EnvironmentDetails#

pydantic model phalanx.models.environments.EnvironmentDetails#

Full details about an environment, including auth and Argo CD.

Used primarily for documentation generation, which needs details from the Argo CD and Gafaelfawr configurations for that environment. Use EnvironmentConfig instead when only the basic environment configuration is needed.

Parameters:

data (Any) –

Show JSON schema
{
   "title": "EnvironmentDetails",
   "description": "Full details about an environment, including auth and Argo CD.\n\nUsed primarily for documentation generation, which needs details from the\nArgo CD and Gafaelfawr configurations for that environment. Use\n`~phalanx.models.environments.EnvironmentConfig` instead when only the\nbasic environment configuration is needed.",
   "type": "object",
   "properties": {
      "name": {
         "description": "Name of the environment",
         "title": "Name",
         "type": "string"
      },
      "fqdn": {
         "description": "Fully-qualified domain name on which the environment listens",
         "title": "Domain name",
         "type": "string"
      },
      "butlerRepositoryIndex": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "URL to Butler repository index",
         "title": "Butler repository index URL"
      },
      "butlerServerRepositories": {
         "anyOf": [
            {
               "additionalProperties": {
                  "format": "uri",
                  "minLength": 1,
                  "type": "string"
               },
               "type": "object"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "A mapping from label to repository URI for Butler repositoriesserved by Butler server in this environment.",
         "title": "Butler repositories accessible via Butler server"
      },
      "gcp": {
         "anyOf": [
            {
               "$ref": "#/$defs/GCPMetadata"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "If this environment is hosted on Google Cloud Platform, metadata about the hosting project, location, and other details. Used to generate additional environment documentation.",
         "title": "GCP hosting metadata"
      },
      "onepassword": {
         "anyOf": [
            {
               "$ref": "#/$defs/OnepasswordConfig"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "Configuration for using 1Password as a static secrets source",
         "title": "1Password configuration"
      },
      "vaultUrl": {
         "anyOf": [
            {
               "format": "uri",
               "minLength": 1,
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "description": "URL of the Vault server. This is required in the merged values file that includes environment overrides, but the environment override file doesn't need to set it, so it's marked as optional for schema checking purposes to allow the override file to be schema-checked independently.",
         "title": "Vault server URL"
      },
      "vaultPathPrefix": {
         "description": "Prefix of Vault paths, including the KV v2 mount point",
         "title": "Vault path prefix",
         "type": "string"
      },
      "controlSystem": {
         "anyOf": [
            {
               "$ref": "#/$defs/ControlSystemConfig"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "applications": {
         "items": {
            "$ref": "#/$defs/Application"
         },
         "title": "Applications",
         "type": "array"
      },
      "argocdUrl": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "title": "Argocdurl"
      },
      "argocdRbac": {
         "items": {
            "items": {
               "type": "string"
            },
            "type": "array"
         },
         "title": "Argocdrbac",
         "type": "array"
      },
      "identityProvider": {
         "$ref": "#/$defs/IdentityProvider"
      },
      "gafaelfawrScopes": {
         "items": {
            "$ref": "#/$defs/GafaelfawrScope"
         },
         "title": "Gafaelfawrscopes",
         "type": "array"
      }
   },
   "$defs": {
      "Application": {
         "description": "A Phalanx application that knows which environments use it.",
         "properties": {
            "name": {
               "title": "Name",
               "type": "string"
            },
            "namespace": {
               "title": "Namespace",
               "type": "string"
            },
            "chart": {
               "title": "Chart",
               "type": "object"
            },
            "doc_links": {
               "items": {
                  "$ref": "#/$defs/DocLink"
               },
               "title": "Doc Links",
               "type": "array"
            },
            "values": {
               "title": "Values",
               "type": "object"
            },
            "environment_values": {
               "additionalProperties": {
                  "type": "object"
               },
               "title": "Environment Values",
               "type": "object"
            },
            "secrets": {
               "additionalProperties": {
                  "$ref": "#/$defs/ConditionalSecretConfig"
               },
               "title": "Secrets",
               "type": "object"
            },
            "environment_secrets": {
               "additionalProperties": {
                  "additionalProperties": {
                     "$ref": "#/$defs/ConditionalSecretConfig"
                  },
                  "type": "object"
               },
               "title": "Environment Secrets",
               "type": "object"
            },
            "active_environments": {
               "items": {
                  "type": "string"
               },
               "title": "Active Environments",
               "type": "array"
            }
         },
         "required": [
            "name",
            "namespace",
            "chart",
            "doc_links",
            "values",
            "environment_values",
            "secrets",
            "environment_secrets",
            "active_environments"
         ],
         "title": "Application",
         "type": "object"
      },
      "ConditionalSecretConfig": {
         "additionalProperties": false,
