Luci-config

Stores a registry of projects that use chrome-infra. Imports config files from repos and provides unified API to read them.

• Location: luci-config.appspot.com
• Documentation
• Design Doc
• API
• Safe to use for internal projects: yes, has ACLs.
• Crbug label: Infra-Config
• Owner: nodir@

Import

Luci-config imports config files from Gitiles every 10 min:

• Service configs are imported from infradata/config repo
• Project configs are imported from infra/config branch of project repos (example: infra.git)
• Ref configs are typically imported from infra/config directory of a branch.

ConfigSet->Location mapping can be found by calling config.get_mapping.

Validation

• luci-config validates its owns configs, including the project registry.
• chrome-infra-auth and buildbucket expose a metadata endpoint that specify that they can validate their configs. The metadata endpoints are registered in services/luci-config:services.cfg. Luci-Config discovers and talks to them to delegate the validation.

Invalid configs are NOT imported into luci-config. Entire config set revision (all files) is rejected if at least one file is invalid. Services that consume configs through luci-config are guaranteed not to receive invalid configs, as long as they make backward-compatible changes to validation code.

As of 2015-08-13, when an invalid config is not imported, an error is emitted in luci-config logs and ereporter2 sends an email to config-ereporeter2-config group with max an hour latency. The plan is to implement presubmit check for configs through luci-config API, and maybe send an email to a commit author.

Security

A project declares its visibility in project.cfg configuration file in infra/config branch. Example:

access: "group:all"

Means the project is public. If not set, it is visible only to an allowlist of trusted services.

See also

• FAQ