Developer Overview
The ConfigHub SDK is available on GitHub: https://github.com/confighub/sdk
It is primarily written in Go: https://pkg.go.dev/github.com/confighub/sdk
Within the SDK, ConfigHub has several surfaces you can build on:
The CLI source is included in the SDK also, as an example API client. The CLI reference can be found on the left and the CLI usage overview can be found among the guides.
The API and client libraries are for building tools, UI surfaces, and other external clients that call ConfigHub.
Bridges and functions implement functionality that ConfigHub can invoke. Bridges are for synchronizing configuration data in ConfigHub with systems under management. Functions are for changing, validating, and extracting data from configuration data in ConfigHub.
Here are some differences between the two mechanisms:
| Bridges | Functions |
|---|---|
| Asynchronous (like Kubernetes controllers) | Synchronous |
| Standard actions: Apply, Destroy, Refresh, Import; author-defined BridgeOptions | Author-defined functions and Parameters |
| Same interface, different implementations | Interface is tied to implementation |
| State machine updates LastAppliedRevisionNum, LiveRevisionNum, etc. | Stateless |
| Receives and updates Data, LiveData, LiveState, BridgeState | Receives Data OR LiveState, updates only Data, and returns JSON Output |
| Tracked by QueuedOperations/UnitActions and UnitEvents, mainly | Tracked by Revisions and Mutations, mainly |
| Individual operations are orchestrated across multiple units | Multiple functions are orchestrated for each unit individually |
| Mostly non-hermetic | Mostly hermetic |
| Mostly run in worker | Many are built into ConfigHub |
| Target + ProviderType is required | No Target + ProviderType required |
| Target saves Options | Invocations and Triggers save Arguments |
| Target and BridgeWorker Permissions | No function-specific Permissions; BridgeWorker Permissions for worker functions |
| BridgeHandle for associating credentials and coordinates | No handle for external secret management |
| Can access ConfigHub API through worker credentials | No pattern for accessing ConfigHub API |
| Metadata passed via BridgeWorkerPayload, which includes BridgeHandle and ProviderType | Metadata passed via FunctionContext, including DataHash, ApprovedBy |
| Invoked on demand only | Invoked on demand and by Triggers |
| Plan to have a continuous drift reconciliation mode | No plans for continuous reconciliation |
| Operate on native format | Operate on IR (converted format) |
| Mostly single ToolchainType input or output | Many support multiple ToolchainTypes |