Expand description
Canonical deployment address derivation — the stable,
app-independent deployment_hash (sha256(customer|environment)[..16]).
Canonical deployment address derivation.
A deployment’s address — the deployment_hash, 16 lowercase hex chars —
is the stable identity that drives the URL/subdomain, filesystem paths, and
certs. It must NOT move when the deployment’s app set, plugin versions, or
active revision change, so the derivation is app-INDEPENDENT: it hashes only
(customer, display_name, created). display_name + created distinguish a
customer’s separate deployments (prod vs staging, two named instances); none
of the inputs is an app id or a revision, so apps/revisions churn freely
without moving the address. Re-deriving for the same triple always yields the
same address (idempotent); created is stamped once at deployment creation
and stored, so it is stable for the life of the deployment.
Format is 16 lowercase hex (the convention yeti-config.yaml’s
canonical-form check and the running fabric already use).
Replication peer-matching compares the attestation value a peer presents,
not the derivation, so narrowing the inputs here is safe — every peer of one
deployment carries the same stamped (display_name, created) and so the same
address.
Functions§
- deployment_
address - Derive the stable, app-independent deployment address.
- is_
canonical_ address - True iff
sis a canonical address: exactly 16 chars, each an ASCII lowercase hex digit (0-9a-f). - node_
state_ key - The
DeploymentNodeStaterow id for(deployment, node). Shared by every writer/reader of that table (staging reactor, serve reactor, rollout seams) so the key format can never drift between them.