owl

package
v3.9.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 5, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

README

+++ [runme] id = '01HRA297WC2HJP7X48FM3DR1V0' version = 'v3' +++

The Owl Store 🦉

What is it?

Owl Store

A ENV solution for Humans and Workloads:

  • Specify, Validate, and Resolve ENV vars
  • Verification of “Correctness” & better tools

Took inspiration from

  • The SSH-Agent
  • How Typescript brings type-safety to Javascript

Why?

  • Make idea of “SSO for your Environments” come to live
  • The 🦉 knows best, because she's the wisest of birds in the animal kingdom

Environment “Specs”

The .env.example frontend/facade:

JWT_SECRET=Secret to sign authed JWT tokens # Secret!
ANON_KEY=Secret to sign anonymous JWT tokens # Secret!
SERVICE_ROLE_KEY=JWT to assume the service role # JWT
POSTGRES_PASSWORD=Password for the postgres user # Password!
DASHBOARD_USERNAME=Username for the dashboard # Plain!
DASHBOARD_PASSWORD=Password for the dashboard # Password!
SOME_OTHER_VAR=Needs a matching value # Regex(/^[a-z...a. -]+\.)
Philosophy
  • Composable, extensible, and progressive
  • Queryable resolution thanks to Graph (DAG)
  • Use Auth-Context, Machine & Runtime info, etc
  • Connect to SOPS, Secret Managers, CLI tools etc
  • E.g. different resolution paths per ENV class
  • OWL easily better three letter acronym than ENV
  • .env files on outside - Graph Engine on inside
  • Progressive: use as much or little as you need
  • Different facades possible e.g. CRDs, YAML-dialect, SDKs
  • Runme’s fallback resolution → “securely prompt user”
  • Get involved, help building out owl toolkit & ecosystem

Define ENV spec inside code repository

Relationship

Anatomy of Environment Vars ⇄ “Specs”

Specs

Extensible at every stage

Resolution (e.g. translated env.owl.yaml or JS/Golang/Java/etc SDKs)
query ResolveEnv(...) {
   ...
   render {
      withCell(ulid: "01HRA297WC2HJP7X48FM3DR1V0") {
         withShell(command: "terraform output -json | jq -r .workspace_vars.value.{}") {
            command
            withWebhook(url: "https://secrets.platform.runme.dev/resolver") {
               url
               withStateful(org: "acme-corp") {
                  org
                  dotenv(prefix: "VITE_REACT_APP_", export: false)
                  snapshot {
                     ...
                  }
               }
            }
         }
      }
   }
}
.env-Frontend (query ASTs rendered in text for illustration)
query LoadDotEnvs {
    process {
        path
        file(paths: ["env.spec", ".env.example"], ignoreSpecs: false) {
            path
            file(paths: [".env.local", ".env"]) {
                path
                vars
                specs
            }
        }
    }
}

Common set of Specs (not all available yet)

  • Plain

    • Opaque
    • Regex(...)
    • ...

  • Secret

    • Password
    • JWT
    • x509Cert
    • ...

  • Resources

    • DbUrl
    • Redis
    • ...

  • Cred Sets (non-atomic)

    • FirebaseSdk
    • OpenAI
    • ...

Documentation

Index

Constants

View Source 
const (
	AtomicNameOpaque   string = "Opaque"   // SpecNameOpaque specifies an opaque specification.
	AtomicNamePlain    string = "Plain"    // SpecNamePlain specifies a plain specification.
	AtomicNameSecret   string = "Secret"   // SpecNameSecret specifies a secret specification.
	AtomicNamePassword string = "Password" // SpecNamePassword specifies a password specification.
	AtomicNameDefault         = AtomicNameOpaque
)

Constants representing different spec names. These constants are of type AtomicName and are assigned string values.

View Source 
const (
	OwlEnvSpecDefsKey owlContextKey = iota
	OwlGcpCredentialsKey
)
View Source 
const (
	DeleteSetOperation setOperationKind = iota
	LoadSetOperation
	ReconcileSetOperation
	ResolveSetOperation
	TransientSetOperation
	UpdateSetOperation
)
View Source 
const SpecTypeKey string = "Spec"

Variables

View Source 
var (
	Schema      graphql.Schema
	AtomicTypes map[string]*atomicType
	SpecType    *atomicType
)
View Source 
var EnvironmentType,
	EnvSpecsType,
	ValidateType,
	ResolveType,
	RenderType,
	SpecTypeErrorsType *graphql.Object

Functions

This section is empty.

