Phalanx internal API

These pages document the Phalanx internal API, which may be of interest when extending the Phalanx command-line tool or documentation build infrastructure.

Phalanx does not provide a library or Python module for external use. This API is only intended for use within the Phalanx code itself.

phalanx Package

Support tooling for Phalanx, SQuaRE’s application development platform.

Variables

__version__

The version string, although phalanx isn't technically released like a typical Python package.

phalanx.constants Module

Constants for the Phalanx support code.

Things that arguably could be configurable but haven’t yet been made into actual configuration options.

Variables

HELM_DOCLINK_ANNOTATION

Annotation in Chart.yaml for application documentation links.

ONEPASSWORD_ENCODED_WARNING

Warning to add to secrets that must be encoded in 1Password.

PULL_SECRET_DESCRIPTION

Description to put in the static secrets YAML file for pull-secret.

VAULT_APPROLE_SECRET_TEMPLATE

Template for a Secret containing AppRole credentials.

VAULT_TOKEN_SECRET_TEMPLATE

Template for a Secret containing token credentials.

VAULT_WRITE_TOKEN_LIFETIME

Default lifetime to set for Vault write tokens.

VAULT_WRITE_TOKEN_WARNING_LIFETIME

Remaining lifetime at which to warn that a token is about to expire.

phalanx.docs.crossref Module

Cross-referencing roles and directives for Phalanx topics.

Functions

setup(app)

Set up the Phalan cross-referencing extensions.

phalanx.docs.jinja Module

Helper functions for Sphinx Jinja templating.

Functions

build_jinja_contexts()

Construct the Jinja contexts used for building Phalanx documentation.

phalanx.exceptions Module

Exceptions for the Phalanx command-line tool.

Classes

ApplicationExistsError(name)

Application being created already exists.

CommandFailedError(command, args, exc)

Execution of a command failed.

CommandTimedOutError(command, args, exc)

Execution of a command failed.

GitRemoteError

Unable to get necessary information from a Git remote.

InvalidApplicationConfigError(name, error, *)

Configuration for an application is invalid.

InvalidEnvironmentConfigError(name, error)

Configuration for an environment is invalid.

InvalidSecretConfigError(application, key, error)

Secret configuration is invalid.

MalformedOnepasswordSecretError(application, ...)

A secret stored in 1Password was malformed.

MissingOnepasswordSecretsError(secrets)

Secrets are missing from 1Password.

NoOnepasswordConfigError

Environment does not use 1Password.

NoOnepasswordCredentialsError()

1Password is configured, but no credentials were supplied.

NoVaultCredentialsError()

Vault credentials are required and were not supplied.

UnknownEnvironmentError(name)

No configuration found for an environment name.

UnresolvedSecretsError(secrets)

Some secrets could not be resolved.

UsageError

An error that should be printed to standard error without a backtrace.

VaultNotFoundError(url, path[, key])

Secret could not be found in Vault.

VaultPathConflictError(path)

Attempt to copy a Vault tree onto itself.

Class Inheritance Diagram

Inheritance diagram of phalanx.exceptions.ApplicationExistsError, phalanx.exceptions.CommandFailedError, phalanx.exceptions.CommandTimedOutError, phalanx.exceptions.GitRemoteError, phalanx.exceptions.InvalidApplicationConfigError, phalanx.exceptions.InvalidEnvironmentConfigError, phalanx.exceptions.InvalidSecretConfigError, phalanx.exceptions.MalformedOnepasswordSecretError, phalanx.exceptions.MissingOnepasswordSecretsError, phalanx.exceptions.NoOnepasswordConfigError, phalanx.exceptions.NoOnepasswordCredentialsError, phalanx.exceptions.NoVaultCredentialsError, phalanx.exceptions.UnknownEnvironmentError, phalanx.exceptions.UnresolvedSecretsError, phalanx.exceptions.UsageError, phalanx.exceptions.VaultNotFoundError, phalanx.exceptions.VaultPathConflictError

phalanx.factory Module

Factory for Phalanx support code components.

Classes

Factory(path)

Factory to create Phalanx components.

Class Inheritance Diagram

Inheritance diagram of phalanx.factory.Factory

phalanx.github Module

Utility functions used when running under GitHub Actions.

The utility functions in this module can all be called unconditionally. They will detect whether the Phalanx command-line tool is being run under GitHub Actions and, if so, add additional GitHub-specific markers to the output to improve display in GitHub Actions logs.

See GitHub’s documentation for other possibly useful commands that could be added.

Functions

action_group(title)

Wrap a sequence of commands in a GitHub Actions group.

add_mask(secret)

Mask a secret in future GitHub Actions output.

phalanx.models.applications Module

Pydantic models for Phalanx applications.

Classes

Application

A Phalanx application that knows which environments use it.

ApplicationConfig

Configuration for a Phalanx application.

ApplicationInstance

A Phalanx application as configured for a specific environment.

