Documentation
¶
Overview ¶
Package config implements global configuration options.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ComponentConfig ¶ added in v0.2400.0
type ComponentConfig struct {
// ID is the component identifier.
ID component.ID `yaml:"id"`
// TEE specifies the kind of Trusted Execution Environment (TEE)
// in which the component should run (none, sgx, tdx).
//
// If not provided, the TEE kind is selected automatically.
TEE TEESelectMode `yaml:"tee,omitempty"`
// Disabled specifies whether the component is disabled. If a component is specified and not
// disabled, it is enabled.
Disabled bool `yaml:"disabled,omitempty"`
}
ComponentConfig is the component configuration.
func (*ComponentConfig) TEEKind ¶ added in v0.2500.0
func (c *ComponentConfig) TEEKind() (component.TEEKind, bool)
TEEKind returns the kind of Trusted Execution Environment (TEE) in which the component should run, if it is specified.
func (*ComponentConfig) UnmarshalYAML ¶ added in v0.2400.0
func (c *ComponentConfig) UnmarshalYAML(value *yaml.Node) error
UnmarshalYAML implements yaml.Unmarshaler.
func (*ComponentConfig) Validate ¶ added in v0.2500.0
func (c *ComponentConfig) Validate() error
Validate validates the component configuration.
type Config ¶
type Config struct {
// Runtimes is the list of runtimes to configure.
Runtimes []RuntimeConfig `yaml:"runtimes,omitempty"`
// Paths to runtime bundles.
Paths []string `yaml:"paths,omitempty"`
// Runtime provisioner to use (mock, unconfined, sandboxed).
Provisioner RuntimeProvisioner `yaml:"provisioner"`
// Path to the sandbox binary (bubblewrap).
SandboxBinary string `yaml:"sandbox_binary,omitempty"`
// Path to SGX runtime loader binary (for SGX runtimes).
SGXLoader string `yaml:"sgx_loader,omitempty"`
// The runtime environment (sgx, elf, auto).
// NOTE: This may go away in the future, use `DebugMockTEE` instead.
Environment RuntimeEnvironment `yaml:"environment,omitempty"`
// History pruner configuration.
Prune PruneConfig `yaml:"prune,omitempty"`
// RuntimeConfig maps runtime IDs to their respective local configurations.
// NOTE: This may go away in the future, use `RuntimeConfig.Config` instead.
RuntimeConfig map[string]map[string]interface{} `yaml:"config,omitempty"`
// Address(es) of sentry node(s) to connect to of the form [PubKey@]ip:port
// (where the PubKey@ part represents base64 encoded node TLS public key).
SentryAddresses []string `yaml:"sentry_addresses,omitempty"`
// Transaction pool configuration.
TxPool tpConfig.Config `yaml:"tx_pool,omitempty"`
// Number of epochs before runtime activation epoch when to start the runtime to warm it up and
// prepare any required attestations. Zero disables pre-warming.
PreWarmEpochs uint64 `yaml:"pre_warm_epochs,omitempty"`
// AttestInterval is the interval for periodic runtime re-attestation. If not specified
// a default will be used.
AttestInterval time.Duration `yaml:"attest_interval,omitempty"`
// LoadBalancer is the load balancer configuration.
LoadBalancer LoadBalancerConfig `yaml:"load_balancer,omitempty"`
// Registries is the list of base URLs used to fetch runtime bundle metadata.
//
// The actual metadata URLs are constructed by appending the manifest hash
// to the base URL. Therefore, the provided URLs don't need to be valid
// endpoints themselves, only the constructed URLs need to be valid.
Registries []string `yaml:"registries,omitempty"`
// MaxBundleSize is the maximum allowed bundle size.
//
// If not specified, a default value is used.
MaxBundleSize string `yaml:"max_bundle_size,omitempty"`
// DebugMockTEE enables mocking of the Trusted Execution Environment (TEE).
//
// This flag can only be used if the DebugDontBlameOasis flag is set.
