EnvironmentConfig#

pydantic model phalanx.models.environments.EnvironmentConfig#

Configuration for a Phalanx environment.

This is a model for the values-environment.yaml files for each environment and is also used to validate those files. For the complete configuration for an environment, initialize this model with the merger of values.yaml and values-environment.yaml.

Parameters:

data (Any) –

Show JSON schema
{
   "title": "EnvironmentConfig",
   "description": "Configuration for a Phalanx environment.\n\nThis is a model for the :file:`values-{environment}.yaml` files for each\nenvironment and is also used to validate those files. For the complete\nconfiguration for an environment, initialize this model with the merger of\n:file:`values.yaml` and :file:`values-{environment}.yaml`.",
   "type": "object",
   "properties": {
      "name": {
         "title": "Name",
         "type": "string"
      },
      "fqdn": {
         "title": "Fqdn",
         "type": "string"
      },
      "onepassword": {
         "anyOf": [
            {
               "$ref": "#/$defs/OnepasswordConfig"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "vaultUrl": {
         "title": "Vaulturl",
         "type": "string"
      },
      "vaultPathPrefix": {
         "title": "Vaultpathprefix",
         "type": "string"
      },
      "applications": {
         "additionalProperties": {
            "type": "boolean"
         },
         "title": "Applications",
         "type": "object"
      },
      "butlerRepositoryIndex": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Butlerrepositoryindex"
      },
      "onepasswordUuid": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Onepassworduuid"
      },
      "repoUrl": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Repourl"
      },
      "targetRevision": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Targetrevision"
      }
   },
   "$defs": {
      "OnepasswordConfig": {
         "description": "Configuration for 1Password static secrets source.",
         "properties": {
            "connectUrl": {
               "format": "uri",
               "minLength": 1,
               "title": "Connecturl",
               "type": "string"
            },
            "vaultTitle": {
               "title": "Vaulttitle",
               "type": "string"
            }
         },
         "required": [
            "connectUrl",
            "vaultTitle"
         ],
         "title": "OnepasswordConfig",
         "type": "object"
      }
   },
   "$id": "https://phalanx.lsst.io/schemas/environment.json",
   "additionalProperties": false,
   "required": [
      "name",
      "fqdn",
      "vaultUrl",
      "vaultPathPrefix",
      "applications"
   ]
}

Config:
  • alias_generator: function = <function to_camel_case at 0x7fd1a499c900>

  • populate_by_name: bool = True

  • extra: str = forbid

Fields:
Validators:
field applications: dict[str, bool] [Required]#

List of applications and whether they are enabled.

field butler_repository_index: str | None = None (alias 'butlerRepositoryIndex')#

URL to Butler repository index.

field fqdn: str [Required]#

Fully-qualified domain name.

field name: str [Required]#

Name of the environment.

field onepassword: OnepasswordConfig | None = None#

Configuration for using 1Password as a static secrets source.

Validated by:
  • _validate_onepassword

field onepassword_uuid: str | None = None (alias 'onepasswordUuid')#

UUID of 1Password item in which to find Vault tokens.

This is used only by the old installer and will be removed once the new secrets management and 1Password integration is deployed everywhere.

field repo_url: str | None = None (alias 'repoUrl')#

URL of the Git repository holding Argo CD configuration.

This is required in the merged values file that includes environment overrides, but the environment override file doesn’t need to set it, so it’s marked as optional for schema checking purposes to allow the override file to be schema-checked independently.

field target_revision: str | None = None (alias 'targetRevision')#

Branch of the Git repository holding Argo CD configuration.

This is required in the merged values file that includes environment overrides, but the environment override file doesn’t need to set it, so it’s marked as optional for schema checking purposes to allow the override file to be schema-checked independently.

field vault_path_prefix: str [Required] (alias 'vaultPathPrefix')#

Prefix of Vault paths, including the Kv2 mount point.

field vault_url: str [Required] (alias 'vaultUrl')#

URL of Vault server.

model_dump(**kwargs)#

Export the model as a dictionary.

Overridden to change the default of by_alias from False to True, so that by default the exported dictionary uses camel-case.

Parameters:

kwargs (Any) –

Return type:

dict[str, Any]

model_dump_json(**kwargs)#

Export the model as JSON.

Overridden to change the default of by_alias from False to True, so that by default the exported dictionary uses camel-case.

Parameters:

kwargs (Any) –

Return type:

str

property enabled_applications: list[str]#

Names of all applications enabled for this environment.

property vault_path: str#

Vault path without the initial Kv2 mount point.

property vault_read_approle: str#

Name of the Vault read AppRole for this environment.

property vault_read_policy: str#

Name of the Vault read policy for this environment.

property vault_write_policy: str#

Name of the Vault write policy for this environment.

property vault_write_token: str#

Display name of the Vault write token for this environment.

Unlike AppRole names, this could include a slash, but use the same base name as the AppRole for consistency and simplicity. Vault always prepends token-, which we strip off when creating the token.