PhalanxConfig#

pydantic model phalanx.models.environments.PhalanxConfig#

Root container for the entire Phalanx configuration.

Parameters:

data (Any) –

Show JSON schema
{
   "title": "PhalanxConfig",
   "description": "Root container for the entire Phalanx configuration.",
   "type": "object",
   "properties": {
      "environments": {
         "items": {
            "$ref": "#/$defs/EnvironmentDetails"
         },
         "title": "Environments",
         "type": "array"
      },
      "applications": {
         "items": {
            "$ref": "#/$defs/Application"
         },
         "title": "Applications",
         "type": "array"
      }
   },
   "$defs": {
      "Application": {
         "description": "A Phalanx application that knows which environments use it.",
         "properties": {
            "name": {
               "title": "Name",
               "type": "string"
            },
            "namespace": {
               "title": "Namespace",
               "type": "string"
            },
            "chart": {
               "title": "Chart",
               "type": "object"
            },
            "doc_links": {
               "items": {
                  "$ref": "#/$defs/DocLink"
               },
               "title": "Doc Links",
               "type": "array"
            },
            "values": {
               "title": "Values",
               "type": "object"
            },
            "environment_values": {
               "additionalProperties": {
                  "type": "object"
               },
               "title": "Environment Values",
               "type": "object"
            },
            "secrets": {
               "additionalProperties": {
                  "$ref": "#/$defs/ConditionalSecretConfig"
               },
               "title": "Secrets",
               "type": "object"
            },
            "environment_secrets": {
               "additionalProperties": {
                  "additionalProperties": {
                     "$ref": "#/$defs/ConditionalSecretConfig"
                  },
                  "type": "object"
               },
               "title": "Environment Secrets",
               "type": "object"
            },
            "active_environments": {
               "items": {
                  "type": "string"
               },
               "title": "Active Environments",
               "type": "array"
            }
         },
         "required": [
            "name",
            "namespace",
            "chart",
            "doc_links",
            "values",
            "environment_values",
            "secrets",
            "environment_secrets",
            "active_environments"
         ],
         "title": "Application",
         "type": "object"
      },
      "ConditionalSecretConfig": {
         "additionalProperties": false,
         "description": "Possibly conditional specification for an application secret.",
         "properties": {
            "if": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration only applies if this Helm chart setting is set to a true value",
               "title": "Condition"
            },
            "description": {
               "description": "Description of the secret",
               "title": "Description",
               "type": "string"
            },
            "copy": {
               "anyOf": [
                  {
                     "$ref": "#/$defs/ConditionalSecretCopyRules"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Rules for where the secret should be copied from",
               "title": "Copy rules"
            },
            "generate": {
               "anyOf": [
                  {
                     "$ref": "#/$defs/ConditionalSimpleSecretGenerateRules"
                  },
                  {
                     "$ref": "#/$defs/ConditionalSourceSecretGenerateRules"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Rules for how the secret should be generated",
               "title": "Generation rules"
            },
            "onepassword": {
               "allOf": [
                  {
                     "$ref": "#/$defs/SecretOnepasswordConfig"
                  }
               ],
               "description": "Configuration for how the secret is stored in 1Password",
               "title": "1Password configuration"
            },
            "value": {
               "anyOf": [
                  {
                     "format": "password",
                     "type": "string",
                     "writeOnly": true
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Fixed value of secret",
               "title": "Value"
            }
         },
         "required": [
            "description"
         ],
         "title": "ConditionalSecretConfig",
         "type": "object"
      },
      "ConditionalSecretCopyRules": {
         "additionalProperties": false,
         "description": "Possibly conditional rules for copying a secret value from another.",
         "properties": {
            "if": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration only applies if this Helm chart setting is set to a true value",
               "title": "Condition"
            },
            "application": {
               "description": "Application from which the secret should be copied",
               "title": "Application",
               "type": "string"
            },
            "key": {
               "description": "Secret key from which the secret should be copied",
               "title": "Key",
               "type": "string"
            }
         },
         "required": [
            "application",
            "key"
         ],
         "title": "ConditionalSecretCopyRules",
         "type": "object"
      },
      "ConditionalSimpleSecretGenerateRules": {
         "additionalProperties": false,
         "description": "Conditional rules for generating a secret value with no source.",
         "properties": {
            "if": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration only applies if this Helm chart setting is set to a true value",
               "title": "Condition"
            },
            "type": {
               "description": "Type of secret",
               "enum": [
                  "password",
                  "gafaelfawr-token",
                  "fernet-key",
                  "rsa-private-key"
               ],
               "title": "Secret type",
               "type": "string"
            }
         },
         "required": [
            "type"
         ],
         "title": "ConditionalSimpleSecretGenerateRules",
         "type": "object"
      },
      "ConditionalSourceSecretGenerateRules": {
         "description": "Conditional rules for generating a secret from another secret.",
         "properties": {
            "if": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration only applies if this Helm chart setting is set to a true value",
               "title": "Condition"
            },
            "type": {
               "description": "Type of secret",
               "enum": [
                  "bcrypt-password-hash",
                  "mtime"
               ],
               "title": "Secret type",
               "type": "string"
            },
            "source": {
               "description": "Key of secret on which this secret is based. This may only be set by secrets of type `bcrypt-password-hash` or `mtime`.",
               "title": "Source key",
               "type": "string"
            }
         },
         "required": [
            "type",
            "source"
         ],
         "title": "ConditionalSourceSecretGenerateRules",
         "type": "object"
      },
      "DocLink": {
         "description": "A documentation link for an application.\n\nThis represents an individual array item in the ``phalanx.lsst.io/docs``\nHelm chart annotation in :file:`Chart.yaml`.",
         "properties": {
            "url": {
               "title": "Url",
               "type": "string"
            },
            "title": {
               "title": "Title",
               "type": "string"
            },
            "id": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Id"
            }
         },
         "required": [
            "url",
            "title"
         ],
         "title": "DocLink",
         "type": "object"
      },
      "EnvironmentDetails": {
         "description": "Full details about an environment, including auth and Argo CD.\n\nUsed primarily for documentation generation, which needs details from the\nArgo CD and Gafaelfawr configurations for that environment.  Use\n`EnvironmentConfig` instead when only the basic environment configuration\nis needed.",
         "properties": {
            "name": {
               "description": "Name of the environment",
               "title": "Name",
               "type": "string"
            },
            "fqdn": {
               "description": "Fully-qualified domain name on which the environment listens",
               "title": "Domain name",
               "type": "string"
            },
            "butlerRepositoryIndex": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "URL to Butler repository index",
               "title": "Butler repository index URL"
            },
            "onepassword": {
               "anyOf": [
                  {
                     "$ref": "#/$defs/OnepasswordConfig"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration for using 1Password as a static secrets source",
               "title": "1Password configuration"
            },
            "vaultUrl": {
               "anyOf": [
                  {
                     "format": "uri",
                     "minLength": 1,
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "URL of the Vault server. This is required in the merged values file that includes environment overrides, but the environment override file doesn't need to set it, so it's marked as optional for schema checking purposes to allow the override file to be schema-checked independently.",
               "title": "Vault server URL"
            },
            "vaultPathPrefix": {
               "description": "Prefix of Vault paths, including the KV v2 mount point",
               "title": "Vault path prefix",
               "type": "string"
            },
            "applications": {
               "items": {
                  "$ref": "#/$defs/Application"
               },
               "title": "Applications",
               "type": "array"
            },
            "argocdUrl": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "title": "Argocdurl"
            },
            "argocdRbac": {
               "items": {
                  "items": {
                     "type": "string"
                  },
                  "type": "array"
               },
               "title": "Argocdrbac",
               "type": "array"
            },
            "identityProvider": {
               "$ref": "#/$defs/IdentityProvider"
            },
            "gafaelfawrScopes": {
               "items": {
                  "$ref": "#/$defs/GafaelfawrScope"
               },
               "title": "Gafaelfawrscopes",
               "type": "array"
            }
         },
         "required": [
            "name",
            "fqdn",
            "vaultPathPrefix",
            "applications",
            "argocdUrl",
            "argocdRbac",
            "identityProvider",
            "gafaelfawrScopes"
         ],
         "title": "EnvironmentDetails",
         "type": "object"
      },
      "GafaelfawrGitHubGroup": {
         "description": "A group based on a GitHub team.",
         "properties": {
            "github": {
               "$ref": "#/$defs/GafaelfawrGitHubTeam"
            }
         },
         "required": [
            "github"
         ],
         "title": "GafaelfawrGitHubGroup",
         "type": "object"
      },
      "GafaelfawrGitHubTeam": {
         "description": "Designates a GitHub team for use as a Gafaelfawr group.",
         "properties": {
            "organization": {
               "title": "Organization",
               "type": "string"
            },
            "team": {
               "title": "Team",
               "type": "string"
            }
         },
         "required": [
            "organization",
            "team"
         ],
         "title": "GafaelfawrGitHubTeam",
         "type": "object"
      },
      "GafaelfawrScope": {
         "description": "A Gafaelfawr scope and its associated groups.",
         "properties": {
            "scope": {
               "title": "Scope",
               "type": "string"
            },
            "groups": {
               "items": {
                  "anyOf": [
                     {
                        "type": "string"
                     },
                     {
                        "$ref": "#/$defs/GafaelfawrGitHubGroup"
                     }
                  ]
               },
               "title": "Groups",
               "type": "array"
            }
         },
         "required": [
            "scope",
            "groups"
         ],
         "title": "GafaelfawrScope",
         "type": "object"
      },
      "IdentityProvider": {
         "description": "Type of identity provider used by Gafaelfawr.",
         "enum": [
            "CILogon",
            "GitHub",
            "OpenID Connect",
            "None"
         ],
         "title": "IdentityProvider",
         "type": "string"
      },
      "OnepasswordConfig": {
         "description": "Configuration for 1Password static secrets source.",
         "properties": {
            "connectUrl": {
               "description": "URL to the 1Password Connect API server",
               "format": "uri",
               "minLength": 1,
               "title": "1Password Connect URL",
               "type": "string"
            },
            "vaultTitle": {
               "description": "Title of the 1Password vault from which to retrieve secrets",
               "title": "1Password vault title",
               "type": "string"
            }
         },
         "required": [
            "connectUrl",
            "vaultTitle"
         ],
         "title": "OnepasswordConfig",
         "type": "object"
      },
      "SecretOnepasswordConfig": {
         "description": "Configuration for how a static secret is stored in 1Password.",
         "properties": {
            "encoded": {
               "default": false,
               "description": "Whether the 1Password copy of the secret is encoded in base64. 1Password doesn't support newlines in secrets, so secrets that contain significant newlines have to be encoded when storing them in 1Password. This flag indicates that this has been done, and therefore when retrieving the secret from 1Password, its base64-encoding must be undone.",
               "title": "Is base64-encoded",
               "type": "boolean"
            }
         },
         "title": "SecretOnepasswordConfig",
         "type": "object"
      }
   },
   "required": [
      "environments",
      "applications"
   ]
}

Fields:
field applications: list[Application] [Required]#

All Phalanx applications enabled for any environment.

field environments: list[EnvironmentDetails] [Required]#

Phalanx environments.