Documentation
¶
Overview ¶
Package configurations routes service configurations and DNS declarations between codefly services.
A "configuration" is a typed key/value bundle a service publishes for its dependents to consume — postgres exposes a connection string, vault exposes a token, an auth service exposes a JWKS URL. The Manager type aggregates configurations from every service in dependency order and injects them into dependent services as environment variables (CODEFLY__SERVICE_<NAME>__...).
DNS declarations live alongside configurations: a service can ship a dns/<env>/dns.codefly.yaml to override its in-cluster Service hostname per deploy environment (used historically for host.docker.internal in local-mode `codefly run`). The Manager exposes those via GetDNS for the network package's RemoteManager to consume; missing DNS is now a non-fatal — the network layer synthesizes <svc>.<ns>.svc.cluster.local in cluster envs.
Loader is the abstract interface a service must implement to plug into the manager (Identity, Load, Configurations, DNS). Concrete loaders live in core/cli and similar consumer packages.
Secrets ¶
Secret values (from *.secret.env / *.secret.yaml files) may be either literal plaintext or a reference the environment's secret backend resolves at Load() time:
client_secret: op://dev-vault/auth0/client_secret # 1Password
Backends are selected per environment via workspace.codefly.yaml. It is a list so more backends can be added later:
environments:
- name: local
secrets:
- kind: 1password
account: my-team
References are safe to commit and resolved in memory — the plaintext value never touches disk. A reference whose backend is not configured for the environment fails the load rather than leaking the raw URI.
1Password is the only backend today; SecretResolver is the seam for adding AWS Secrets Manager, Doppler, Vault, etc.
Plaintext secret values still work (the CONNECTION=postgres://… escape hatch), but they sit unencrypted on disk and are local/dev-only; a plaintext secret used against a configured backend in a non-local environment is logged as a warning. See secrets.go (SecretResolver, ParseSecretReference, ResolversFromEnvironment).
Index ¶
- Constants
- func ConfigurationInformationDataFromFile(ctx context.Context, name string, p string, isSecret bool) (*basev0.ConfigurationInformation, error)
- func ConsolidateInfo(ctx context.Context, infos []*basev0.ConfigurationInformation) ([]*basev0.ConfigurationInformation, error)
- func ExtractFromPath(p string) string
- func InformationUnmarshal(info *basev0.ConfigurationInformation, v interface{}) error
- func LoadConfigurationInformationsFromFiles(ctx context.Context, dir string) ([]*basev0.ConfigurationInformation, error)
- type ConfigurationInformationLocalReader
- func (local *ConfigurationInformationLocalReader) Configurations() []*basev0.Configuration
- func (local *ConfigurationInformationLocalReader) DNS() []*basev0.DNS
- func (local *ConfigurationInformationLocalReader) Identity() string
- func (local *ConfigurationInformationLocalReader) Load(ctx context.Context, env *resources.Environment) error
- type ConfigurationInformationWrapper
- type ConfigurationSource
- type Loader
- type Manager
- func (manager *Manager) DNS() []*basev0.DNS
- func (manager *Manager) ExposeConfiguration(ctx context.Context, service *resources.ServiceIdentity, ...) error
- func (manager *Manager) GetDNS(ctx context.Context, svc *resources.ServiceIdentity, endpointName string) (*basev0.DNS, error)
- func (manager *Manager) GetServiceConfiguration(_ context.Context, service *resources.ServiceIdentity) (*basev0.Configuration, error)
- func (manager *Manager) GetServiceConfigurations(_ context.Context) ([]*basev0.Configuration, error)
- func (manager *Manager) GetSharedServiceConfiguration(_ context.Context, unique string) ([]*basev0.Configuration, error)
- func (manager *Manager) GetWorkspaceConfigurations(_ context.Context) ([]*basev0.Configuration, error)
- func (manager *Manager) GetWorkspaceDependenciesConfigurations(ctx context.Context, deps ...string) ([]*basev0.Configuration, error)
- func (manager *Manager) Load(ctx context.Context, env *resources.Environment) error
- func (manager *Manager) LoadConfigurations(_ context.Context) error
- func (manager *Manager) LoadDNS(_ context.Context) error
- func (manager *Manager) Restrict(_ context.Context, values []*resources.ServiceIdentity) error
- func (manager *Manager) WithLoader(loader Loader) *Manager
- func (manager *Manager) WithSecretResolver(resolvers ...SecretResolver) *Manager
- type OnePasswordResolver
- type SecretReference
- type SecretResolver
Constants ¶
const OnePasswordScheme = "op"
Secret values live in *.secret.* files as either a literal plaintext value (the local/dev-only escape hatch — unencrypted on disk) or a reference the configured backend resolves at Load() time. A reference is a URI whose scheme names a secret provider:
client_secret: op://dev-vault/auth0/client_secret
References are safe to commit; the resolved value never touches disk. Only known schemes are treated as references — a plaintext value that happens to contain "://" (a postgres:// URL, say) is passed through untouched. The resolver seam (SecretResolver) is designed so more backends can be added.
const ProviderOnePassword = "1password"
ProviderOnePassword is the `secrets.kind` that selects the 1Password backend.
Variables ¶
This section is empty.
Functions ¶
func ConfigurationInformationDataFromFile ¶ added in v0.1.127
func ConsolidateInfo ¶ added in v0.1.123
func ConsolidateInfo(ctx context.Context, infos []*basev0.ConfigurationInformation) ([]*basev0.ConfigurationInformation, error)
ConsolidateInfo consolidate informations values per name
func ExtractFromPath ¶ added in v0.1.89
ExtractFromPath gets modules/app/services/ServiceWithModule and we want to extract app/ServiceWithModule
func InformationUnmarshal ¶ added in v0.1.126
func InformationUnmarshal(info *basev0.ConfigurationInformation, v interface{}) error
func LoadConfigurationInformationsFromFiles ¶ added in v0.1.123
func LoadConfigurationInformationsFromFiles(ctx context.Context, dir string) ([]*basev0.ConfigurationInformation, error)
LoadConfigurationInformationsFromFiles returns all configurations infos Naming is path based with respect to dir
Types ¶
type ConfigurationInformationLocalReader ¶ added in v0.1.89
type ConfigurationInformationLocalReader struct {
// contains filtered or unexported fields
}
func NewConfigurationLocalReader ¶ added in v0.1.89
func (*ConfigurationInformationLocalReader) Configurations ¶ added in v0.1.89
func (local *ConfigurationInformationLocalReader) Configurations() []*basev0.Configuration
func (*ConfigurationInformationLocalReader) DNS ¶ added in v0.1.89
func (local *ConfigurationInformationLocalReader) DNS() []*basev0.DNS
func (*ConfigurationInformationLocalReader) Identity ¶ added in v0.1.89
func (local *ConfigurationInformationLocalReader) Identity() string
func (*ConfigurationInformationLocalReader) Load ¶ added in v0.1.89
func (local *ConfigurationInformationLocalReader) Load(ctx context.Context, env *resources.Environment) error
type ConfigurationInformationWrapper ¶ added in v0.1.89
type ConfigurationInformationWrapper struct {
*basev0.ConfigurationInformation
}
type ConfigurationSource ¶ added in v0.1.89
type ConfigurationSource struct {
ServiceWithModule *resources.ServiceWithModule
Name string
}
func FromService ¶ added in v0.1.89
func FromService(service *resources.ServiceIdentity, dep string) (*ConfigurationSource, error)
FromService satisfies this format - Name - unique:Name
type Loader ¶ added in v0.1.89
type Loader interface {
Identity() string
Load(ctx context.Context, env *resources.Environment) error
// Configurations returns the configurations produced by Load. It must
// return the same instances on every call (not fresh copies): after Load,
// the Manager resolves secret references in these objects in place, and
// LoadConfigurations reads them back expecting the resolved values.
Configurations() []*basev0.Configuration
DNS() []*basev0.DNS
}
type Manager ¶ added in v0.1.89
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶ added in v0.1.89
func (*Manager) ExposeConfiguration ¶ added in v0.1.89
func (manager *Manager) ExposeConfiguration(ctx context.Context, service *resources.ServiceIdentity, confs ...*basev0.Configuration) error
func (*Manager) GetServiceConfiguration ¶ added in v0.1.89
func (manager *Manager) GetServiceConfiguration(_ context.Context, service *resources.ServiceIdentity) (*basev0.Configuration, error)
func (*Manager) GetServiceConfigurations ¶ added in v0.1.123
func (*Manager) GetSharedServiceConfiguration ¶ added in v0.1.89
func (*Manager) GetWorkspaceConfigurations ¶ added in v0.1.123
func (*Manager) GetWorkspaceDependenciesConfigurations ¶ added in v0.1.123
func (*Manager) LoadConfigurations ¶ added in v0.1.89
LoadConfigurations fetch different loaders and consolidate
func (*Manager) WithLoader ¶ added in v0.1.89
func (*Manager) WithSecretResolver ¶ added in v0.2.15
func (manager *Manager) WithSecretResolver(resolvers ...SecretResolver) *Manager
WithSecretResolver registers a secret resolver. Resolvers selected by the environment's `secrets` block are added automatically at Load() time; this is for tests and custom backends.
type OnePasswordResolver ¶ added in v0.2.15
type OnePasswordResolver struct {
// contains filtered or unexported fields
}
OnePasswordResolver resolves op://vault/item/field references through the 1Password `op` CLI. `op read` accepts the full URI and prints the field value to stdout — biometric/session unlock is handled by the CLI itself.
func NewOnePasswordResolver ¶ added in v0.2.15
func NewOnePasswordResolver(account string) *OnePasswordResolver
func (*OnePasswordResolver) Resolve ¶ added in v0.2.15
func (r *OnePasswordResolver) Resolve(ctx context.Context, ref *SecretReference) (string, error)
func (*OnePasswordResolver) Scheme ¶ added in v0.2.15
func (r *OnePasswordResolver) Scheme() string
type SecretReference ¶ added in v0.2.15
SecretReference is a parsed secret URI, e.g. op://vault/item/field.
func ParseSecretReference ¶ added in v0.2.15
func ParseSecretReference(value string) (*SecretReference, bool)
ParseSecretReference reports whether value is a known secret reference and, if so, splits it into scheme and path. Unknown schemes return false so the value is treated as plaintext.
type SecretResolver ¶ added in v0.2.15
type SecretResolver interface {
Scheme() string
Resolve(ctx context.Context, ref *SecretReference) (string, error)
}
SecretResolver resolves references for a single backend.
func ResolversFromEnvironment ¶ added in v0.2.15
func ResolversFromEnvironment(env *resources.Environment) ([]SecretResolver, error)
ResolversFromEnvironment builds the secret resolvers an environment selects via its `secrets` block. No providers means plaintext-only (no resolvers): secret values are used verbatim from the files.