From 5d3367d350dd37dede755e09c48382e0682349db Mon Sep 17 00:00:00 2001
From: Hayden Blauzvern <hblauzvern@google.com>
Date: Tue, 3 Oct 2023 08:57:05 +0000
Subject: [PATCH] Do not block startup if OIDC provider cannot be created

Fixes #1358

If a provider is down, this will prevent the service from starting. We
now log an error if the provider is down. The service will try to fetch
the provider during the next request where that provider is needed.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
---
 pkg/config/config.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pkg/config/config.go b/pkg/config/config.go
index 45f0c1737..9068bd06e 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -229,10 +229,11 @@ func (fc *FulcioConfig) prepare() error {
 		defer cancel()
 		provider, err := oidc.NewProvider(ctx, iss.IssuerURL)
 		if err != nil {
-			return fmt.Errorf("provider %s: %w", iss.IssuerURL, err)
+			log.Logger.Errorf("error creating provider for issuer URL %q: %v", iss.IssuerURL, err)
+		} else {
+			cfg := &oidc.Config{ClientID: iss.ClientID}
+			fc.verifiers[iss.IssuerURL] = []*verifierWithConfig{{provider.Verifier(cfg), cfg}}
 		}
-		cfg := &oidc.Config{ClientID: iss.ClientID}
-		fc.verifiers[iss.IssuerURL] = []*verifierWithConfig{{provider.Verifier(cfg), cfg}}
 	}
 
 	cache, err := lru.New2Q(100 /* size */)