osproxy-etcd 1.0.0

Reference distributed DirectiveStore backed by etcd v3: a watch-fed, locally-cached fleet directive set.
Documentation

Reference distributed [DirectiveStore] backed by etcd v3.

A fleet of proxy instances must all see the same diagnostics directives, and a control-plane flip must reach every instance with no restart (docs/05 §3, NFR-T3, ADR-013). This adapter realizes that over etcd's watch API using the watch-and-cache model: a background task subscribes to one etcd key and keeps a locally-cached [DirectiveSet] snapshot fresh, so [DirectiveStore::load] on the request hot path is a cheap Arc clone, never per-request network I/O.

It deliberately backs only the directive (observability) control plane. The migration/placement store (osproxy-control::MigrationStore) needs a linearizable compare-and-swap and a fallible, async seam; wiring it over etcd is a separate step gated on that seam refactor.

Posture:

  • Fail-fast at startup: [EtcdDirectiveStore::connect] does an initial read, so an unreachable/misconfigured etcd is a loud construction error, not a silent empty directive set.
  • Fail-safe while running: a transient etcd outage or a malformed publish keeps the last good snapshot rather than blanking diagnostics; the watch task reconnects with a bounded delay.
  • One fail-closed decoder: directives are decoded with [osproxy_observe::decode_directive_set], the same decoder the admin POST /admin/directives endpoint uses, so a directive means the same thing however it is published, and a typo'd key can never widen its blast radius.