Skip to content

Add SSS enabled/disabled switch to EasyCLA (prod)#5105

Open
lukaszgryglicki wants to merge 1 commit into
mainfrom
unicron-sss-enabled-flag-prod
Open

Add SSS enabled/disabled switch to EasyCLA (prod)#5105
lukaszgryglicki wants to merge 1 commit into
mainfrom
unicron-sss-enabled-flag-prod

Conversation

@lukaszgryglicki

Copy link
Copy Markdown
Member

Signed-off-by: Lukasz Gryglicki lgryglicki@cncf.io

Assisted by OpenAI

Assisted by GitHub Copilot

Assisted by Claude

Signed-off-by: Lukasz Gryglicki <lgryglicki@cncf.io>

Assisted by [OpenAI](https://platform.openai.com/)

Assisted by [GitHub Copilot](https://github.com/features/copilot)

Assisted by [Claude](https://claude.ai)
@lukaszgryglicki lukaszgryglicki self-assigned this Jul 1, 2026
Copilot AI review requested due to automatic review settings July 1, 2026 08:02
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0c35e3ad-860c-4d70-812e-b9d9502ce9a4

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch unicron-sss-enabled-flag-prod

Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a runtime kill switch (sssEnabled) for the Sanctions Screening Service (SSS), sourced from a new cla-sss-enabled-{stage} SSM parameter that defaults to true. When set to false, the live SSS check in checkCompanyCompliance is skipped (returning "not blocked") in both the Go (cla-backend-go) and legacy (cla-backend-legacy) backends, while manual/admin sanction blocks and persisted is_sanctioned gates elsewhere continue to apply. The switch is applied consistently across config loading, server wiring, service construction, and the compliance-check code paths, with matching test updates.

Changes:

  • Added a new Enabled SSS flag loaded from cla-sss-enabled-{stage} (default true) via a new getOptionalSSMBoolDefault helper in both backends, and refactored the existing getOptionalSSMBool to delegate to it (now using strconv.ParseBool).
  • Added a kill-switch short-circuit in checkCompanyCompliance (placed after the manual/admin block short-circuit) and threaded sssEnabled through NewService, the server wiring, and the s3_upload call site.
  • Updated existing SSS tests to set sssEnabled: true and added TestCheckCompanyComplianceDisabledSkipsSSS covering the disabled path.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.

Show a summary per file
File Description
cla-backend-go/config/config.go Adds Enabled field to the SSS config struct with a documenting comment.
cla-backend-go/config/ssm.go Loads cla-sss-enabled with default true; adds getOptionalSSMBoolDefault and refactors getOptionalSSMBool.
cla-backend-go/cmd/server.go Reads sssEnabled from config, guards the required-client fatals with it, and passes it to NewService.
cla-backend-go/cmd/s3_upload/main.go Updates the NewService call with the new sssEnabled (false) argument.
cla-backend-go/v2/sign/service.go Adds sssEnabled to the service struct and NewService signature; skips live SSS check when disabled.
cla-backend-go/v2/sign/service_sss_test.go Sets sssEnabled in existing tests and adds a disabled-path test.
cla-backend-legacy/internal/api/handlers.go Mirrors the Go changes: new sssEnabled field/loading, getOptionalSSMBoolDefault, and kill-switch branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants