Environment#

pydantic model phalanx.models.environments.Environment#

A Phalanx environment and its associated settings.

Parameters:

data (Any) โ€“

Show JSON schema
{
   "title": "Environment",
   "description": "A Phalanx environment and its associated settings.",
   "type": "object",
   "properties": {
      "name": {
         "title": "Name",
         "type": "string"
      },
      "fqdn": {
         "title": "Fqdn",
         "type": "string"
      },
      "onepassword": {
         "anyOf": [
            {
               "$ref": "#/$defs/OnepasswordConfig"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "vaultUrl": {
         "title": "Vaulturl",
         "type": "string"
      },
      "vaultPathPrefix": {
         "title": "Vaultpathprefix",
         "type": "string"
      },
      "applications": {
         "additionalProperties": {
            "$ref": "#/$defs/ApplicationInstance"
         },
         "title": "Applications",
         "type": "object"
      }
   },
   "$defs": {
      "ApplicationInstance": {
         "description": "A Phalanx application as configured for a specific environment.",
         "properties": {
            "name": {
               "title": "Name",
               "type": "string"
            },
            "environment": {
               "title": "Environment",
               "type": "string"
            },
            "chart": {
               "title": "Chart",
               "type": "object"
            },
            "values": {
               "title": "Values",
               "type": "object"
            },
            "secrets": {
               "additionalProperties": {
                  "$ref": "#/$defs/Secret"
               },
               "default": {},
               "description": "Secrets required for this application in this environment.",
               "title": "Required secrets",
               "type": "object"
            }
         },
         "required": [
            "name",
            "environment",
            "chart",
            "values"
         ],
         "title": "ApplicationInstance",
         "type": "object"
      },
      "OnepasswordConfig": {
         "description": "Configuration for 1Password static secrets source.",
         "properties": {
            "connectUrl": {
               "format": "uri",
               "minLength": 1,
               "title": "Connecturl",
               "type": "string"
            },
            "vaultTitle": {
               "title": "Vaulttitle",
               "type": "string"
            }
         },
         "required": [
            "connectUrl",
            "vaultTitle"
         ],
         "title": "OnepasswordConfig",
         "type": "object"
      },
      "Secret": {
         "additionalProperties": false,
         "description": "Specification for an application secret for a specific environment.\n\nThe same as `SecretConfig` except augmented with the secret application\nand key for internal convenience.",
         "properties": {
            "description": {
               "title": "Description",
               "type": "string"
            },
            "copy": {
               "anyOf": [
                  {
                     "$ref": "#/$defs/SecretCopyRules"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Rules for where the secret should be copied from"
            },
            "generate": {
               "anyOf": [
                  {
                     "$ref": "#/$defs/SimpleSecretGenerateRules"
                  },
                  {
                     "$ref": "#/$defs/SourceSecretGenerateRules"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Generate"
            },
            "onepassword": {
               "allOf": [
                  {
                     "$ref": "#/$defs/SecretOnepasswordConfig"
                  }
               ],
               "default": {
                  "encoded": false
               }
            },
            "value": {
               "anyOf": [
                  {
                     "format": "password",
                     "type": "string",
                     "writeOnly": true
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Value"
            },
            "key": {
               "title": "Key",
               "type": "string"
            },
            "application": {
               "title": "Application",
               "type": "string"
            }
         },
         "required": [
            "description",
            "key",
            "application"
         ],
         "title": "Secret",
         "type": "object"
      },
      "SecretCopyRules": {
         "additionalProperties": false,
         "description": "Rules for copying a secret value from another secret.",
         "properties": {
            "application": {
               "title": "Application",
               "type": "string"
            },
            "key": {
               "title": "Key",
               "type": "string"
            }
         },
         "required": [
            "application",
            "key"
         ],
         "title": "SecretCopyRules",
         "type": "object"
      },
      "SecretOnepasswordConfig": {
         "description": "Configuration for how a static secret is stored in 1Password.",
         "properties": {
            "encoded": {
               "default": false,
               "title": "Encoded",
               "type": "boolean"
            }
         },
         "title": "SecretOnepasswordConfig",
         "type": "object"
      },
      "SimpleSecretGenerateRules": {
         "additionalProperties": false,
         "description": "Rules for generating a secret value with no source information.",
         "properties": {
            "type": {
               "enum": [
                  "password",
                  "gafaelfawr-token",
                  "fernet-key",
                  "rsa-private-key"
               ],
               "title": "Type",
               "type": "string"
            }
         },
         "required": [
            "type"
         ],
         "title": "SimpleSecretGenerateRules",
         "type": "object"
      },
      "SourceSecretGenerateRules": {
         "description": "Rules for generating a secret from another secret.",
         "properties": {
            "type": {
               "enum": [
                  "bcrypt-password-hash",
                  "mtime"
               ],
               "title": "Type",
               "type": "string"
            },
            "source": {
               "title": "Source",
               "type": "string"
            }
         },
         "required": [
            "type",
            "source"
         ],
         "title": "SourceSecretGenerateRules",
         "type": "object"
      }
   },
   "required": [
      "name",
      "fqdn",
      "vaultUrl",
      "vaultPathPrefix",
      "applications"
   ]
}

Config:
  • alias_generator: function = <function to_camel_case at 0x7fd1a499c900>

  • populate_by_name: bool = True

Fields:
Validators:
field applications: dict[str, ApplicationInstance] [Required]#

Applications enabled for that environment, by name.

field fqdn: str [Required]#

Fully-qualified domain name.

field name: str [Required]#

Name of the environment.

field onepassword: OnepasswordConfig | None = None#

Configuration for using 1Password as a static secrets source.

Validated by:
  • _validate_onepassword

field vault_path_prefix: str [Required] (alias 'vaultPathPrefix')#

Prefix of Vault paths, including the Kv2 mount point.

field vault_url: str [Required] (alias 'vaultUrl')#

URL of Vault server.

all_applications()#

Return all enabled applications in sorted order.

Return type:

list[ApplicationInstance]

all_secrets()#

Return all secrets regardless of application.

Return type:

list[Secret]

model_dump(**kwargs)#

Export the model as a dictionary.

Overridden to change the default of by_alias from False to True, so that by default the exported dictionary uses camel-case.

Parameters:

kwargs (Any) โ€“

Return type:

dict[str, Any]

model_dump_json(**kwargs)#

Export the model as JSON.

Overridden to change the default of by_alias from False to True, so that by default the exported dictionary uses camel-case.

Parameters:

kwargs (Any) โ€“

Return type:

str

property vault_path: str#

Vault path without the initial Kv2 mount point.

property vault_read_approle: str#

Name of the Vault read AppRole for this environment.

property vault_read_policy: str#

Name of the Vault read policy for this environment.

property vault_write_policy: str#

Name of the Vault write policy for this environment.

property vault_write_token: str#

Display name of the Vault write token for this environment.

Unlike AppRole names, this could include a slash, but use the same base name as the AppRole for consistency and simplicity. Vault always prepends token-, which we strip off when creating the token.