Types

type AtomicResolverMutator added in v3.9.3 

type AtomicResolverMutator func(val *SetVarValue, spec *SetVarSpec, insecure bool)

type Operation 

type Operation struct {
	// contains filtered or unexported fields
}

type OperationSet 

type OperationSet struct {
	SpecDef
	// contains filtered or unexported fields
}

func NewOperationSet 

func NewOperationSet(opts ...OperationSetOption) (*OperationSet, error)

type OperationSetOption 

type OperationSetOption func(*OperationSet) error

func WithItems added in v3.5.0 

func WithItems(items SetVarItems) OperationSetOption

func WithOperation 

func WithOperation(operation setOperationKind) OperationSetOption

func WithSpecs 

func WithSpecs(included bool) OperationSetOption

type Query 

type Query struct {
	// contains filtered or unexported fields
}

func (*Query) Print 

func (q *Query) Print() (string, error)

type QueryNodeReducer 

type QueryNodeReducer func([]*OperationSet, *ast.OperationDefinition, *ast.SelectionSet) (*ast.SelectionSet, error)

type RequiredError added in v3.2.1 

type RequiredError struct {
	// contains filtered or unexported fields
}

func NewRequiredError added in v3.2.1 

func NewRequiredError(varItem *SetVarItem) *RequiredError

func (RequiredError) Code added in v3.2.1 

func (e RequiredError) Code() ValidateErrorType

func (RequiredError) Error added in v3.2.1 

func (e RequiredError) Error() string

func (RequiredError) Key added in v3.2.1 

func (e RequiredError) Key() string

func (RequiredError) Message added in v3.2.1 

func (e RequiredError) Message() string

func (RequiredError) Source added in v3.2.1 

func (e RequiredError) Source() string

func (RequiredError) SpecName added in v3.2.1 

func (e RequiredError) SpecName() string

func (RequiredError) String added in v3.2.1 

func (e RequiredError) String() string

func (RequiredError) VarItem added in v3.2.1 

func (e RequiredError) VarItem() *SetVarItem

type ResolutionFailedError added in v3.9.3 

type ResolutionFailedError struct {
	// contains filtered or unexported fields
}

func NewResolutionFailedError added in v3.9.3 

func NewResolutionFailedError(varItem *SetVarItem, item string, err error) *ResolutionFailedError

func (ResolutionFailedError) Code added in v3.9.3 

func (e ResolutionFailedError) Code() ValidateErrorType

func (ResolutionFailedError) Error added in v3.9.3 

func (e ResolutionFailedError) Error() string

func (ResolutionFailedError) Item added in v3.9.3 

func (e ResolutionFailedError) Item() string

func (ResolutionFailedError) Key added in v3.9.3 

func (e ResolutionFailedError) Key() string

func (ResolutionFailedError) Message added in v3.9.3 

func (e ResolutionFailedError) Message() string

func (ResolutionFailedError) Source added in v3.9.3 

func (e ResolutionFailedError) Source() string

func (ResolutionFailedError) SpecName added in v3.9.3 

func (e ResolutionFailedError) SpecName() string

func (ResolutionFailedError) String added in v3.9.3 

func (e ResolutionFailedError) String() string

func (ResolutionFailedError) VarItem added in v3.9.3 

func (e ResolutionFailedError) VarItem() *SetVarItem

type ResolveOperationSet added in v3.9.3 

type ResolveOperationSet struct {
	*OperationSet
	*SpecOperationSet

	Project string
	Mapping map[string]string
}

type SetVar 

type SetVar struct {
	Key    string `json:"key"`
	Origin string `json:"origin,omitempty"`
	// Operation *setVarOperation `json:"operation"`
	Created *time.Time `json:"created,omitempty"`
	Updated *time.Time `json:"updated,omitempty"`
}

type SetVarError added in v3.2.1 

type SetVarError struct {
	Code    int    `json:"code,omitempty"`
	Message string `json:"message,omitempty"`
}

type SetVarItem 

type SetVarItem struct {
	Var    *SetVar        `json:"var,omitempty"`
	Value  *varValue      `json:"value,omitempty"`
	Spec   *varSpec       `json:"spec,omitempty"`
	Errors []*SetVarError `json:"errors,omitempty"`
}

type SetVarItems 

type SetVarItems []*SetVarItem

type SetVarSpec 

type SetVarSpec struct {
	Var  *SetVar  `json:"var,omitempty"`
	Spec *varSpec `json:"spec,omitempty"`
}

type SetVarValue 

type SetVarValue struct {
	Var   *SetVar   `json:"var,omitempty"`
	Value *varValue `json:"value,omitempty"`
}

type Spec 

type Spec struct {
	Name     string
	Required bool // Indicates whether the configuration is required.
	Valid    bool // Indicates whether the configuration is valid.
}

Spec represents the available configuration options and their flags.

type SpecDef added in v3.9.3 

type SpecDef struct {
	Name      string              `json:"name"`
	Breaker   string              `json:"breaker"`
	Atomics   map[string]*varSpec `json:"atomics" yaml:"-"`
	Validator func(item *varSpec, itemKey string, varItem *SetVarItem) (ValidationErrors, error)
}

func (*SpecDef) Validate added in v3.9.3 

func (cd *SpecDef) Validate(itemKey string, varItem *SetVarItem) (ValidationErrors, error)

type SpecDefs added in v3.9.3 

type SpecDefs map[string]*SpecDef

type SpecOperationSet added in v3.9.3 

type SpecOperationSet struct {
	*OperationSet
	Name      string
	Namespace string
	Keys      []string
}

func (*SpecOperationSet) GetAtomic added in v3.9.3 

func (s *SpecOperationSet) GetAtomic(spec *SetVarSpec, specDefs SpecDefs) (string, *SetVarItem, error)

type Specs 

type Specs map[string]Spec

Specs represents a collection of configuration specifications.

func ParseRawSpec 

func ParseRawSpec(values map[string]string, comments map[string]string) Specs

GenerateSpecsFromComments maps comments to configuration key specifications.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

func NewStore 

func NewStore(opts ...StoreOption) (*Store, error)

func (*Store) DoQuery added in v3.9.3 

func (s *Store) DoQuery(query string, vars map[string]interface{}, resolve bool) (*graphql.Result, error)

func (*Store) InsecureGet added in v3.3.0 

func (s *Store) InsecureGet(k string) (string, bool, error)

func (*Store) InsecureResolve added in v3.9.3 

func (s *Store) InsecureResolve() (SetVarItems, error)

func (*Store) InsecureValues 

func (s *Store) InsecureValues() ([]string, error)

func (*Store) LoadEnvs added in v3.9.2 

func (s *Store) LoadEnvs(source string, envs ...string) error

func (*Store) NewQuery added in v3.5.0 

func (s *Store) NewQuery(queryName, rootSelelection string, varDefs []*ast.VariableDefinition, reducers []QueryNodeReducer) (*Query, error)

func (*Store) SensitiveKeys added in v3.2.2 

func (s *Store) SensitiveKeys() ([]string, error)

func (*Store) Snapshot 

func (s *Store) Snapshot() (SetVarItems, error)

func (*Store) Update 

func (s *Store) Update(context context.Context, newOrUpdated, deleted []string) error

type StoreOption 

type StoreOption func(*Store) error

func WithEnvFile 

func WithEnvFile(specFile string, raw []byte) StoreOption

func WithEnvs 

func WithEnvs(source string, envs ...string) StoreOption

func WithLogger 

func WithLogger(logger *zap.Logger) StoreOption

func WithResolutionCRD added in v3.9.3 

func WithResolutionCRD(raw []byte) StoreOption

func WithSpecDefsCRD added in v3.9.3 

func WithSpecDefsCRD(raw []byte) StoreOption

func WithSpecFile 

func WithSpecFile(specFile string, raw []byte) StoreOption

type TagFailedError added in v3.5.0 

type TagFailedError struct {
	// contains filtered or unexported fields
}

func NewTagFailedError added in v3.5.0 

func NewTagFailedError(varItem *SetVarItem, tag string, item string) *TagFailedError

func (TagFailedError) Code added in v3.5.0 

func (e TagFailedError) Code() ValidateErrorType

func (TagFailedError) Error added in v3.5.0 

func (e TagFailedError) Error() string

func (TagFailedError) Item added in v3.5.0 

func (e TagFailedError) Item() string

func (TagFailedError) Key added in v3.5.0 

func (e TagFailedError) Key() string

func (TagFailedError) Message added in v3.5.0 

func (e TagFailedError) Message() string

func (TagFailedError) Source added in v3.5.0 

func (e TagFailedError) Source() string

func (TagFailedError) SpecName added in v3.5.0 

func (e TagFailedError) SpecName() string

func (TagFailedError) String added in v3.5.0 

func (e TagFailedError) String() string

func (TagFailedError) Tag added in v3.5.0 

func (e TagFailedError) Tag() string

func (TagFailedError) VarItem added in v3.5.0 

func (e TagFailedError) VarItem() *SetVarItem

type ValidateErrorType added in v3.2.1 

type ValidateErrorType uint8
const (
	ValidateErrorVarRequired ValidateErrorType = iota
	ValidateErrorTagFailed
	ValidateErrorResolutionFailed
)

type ValidationError added in v3.2.1 

type ValidationError interface {
	fmt.Stringer
	VarItem() *SetVarItem
	Error() string
	Message() string
	Key() string
	SpecName() string
	Source() string
	Code() ValidateErrorType
}

todo(sebastian): perhaps this should be ValueError instead?

type ValidationErrors added in v3.2.1 

type ValidationErrors []ValidationError

func TagValidator added in v3.5.0 

func TagValidator(item *varSpec, itemKey string, varItem *SetVarItem) (ValidationErrors, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.