DocLink

A documentation link for an application.

Project(value[, names, module, qualname, ...])

Valid choices for the Argo CD project of an application.

Class Inheritance Diagram

Inheritance diagram of phalanx.models.applications.Application, phalanx.models.applications.ApplicationConfig, phalanx.models.applications.ApplicationInstance, phalanx.models.applications.DocLink, phalanx.models.applications.Project

phalanx.models.environments Module

Pydantic models for Phalanx environments.

Classes

ArgoCDDetails

Details about the Argo CD configuration for an environment.

ControlSystemConfig

Configuration for the Control System.

Environment

A Phalanx environment and its associated settings.

EnvironmentBaseConfig

Environment configuration options.

EnvironmentConfig

Configuration for a Phalanx environment.

EnvironmentDetails

Full details about an environment, including auth and Argo CD.

GCPMetadata

Google Cloud Platform hosting metadata.

GafaelfawrDetails

Details about the Gafaelfawr configuration for an environment.

GafaelfawrGitHubGroup

A group based on a GitHub team.

GafaelfawrGitHubTeam

Designates a GitHub team for use as a Gafaelfawr group.

GafaelfawrScope

A Gafaelfawr scope and its associated groups.

IdentityProvider(value[, names, module, ...])

Type of identity provider used by Gafaelfawr.

OnepasswordConfig

Configuration for 1Password static secrets source.

PhalanxConfig

Root container for the entire Phalanx configuration.

Class Inheritance Diagram

Inheritance diagram of phalanx.models.environments.ArgoCDDetails, phalanx.models.environments.ControlSystemConfig, phalanx.models.environments.Environment, phalanx.models.environments.EnvironmentBaseConfig, phalanx.models.environments.EnvironmentConfig, phalanx.models.environments.EnvironmentDetails, phalanx.models.environments.GCPMetadata, phalanx.models.environments.GafaelfawrDetails, phalanx.models.environments.GafaelfawrGitHubGroup, phalanx.models.environments.GafaelfawrGitHubTeam, phalanx.models.environments.GafaelfawrScope, phalanx.models.environments.IdentityProvider, phalanx.models.environments.OnepasswordConfig, phalanx.models.environments.PhalanxConfig

phalanx.models.gafaelfawr Module

Models for Gafaelfawr data structures.

Ideally, these should use the same models Gafaelfawr itself uses. Until that’s possible via a PyPI library, these models are largely copied from Gafaelfawr.

Classes

Token

An opaque token.

Class Inheritance Diagram

Inheritance diagram of phalanx.models.gafaelfawr.Token

phalanx.models.helm Module

Models for Helm commands.

Classes

HelmStarter(value[, names, module, ...])

A Helm chart starter.

Class Inheritance Diagram

Inheritance diagram of phalanx.models.helm.HelmStarter

phalanx.models.secrets Module

Pydantic models for Phalanx application secrets.

Classes

ConditionalMixin

Mix-in class for elements that may have a condition.

ConditionalSecretConfig

Possibly conditional specification for an application secret.

ConditionalSecretCopyRules

Possibly conditional rules for copying a secret value from another.

ConditionalSimpleSecretGenerateRules

Conditional rules for generating a secret value with no source.

ConditionalSourceSecretGenerateRules

Conditional rules for generating a secret from another secret.

PullSecret

Specification for a Docker pull secret.

RegistryPullSecret

Pull secret for a specific Docker Repository.

ResolvedSecrets

All resolved secrets for a given Phalanx environment.

Secret

Specification for an application secret for a specific environment.

SecretConfig

Specification for an application secret.

SecretCopyRules

Rules for copying a secret value from another secret.

SecretGenerateType(value[, names, module, ...])

Type of secret for generated secrets.

SecretOnepasswordConfig

Configuration for how a static secret is stored in 1Password.

SimpleSecretGenerateRules

Rules for generating a secret value with no source information.

SourceSecretGenerateRules

Rules for generating a secret from another secret.

StaticSecret

Value of a static secret provided in a YAML file.

StaticSecrets

Model for the YAML file containing static secrets.

Variables

ConditionalSecretGenerateRules

Represent a PEP 604 union type

SecretGenerateRules

Represent a PEP 604 union type

Class Inheritance Diagram

Inheritance diagram of phalanx.models.secrets.ConditionalMixin, phalanx.models.secrets.ConditionalSecretConfig, phalanx.models.secrets.ConditionalSecretCopyRules, phalanx.models.secrets.ConditionalSimpleSecretGenerateRules, phalanx.models.secrets.ConditionalSourceSecretGenerateRules, phalanx.models.secrets.PullSecret, phalanx.models.secrets.RegistryPullSecret, phalanx.models.secrets.ResolvedSecrets, phalanx.models.secrets.Secret, phalanx.models.secrets.SecretConfig, phalanx.models.secrets.SecretCopyRules, phalanx.models.secrets.SecretGenerateType, phalanx.models.secrets.SecretOnepasswordConfig, phalanx.models.secrets.SimpleSecretGenerateRules, phalanx.models.secrets.SourceSecretGenerateRules, phalanx.models.secrets.StaticSecret, phalanx.models.secrets.StaticSecrets

phalanx.models.vault Module

Models representing Vault objects.

Classes

VaultAppRole

Newly-created Vault AppRole for secret access.

VaultAppRoleCredentials

Credentials for Vault access using an AppRole.

VaultAppRoleMetadata

Metadata about a new or existing Vault AppRole.

VaultCredentials

Credentials used for Vault access.

VaultToken

Newly-created Vault token for secret access.

VaultTokenCredentials

Credentials for Vault access using a token.

VaultTokenMetadata

Metadata about a new or existing Vault token.

Class Inheritance Diagram

Inheritance diagram of phalanx.models.vault.VaultAppRole, phalanx.models.vault.VaultAppRoleCredentials, phalanx.models.vault.VaultAppRoleMetadata, phalanx.models.vault.VaultCredentials, phalanx.models.vault.VaultToken, phalanx.models.vault.VaultTokenCredentials, phalanx.models.vault.VaultTokenMetadata

phalanx.services.application Module

Service for manipulating Phalanx applications.

Classes

ApplicationService(path, config_storage, ...)

Service for manipulating Phalanx applications.

Class Inheritance Diagram

Inheritance diagram of phalanx.services.application.ApplicationService

phalanx.services.environment Module

Service for manipulating Phalanx environments.

Classes

EnvironmentService(*, config_storage, ...)

Service for manipulating Phalanx environments.

Class Inheritance Diagram

Inheritance diagram of phalanx.services.environment.EnvironmentService

phalanx.services.secrets Module

Service to manipulate Phalanx secrets.

Classes

SecretsAuditReport([missing, mismatch, unknown])

Results of auditing secrets against the contents of Vault.

SecretsService(config_storage, ...)

Service to manipulate Phalanx secrets.

Class Inheritance Diagram

Inheritance diagram of phalanx.services.secrets.SecretsAuditReport, phalanx.services.secrets.SecretsService

phalanx.services.vault Module

Service to manage Vault authentication.

Classes

VaultService(config_storage, vault_storage)

Service to manage Vault authentication.

Class Inheritance Diagram

Inheritance diagram of phalanx.services.vault.VaultService

phalanx.storage.argocd Module

Interface to Argo CD operations.

Classes

ArgoCDStorage()

Interface to Argo CD operations.

Class Inheritance Diagram

Inheritance diagram of phalanx.storage.argocd.ArgoCDStorage

phalanx.storage.command Module

Wrapper around executing external commands.

Classes

Command(command)

Wrapper around executing external commands.

Class Inheritance Diagram

Inheritance diagram of phalanx.storage.command.Command

phalanx.storage.config Module

Parsing and analysis of Phalanx configuration.

Classes

ConfigStorage(path)

Analyze Phalanx configuration and convert it to models.

Class Inheritance Diagram

Inheritance diagram of phalanx.storage.config.ConfigStorage

phalanx.storage.helm Module

Interface to Helm operations.

Classes

HelmStorage(config_storage)

Interface to Helm operations.

Class Inheritance Diagram

Inheritance diagram of phalanx.storage.helm.HelmStorage

phalanx.storage.kubernetes Module

Storage layer for direct Kubernetes operations.

Classes

KubernetesStorage()

Storage layer for direct Kubernetes operations.

Class Inheritance Diagram

Inheritance diagram of phalanx.storage.kubernetes.KubernetesStorage

phalanx.storage.onepassword Module

Retrieve secrets stored in 1Password via 1Password Connect.

Classes

OnepasswordClient(url, vault_title)

Retrieve secrets stored in 1Password via 1Password Connect.

OnepasswordStorage()

Create 1Password Connect clients for specific environments.

Class Inheritance Diagram

Inheritance diagram of phalanx.storage.onepassword.OnepasswordClient, phalanx.storage.onepassword.OnepasswordStorage

phalanx.storage.vault Module

Store, retrieve, and manipulate data stored in Vault.

Classes

VaultClient(url, path[, credentials])

Store, retrieve, and manipulate data stored in Vault.

VaultStorage()

Create Vault clients for specific environments.

Class Inheritance Diagram

Inheritance diagram of phalanx.storage.vault.VaultClient, phalanx.storage.vault.VaultStorage

phalanx.yaml Module

Utility functions for manipulating YAML.

In several places in the Phalanx code, we want to be able to wrap long strings to make them more readable or be able to dump collections.defaultdict objects without adding special object tagging. This module collects utility functions to make this easier.

Classes

YAMLFoldedString

A string that will be folded when encoded in YAML.

Class Inheritance Diagram

Inheritance diagram of phalanx.yaml.YAMLFoldedString