configurations

package
v0.2.16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2026 License: MIT Imports: 15 Imported by: 4

Documentation

Overview

Package configurations routes service configurations and DNS declarations between codefly services.

A "configuration" is a typed key/value bundle a service publishes for its dependents to consume — postgres exposes a connection string, vault exposes a token, an auth service exposes a JWKS URL. The Manager type aggregates configurations from every service in dependency order and injects them into dependent services as environment variables (CODEFLY__SERVICE_<NAME>__...).

DNS declarations live alongside configurations: a service can ship a dns/<env>/dns.codefly.yaml to override its in-cluster Service hostname per deploy environment (used historically for host.docker.internal in local-mode `codefly run`). The Manager exposes those via GetDNS for the network package's RemoteManager to consume; missing DNS is now a non-fatal — the network layer synthesizes <svc>.<ns>.svc.cluster.local in cluster envs.

Loader is the abstract interface a service must implement to plug into the manager (Identity, Load, Configurations, DNS). Concrete loaders live in core/cli and similar consumer packages.

Secrets

Secret values (from *.secret.env / *.secret.yaml files) may be either literal plaintext or a reference the environment's secret backend resolves at Load() time:

client_secret: op://dev-vault/auth0/client_secret # 1Password

Backends are selected per environment via workspace.codefly.yaml. It is a list so more backends can be added later:

environments:
  - name: local
    secrets:
      - kind: 1password
        account: my-team

References are safe to commit and resolved in memory — the plaintext value never touches disk. A reference whose backend is not configured for the environment fails the load rather than leaking the raw URI.

1Password is the only backend today; SecretResolver is the seam for adding AWS Secrets Manager, Doppler, Vault, etc.

Plaintext secret values still work (the CONNECTION=postgres://… escape hatch), but they sit unencrypted on disk and are local/dev-only; a plaintext secret used against a configured backend in a non-local environment is logged as a warning. See secrets.go (SecretResolver, ParseSecretReference, ResolversFromEnvironment).

Index

Constants

View Source
const OnePasswordScheme = "op"

Secret values live in *.secret.* files as either a literal plaintext value (the local/dev-only escape hatch — unencrypted on disk) or a reference the configured backend resolves at Load() time. A reference is a URI whose scheme names a secret provider:

client_secret: op://dev-vault/auth0/client_secret

References are safe to commit; the resolved value never touches disk. Only known schemes are treated as references — a plaintext value that happens to contain "://" (a postgres:// URL, say) is passed through untouched. The resolver seam (SecretResolver) is designed so more backends can be added.

View Source
const ProviderOnePassword = "1password"

ProviderOnePassword is the `secrets.kind` that selects the 1Password backend.

Variables

This section is empty.

Functions

func ConfigurationInformationDataFromFile added in v0.1.127

func ConfigurationInformationDataFromFile(ctx context.Context, name string, p string, isSecret bool) (*basev0.ConfigurationInformation, error)

func ConsolidateInfo added in v0.1.123

ConsolidateInfo consolidate informations values per name

func ExtractFromPath added in v0.1.89

func ExtractFromPath(p string) string

ExtractFromPath gets modules/app/services/ServiceWithModule and we want to extract app/ServiceWithModule

func InformationUnmarshal added in v0.1.126

func InformationUnmarshal(info *basev0.ConfigurationInformation, v interface{}) error

func LoadConfigurationInformationsFromFiles added in v0.1.123

func LoadConfigurationInformationsFromFiles(ctx context.Context, dir string) ([]*basev0.ConfigurationInformation, error)

LoadConfigurationInformationsFromFiles returns all configurations infos Naming is path based with respect to dir

Types

type ConfigurationInformationLocalReader added in v0.1.89

type ConfigurationInformationLocalReader struct {
	// contains filtered or unexported fields
}

func NewConfigurationLocalReader added in v0.1.89

func NewConfigurationLocalReader(_ context.Context, workspace *resources.Workspace) (*ConfigurationInformationLocalReader, error)

func (*ConfigurationInformationLocalReader) Configurations added in v0.1.89

func (local *ConfigurationInformationLocalReader) Configurations() []*basev0.Configuration

func (*ConfigurationInformationLocalReader) DNS added in v0.1.89

func (*ConfigurationInformationLocalReader) Identity added in v0.1.89

func (local *ConfigurationInformationLocalReader) Identity() string

func (*ConfigurationInformationLocalReader) Load added in v0.1.89

type ConfigurationInformationWrapper added in v0.1.89

type ConfigurationInformationWrapper struct {
	*basev0.ConfigurationInformation
}

type ConfigurationSource added in v0.1.89

type ConfigurationSource struct {
	ServiceWithModule *resources.ServiceWithModule
	Name              string
}

func FromService added in v0.1.89

func FromService(service *resources.ServiceIdentity, dep string) (*ConfigurationSource, error)