DebugMockTEE bool `yaml:"debug_mock_tee,omitempty"`
}
Config is the runtime registry configuration structure.
func DefaultConfig ¶
func DefaultConfig() Config
DefaultConfig returns the default configuration settings.
func (*Config) GetComponent ¶ added in v0.2400.0
func (c *Config) GetComponent(runtimeID common.Namespace, compID component.ID) (ComponentConfig, bool)
GetComponent returns the configuration for the given component of the specified runtime, if it exists.
func (*Config) GetLocalConfig ¶ added in v0.2500.0
GetLocalConfig returns the local configuration for the given runtime, if it exists.
type LoadBalancerConfig ¶ added in v0.2400.0
type LoadBalancerConfig struct {
// NumInstances is the number of runtime instances to provision for load-balancing. Setting it
// to zero (default) or one disables load balancing.
NumInstances uint64 `yaml:"num_instances,omitempty"`
}
LoadBalancerConfig is the load balancer configuration.
type PruneConfig ¶
type PruneConfig struct {
// History pruner strategy.
Strategy string `yaml:"strategy"`
// History pruning interval.
Interval time.Duration `yaml:"interval"`
// Number of last rounds to keep.
NumKept uint64 `yaml:"num_kept"`
}
PruneConfig is the history pruner configuration structure.
type RuntimeConfig ¶ added in v0.2500.0
type RuntimeConfig struct {
// ID is the runtime identifier.
ID common.Namespace `yaml:"id"`
// Components is the list of components to configure.
Components []ComponentConfig `yaml:"components,omitempty"`
// Config contains runtime local configuration.
Config map[string]interface{} `yaml:"config,omitempty"`
// Registries is the list of base URLs used to fetch runtime bundle metadata.
//
// The actual metadata URLs are constructed by appending the manifest hash
// to the base URL. Therefore, the provided URLs don't need to be valid
// endpoints themselves, only the constructed URLs need to be valid.
Registries []string `yaml:"registries,omitempty"`
}
RuntimeConfig is the runtime configuration.
func (*RuntimeConfig) Validate ¶ added in v0.2500.0
func (c *RuntimeConfig) Validate() error
Validate validates the runtime configuration.
type RuntimeEnvironment ¶
type RuntimeEnvironment string
RuntimeEnvironment is the runtime environment.
const ( // RuntimeEnvironmentSGX specifies to run the runtime in SGX. RuntimeEnvironmentSGX RuntimeEnvironment = "sgx" // RuntimeEnvironmentSGXMock specifies to run the runtime in mocked SGX. // // Use of this runtime environment is only allowed if DebugDontBlameOasis flag is set. RuntimeEnvironmentSGXMock RuntimeEnvironment = "sgx-mock" // RuntimeEnvironmentAuto specifies to run the runtime in the most appropriate location. RuntimeEnvironmentAuto RuntimeEnvironment = "auto" )
type RuntimeProvisioner ¶
type RuntimeProvisioner string
RuntimeProvisioner is the runtime provisioner.
const ( // RuntimeProvisionerMock is the name of the mock runtime provisioner. // // Use of this provisioner is only allowed if DebugDontBlameOasis flag is set. RuntimeProvisionerMock RuntimeProvisioner = "mock" // RuntimeProvisionerUnconfined is the name of the unconfined runtime // provisioner that executes runtimes as regular processes without any // sandboxing. // // Use of this provisioner is only allowed if DebugDontBlameOasis flag is set. RuntimeProvisionerUnconfined RuntimeProvisioner = "unconfined" // RuntimeProvisionerSandboxed is the name of the sandboxed runtime // provisioner that executes runtimes as regular processes in a Linux // namespaces/cgroups/SECCOMP sandbox. RuntimeProvisionerSandboxed RuntimeProvisioner = "sandboxed" )
func (*RuntimeProvisioner) UnmarshalText ¶
func (m *RuntimeProvisioner) UnmarshalText(text []byte) error
UnmarshalText decodes a text marshaled runtime provisioner.
type TEESelectMode ¶ added in v0.2500.0
type TEESelectMode string
TEESelectMode is the selection mode for the Trusted Execution Environment (TEE).
const ( // TEESelectModeAuto specifies that the runtime should run in the most appropriate TEE. TEESelectModeAuto TEESelectMode = "" // TEESelectModeNone specifies that the runtime should run without using any TEE. TEESelectModeNone TEESelectMode = "none" // TEESelectModeSGX specifies that the runtime should run in an SGX environment. TEESelectModeSGX TEESelectMode = "sgx" // TEESelectModeTDX specifies that the runtime should run in a TDX environment. TEESelectModeTDX TEESelectMode = "tdx" )
Source Files
Click to show internal directories.
Click to hide internal directories.