         "description": "Possibly conditional specification for an application secret.",
         "properties": {
            "if": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration only applies if this Helm chart setting is set to a true value",
               "title": "Condition"
            },
            "description": {
               "description": "Description of the secret",
               "title": "Description",
               "type": "string"
            },
            "copy": {
               "anyOf": [
                  {
                     "$ref": "#/$defs/ConditionalSecretCopyRules"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Rules for where the secret should be copied from",
               "title": "Copy rules"
            },
            "generate": {
               "anyOf": [
                  {
                     "$ref": "#/$defs/ConditionalSimpleSecretGenerateRules"
                  },
                  {
                     "$ref": "#/$defs/ConditionalSourceSecretGenerateRules"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Rules for how the secret should be generated",
               "title": "Generation rules"
            },
            "onepassword": {
               "allOf": [
                  {
                     "$ref": "#/$defs/SecretOnepasswordConfig"
                  }
               ],
               "description": "Configuration for how the secret is stored in 1Password",
               "title": "1Password configuration"
            },
            "value": {
               "anyOf": [
                  {
                     "format": "password",
                     "type": "string",
                     "writeOnly": true
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Fixed value of secret",
               "title": "Value"
            }
         },
         "required": [
            "description"
         ],
         "title": "ConditionalSecretConfig",
         "type": "object"
      },
      "ConditionalSecretCopyRules": {
         "additionalProperties": false,
         "description": "Possibly conditional rules for copying a secret value from another.",
         "properties": {
            "if": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration only applies if this Helm chart setting is set to a true value",
               "title": "Condition"
            },
            "application": {
               "description": "Application from which the secret should be copied",
               "title": "Application",
               "type": "string"
            },
            "key": {
               "description": "Secret key from which the secret should be copied",
               "title": "Key",
               "type": "string"
            }
         },
         "required": [
            "application",
            "key"
         ],
         "title": "ConditionalSecretCopyRules",
         "type": "object"
      },
      "ConditionalSimpleSecretGenerateRules": {
         "additionalProperties": false,
         "description": "Conditional rules for generating a secret value with no source.",
         "properties": {
            "if": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration only applies if this Helm chart setting is set to a true value",
               "title": "Condition"
            },
            "type": {
               "description": "Type of secret",
               "enum": [
                  "password",
                  "gafaelfawr-token",
                  "fernet-key",
                  "rsa-private-key"
               ],
               "title": "Secret type",
               "type": "string"
            }
         },
         "required": [
            "type"
         ],
         "title": "ConditionalSimpleSecretGenerateRules",
         "type": "object"
      },
      "ConditionalSourceSecretGenerateRules": {
         "description": "Conditional rules for generating a secret from another secret.",
         "properties": {
            "if": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Configuration only applies if this Helm chart setting is set to a true value",
               "title": "Condition"
            },
            "type": {
               "description": "Type of secret",
               "enum": [
                  "bcrypt-password-hash",
                  "mtime"
               ],
               "title": "Secret type",
               "type": "string"
            },
            "source": {
               "description": "Key of secret on which this secret is based. This may only be set by secrets of type ``bcrypt-password-hash`` or ``mtime``.",
               "title": "Source key",
               "type": "string"
            }
         },
         "required": [
            "type",
            "source"
         ],
         "title": "ConditionalSourceSecretGenerateRules",
         "type": "object"
      },
      "ControlSystemConfig": {
         "description": "Configuration for the Control System.",
         "properties": {
            "appNamespace": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "Set the namespace for the control system components. Each control system application consists of many components that need to know what namespace to which they belong.",
               "title": "Application Namespace"
            },
            "imageTag": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "The image tag to use for control system images.",
               "title": "Image Tag"
            },
            "siteTag": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "The tag that tells the control system component where it is running.",
               "title": "Site Tag"
            },
            "topicName": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "The Kafka identifier for control system topics.",
               "title": "Topic Identifier"
            },
            "kafkaBrokerAddress": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "The Kafka broker address for the control system components.",
               "title": "Kafka Broker Address"
            },
            "kafkaTopicReplicationFactor": {
               "anyOf": [
                  {
                     "type": "integer"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "The Kafka topic replication factor for control system components.",
               "title": "Kafka Topic Replication Factor"
            },
            "schemaRegistryUrl": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "The Schema Registry URL for the control system components.",
               "title": "Schema Registry URL"
            },
            "s3EndpointUrl": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "description": "The S3 URL for the environment specific LFA.",
               "title": "S3 Endpoint URL"
            }
         },
         "title": "ControlSystemConfig",
         "type": "object"
      },
      "DocLink": {
         "description": "A documentation link for an application.\n\nThis represents an individual array item in the ``phalanx.lsst.io/docs``\nHelm chart annotation in :file:`Chart.yaml`.",
         "properties": {
            "url": {
               "title": "Url",
               "type": "string"
            },
            "title": {
               "title": "Title",
               "type": "string"
            },
            "id": {
               "anyOf": [
                  {
                     "type": "string"
                  },
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Id"
            }
         },
         "required": [
            "url",
            "title"
         ],
         "title": "DocLink",
         "type": "object"
      },
      "GCPMetadata": {
         "description": "Google Cloud Platform hosting metadata.\n\nHolds information about where in Google Cloud Platform this Phalanx\nenvironment is hosted. This supports generating documentation that\nincludes this metadata, making it easier for administrators to know what\noptions to pass to :command:`gcloud` to do things such as get Kubernetes\ncredentials.",
         "properties": {
            "projectId": {
               "description": "Project ID of GCP project hosting this environment",
               "title": "GCP project ID",
               "type": "string"
            },
            "region": {
               "description": "GCP region in which this environment is hosted",
               "title": "GCP region",
               "type": "string"
            },
            "clusterName": {
               "description": "Name of the GKE cluster hosting this environment",
               "title": "Kubernetes cluster name",
               "type": "string"
            }
         },
         "required": [
            "projectId",
            "region",
            "clusterName"
         ],
         "title": "GCPMetadata",
         "type": "object"
      },
      "GafaelfawrGitHubGroup": {
         "description": "A group based on a GitHub team.",
         "properties": {
            "github": {
               "$ref": "#/$defs/GafaelfawrGitHubTeam"
            }
         },
         "required": [
            "github"
         ],
         "title": "GafaelfawrGitHubGroup",
         "type": "object"
      },
      "GafaelfawrGitHubTeam": {
         "description": "Designates a GitHub team for use as a Gafaelfawr group.",
         "properties": {
            "organization": {
               "title": "Organization",
               "type": "string"
            },
            "team": {
               "title": "Team",
               "type": "string"
            }
         },
         "required": [
            "organization",
            "team"
         ],
         "title": "GafaelfawrGitHubTeam",
         "type": "object"
      },
      "GafaelfawrScope": {
         "description": "A Gafaelfawr scope and its associated groups.",
         "properties": {
            "scope": {
               "title": "Scope",
               "type": "string"
            },
            "groups": {
               "items": {
                  "anyOf": [
                     {
                        "type": "string"
                     },
                     {
                        "$ref": "#/$defs/GafaelfawrGitHubGroup"
                     }
                  ]
               },
               "title": "Groups",
               "type": "array"
            }
         },
         "required": [
            "scope",
            "groups"
         ],
         "title": "GafaelfawrScope",
         "type": "object"
      },
      "IdentityProvider": {
         "description": "Type of identity provider used by Gafaelfawr.",
         "enum": [
            "CILogon",
            "GitHub",
            "OpenID Connect",
            "None"
         ],
         "title": "IdentityProvider",
         "type": "string"
      },
      "OnepasswordConfig": {
         "description": "Configuration for 1Password static secrets source.",
         "properties": {
            "connectUrl": {
               "description": "URL to the 1Password Connect API server",
               "format": "uri",
               "minLength": 1,
               "title": "1Password Connect URL",
               "type": "string"
            },
            "vaultTitle": {
               "description": "Title of the 1Password vault from which to retrieve secrets",
               "title": "1Password vault title",
               "type": "string"
            }
         },
         "required": [
            "connectUrl",
            "vaultTitle"
         ],
         "title": "OnepasswordConfig",
         "type": "object"
      },
      "SecretOnepasswordConfig": {
         "description": "Configuration for how a static secret is stored in 1Password.",
         "properties": {
            "encoded": {
               "default": false,
               "description": "Whether the 1Password copy of the secret is encoded in base64. 1Password doesn't support newlines in secrets, so secrets that contain significant newlines have to be encoded when storing them in 1Password. This flag indicates that this has been done, and therefore when retrieving the secret from 1Password, its base64-encoding must be undone.",
               "title": "Is base64-encoded",
               "type": "boolean"
            }
         },
         "title": "SecretOnepasswordConfig",
         "type": "object"
      }
   },
   "required": [
      "name",
      "fqdn",
      "vaultPathPrefix",
      "applications",
      "argocdUrl",
      "argocdRbac",
      "identityProvider",
      "gafaelfawrScopes"
   ]
}

Config:
  • alias_generator: function = <function to_camel_case at 0x7f9c5633c0e0>

  • populate_by_name: bool = True

Fields:
Validators:
field applications: list[Application] [Required]#

List of enabled applications.

field argocd_rbac: list[list[str]] [Required] (alias 'argocdRbac')#

Argo CD RBAC configuration as a list of parsed CSV lines.

field argocd_url: str | None [Required] (alias 'argocdUrl')#

URL for the Argo CD UI.

field butler_repository_index: str | None = None (alias 'butlerRepositoryIndex')#

URL to Butler repository index

field butler_server_repositories: dict[str, AnyUrl] | None = None (alias 'butlerServerRepositories')#

A mapping from label to repository URI for Butler repositoriesserved by Butler server in this environment.

field control_system: ControlSystemConfig | None = None (alias 'controlSystem')#
field fqdn: str [Required]#

Fully-qualified domain name on which the environment listens

field gafaelfawr_scopes: list[GafaelfawrScope] [Required] (alias 'gafaelfawrScopes')#

Gafaelfawr scopes and their associated groups.

field gcp: GCPMetadata | None = None#

If this environment is hosted on Google Cloud Platform, metadata about the hosting project, location, and other details. Used to generate additional environment documentation.

field identity_provider: IdentityProvider [Required] (alias 'identityProvider')#

Type of identity provider used by Gafaelfawr in this environment.

field name: str [Required]#

Name of the environment

field onepassword: OnepasswordConfig | None = None#

Configuration for using 1Password as a static secrets source

Validated by:
  • _validate_onepassword

field vault_path_prefix: str [Required] (alias 'vaultPathPrefix')#

Prefix of Vault paths, including the KV v2 mount point

field vault_url: AnyHttpUrl | None = None (alias 'vaultUrl')#

URL of the Vault server. This is required in the merged values file that includes environment overrides, but the environment override file doesn’t need to set it, so it’s marked as optional for schema checking purposes to allow the override file to be schema-checked independently.

model_dump(**kwargs)#

Export the model as a dictionary.

Overridden to change the default of by_alias from False to True, so that by default the exported dictionary uses camel-case.

Parameters:

kwargs (Any) –

Return type:

dict[str, Any]

model_dump_json(**kwargs)#

Export the model as JSON.

Overridden to change the default of by_alias from False to True, so that by default the exported dictionary uses camel-case.

Parameters:

kwargs (Any) –

Return type:

str

property argocd_rbac_csv: list[str]#

RBAC configuration formatted for an reStructuredText csv-table.

model_computed_fields: ClassVar[dict[str, ComputedFieldInfo]] = {}#

A dictionary of computed field names and their corresponding ComputedFieldInfo objects.

property vault_path: str#

Vault path without the initial Kv2 mount point.

property vault_read_approle: str#

Name of the Vault read AppRole for this environment.

property vault_read_policy: str#

Name of the Vault read policy for this environment.

property vault_write_policy: str#

Name of the Vault write policy for this environment.

property vault_write_token: str#

Display name of the Vault write token for this environment.

Unlike AppRole names, this could include a slash, but use the same base name as the AppRole for consistency and simplicity. Vault always prepends token-, which we strip off when creating the token.