FromService satisfies this format - Name - unique:Name

type Loader added in v0.1.89

type Loader interface {
	Identity() string
	Load(ctx context.Context, env *resources.Environment) error
	// Configurations returns the configurations produced by Load. It must
	// return the same instances on every call (not fresh copies): after Load,
	// the Manager resolves secret references in these objects in place, and
	// LoadConfigurations reads them back expecting the resolved values.
	Configurations() []*basev0.Configuration
	DNS() []*basev0.DNS
}

type Manager added in v0.1.89

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager added in v0.1.89

func NewManager(_ context.Context, workspace *resources.Workspace) (*Manager, error)

func (*Manager) DNS added in v0.1.89

func (manager *Manager) DNS() []*basev0.DNS

func (*Manager) ExposeConfiguration added in v0.1.89

func (manager *Manager) ExposeConfiguration(ctx context.Context, service *resources.ServiceIdentity, confs ...*basev0.Configuration) error

func (*Manager) GetDNS added in v0.1.89

func (manager *Manager) GetDNS(ctx context.Context, svc *resources.ServiceIdentity, endpointName string) (*basev0.DNS, error)

func (*Manager) GetServiceConfiguration added in v0.1.89

func (manager *Manager) GetServiceConfiguration(_ context.Context, service *resources.ServiceIdentity) (*basev0.Configuration, error)

func (*Manager) GetServiceConfigurations added in v0.1.123

func (manager *Manager) GetServiceConfigurations(_ context.Context) ([]*basev0.Configuration, error)

func (*Manager) GetSharedServiceConfiguration added in v0.1.89

func (manager *Manager) GetSharedServiceConfiguration(_ context.Context, unique string) ([]*basev0.Configuration, error)

func (*Manager) GetWorkspaceConfigurations added in v0.1.123

func (manager *Manager) GetWorkspaceConfigurations(_ context.Context) ([]*basev0.Configuration, error)

func (*Manager) GetWorkspaceDependenciesConfigurations added in v0.1.123

func (manager *Manager) GetWorkspaceDependenciesConfigurations(ctx context.Context, deps ...string) ([]*basev0.Configuration, error)

func (*Manager) Load added in v0.1.89

func (manager *Manager) Load(ctx context.Context, env *resources.Environment) error

func (*Manager) LoadConfigurations added in v0.1.89

func (manager *Manager) LoadConfigurations(_ context.Context) error

LoadConfigurations fetch different loaders and consolidate

func (*Manager) LoadDNS added in v0.1.89

func (manager *Manager) LoadDNS(_ context.Context) error

func (*Manager) Restrict added in v0.1.89

func (manager *Manager) Restrict(_ context.Context, values []*resources.ServiceIdentity) error

func (*Manager) WithLoader added in v0.1.89

func (manager *Manager) WithLoader(loader Loader) *Manager

func (*Manager) WithSecretResolver added in v0.2.15

func (manager *Manager) WithSecretResolver(resolvers ...SecretResolver) *Manager

WithSecretResolver registers a secret resolver. Resolvers selected by the environment's `secrets` block are added automatically at Load() time; this is for tests and custom backends.

type OnePasswordResolver added in v0.2.15

type OnePasswordResolver struct {
	// contains filtered or unexported fields
}

OnePasswordResolver resolves op://vault/item/field references through the 1Password `op` CLI. `op read` accepts the full URI and prints the field value to stdout — biometric/session unlock is handled by the CLI itself.

func NewOnePasswordResolver added in v0.2.15

func NewOnePasswordResolver(account string) *OnePasswordResolver

func (*OnePasswordResolver) Resolve added in v0.2.15

func (*OnePasswordResolver) Scheme added in v0.2.15

func (r *OnePasswordResolver) Scheme() string

type SecretReference added in v0.2.15

type SecretReference struct {
	Scheme string
	Path   string
	Raw    string
}

SecretReference is a parsed secret URI, e.g. op://vault/item/field.

func ParseSecretReference added in v0.2.15

func ParseSecretReference(value string) (*SecretReference, bool)

ParseSecretReference reports whether value is a known secret reference and, if so, splits it into scheme and path. Unknown schemes return false so the value is treated as plaintext.

type SecretResolver added in v0.2.15

type SecretResolver interface {
	Scheme() string
	Resolve(ctx context.Context, ref *SecretReference) (string, error)
}

SecretResolver resolves references for a single backend.

func ResolversFromEnvironment added in v0.2.15

func ResolversFromEnvironment(env *resources.Environment) ([]SecretResolver, error)

ResolversFromEnvironment builds the secret resolvers an environment selects via its `secrets` block. No providers means plaintext-only (no resolvers): secret values are used verbatim from the files.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL