,7 +285,7 @@ extension OPA.Runtime {
 
             // Start the config provider (e.g., discovery) if present.
             // It runs entirely off the actor and yields configs to the stream.
-            if let provider {
+            if var provider {
                 group.addTask {
                     await provider.run(yielding: configContinuation)
                 }

Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,6 @@ extension OPA {`
`36`	`36`	`/// 2. Yield subsequent configs whenever the configuration changes.`
`37`	`37`	/// 3. Call `continuation.finish()` when done (typically in a `defer`).
`38`	`38`	/// 4. Exit on `Task.isCancelled`.
`39`		`- func run(yielding continuation: AsyncStream<OPA.Config>.Continuation) async`
	`39`	`+ mutating func run(yielding continuation: AsyncStream<OPA.Config>.Continuation) async`
`40`	`40`	`}`
`41`	`41`	`}`