owl

package
v3.7.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 9, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

README

+++ [runme] id = '01HRA297WC2HJP7X48FM3DR1V0' version = 'v3' +++

The Owl Store 🦉

What is it?

Owl Store

A ENV solution for Humans and Workloads:

  • Specify, Validate, and Resolve ENV vars
  • Verification of “Correctness” & better tools

Took inspiration from

  • The SSH-Agent
  • How Typescript brings type-safety to Javascript

Why?

  • Make idea of “SSO for your Environments” come to live
  • The 🦉 knows best, because she's the wisest of birds in the animal kingdom

Environment “Specs”

The .env.example frontend/facade:

JWT_SECRET=Secret to sign authed JWT tokens # Secret!
ANON_KEY=Secret to sign anonymous JWT tokens # Secret!
SERVICE_ROLE_KEY=JWT to assume the service role # JWT
POSTGRES_PASSWORD=Password for the postgres user # Password!
DASHBOARD_USERNAME=Username for the dashboard # Plain!
DASHBOARD_PASSWORD=Password for the dashboard # Password!
SOME_OTHER_VAR=Needs a matching value # Regex(/^[a-z...a. -]+\.)
Philosophy
  • Composable, extensible, and progressive
  • Queryable resolution thanks to Graph (DAG)
  • Use Auth-Context, Machine & Runtime info, etc
  • Connect to SOPS, Secret Managers, CLI tools etc
  • E.g. different resolution paths per ENV class
  • OWL easily better three letter acronym than ENV
  • .env files on outside - Graph Engine on inside
  • Progressive: use as much or little as you need
  • Different facades possible e.g. CRDs, YAML-dialect, SDKs
  • Runme’s fallback resolution → “securely prompt user”
  • Get involved, help building out owl toolkit & ecosystem

Define ENV spec inside code repository

Relationship

Anatomy of Environment Vars ⇄ “Specs”

Specs

Extensible at every stage

Resolution (e.g. translated env.owl.yaml or JS/Golang/Java/etc SDKs)
query ResolveEnv(...) {
   ...
   render {
      withCell(ulid: "01HRA297WC2HJP7X48FM3DR1V0") {
         withShell(command: "terraform output -json | jq -r .workspace_vars.value.{}") {
            command
            withWebhook(url: "https://secrets.platform.runme.dev/resolver") {
               url
               withStateful(org: "acme-corp") {
                  org
                  dotenv(prefix: "VITE_REACT_APP_", export: false)
                  snapshot {
                     ...
                  }
               }
            }
         }
      }
   }
}
.env-Frontend (query ASTs rendered in text for illustration)
query LoadDotEnvs {
    process {
        path
        file(paths: ["env.spec", ".env.example"], ignoreSpecs: false) {
            path
            file(paths: [".env.local", ".env"]) {
                path
                vars
                specs
            }
        }
    }
}

Common set of Specs (not all available yet)

  • Plain

    • Opaque
    • Regex(...)
    • ...

  • Secret

    • Password
    • JWT
    • x509Cert
    • ...

  • Resources

    • DbUrl
    • Redis
    • ...

  • Cred Sets (non-atomic)

    • FirebaseSdk
    • OpenAI
    • ...

Documentation

Index

Constants

View Source 
const (
	SpecNameOpaque   string = "Opaque"   // SpecNameOpaque specifies an opaque specification.
	SpecNamePlain    string = "Plain"    // SpecNamePlain specifies a plain specification.
	SpecNameSecret   string = "Secret"   // SpecNameSecret specifies a secret specification.
	SpecNamePassword string = "Password" // SpecNamePassword specifies a password specification.
	SpecNameDefault         = SpecNameOpaque
)

Constants representing different spec names. These constants are of type SpecName and are assigned string values.

View Source 
const (
	LoadSetOperation setOperationKind = iota
	UpdateSetOperation
	DeleteSetOperation
	ReconcileSetOperation
	TransientSetOperation
)
View Source 
const ComplexSpecType string = "Complex"

Variables

View Source 
var (
	Schema      graphql.Schema
	SpecTypes   map[string]*specType
	ComplexType *specType
)
View Source 
var ComplexDefTypes = map[string]*ComplexDef{
	"Redis": {
		Name:    "Redis",
		Breaker: "REDIS",
		Items: map[string]*varSpec{
			"HOST": {
				Name:     SpecNamePlain,
				Rules:    "ip|hostname",
				Required: true,
			},
			"PORT": {
				Name:     SpecNamePlain,
				Rules:    "number",
				Required: true,
			},
			"PASSWORD": {
				Name:     SpecNamePassword,
				Rules:    "min=18,max=32",
				Required: false,
			},
		},
		Validator: TagValidator,
	},
	"Postgres": {
		Name:    "Postgres",
		Breaker: "POSTGRES",
		Items: map[string]*varSpec{
			"HOST": {
				Name:     SpecNamePlain,
				Rules:    "required,ip|hostname",
				Required: true,
			},
		},
		Validator: TagValidator,
	},
	"DatabaseUrl": {
		Name:    "DatabaseUrl",
		Breaker: "DATABASE",
		Items: map[string]*varSpec{
			"URL": {
				Name:     SpecNameSecret,
				Rules:    "url",
				Required: true,
			},
		},
		Validator: DatabaseValidator,
	},
}
View Source 
var EnvironmentType,
	ValidateType,
	RenderType,
	SpecTypeErrorsType *graphql.Object

Functions

This section is empty.

Types

type ComplexDef added in v3.5.0 

type ComplexDef struct {
	Name      string
	Breaker   string
	Items     map[string]*varSpec
	Validator func(item *varSpec, itemKey string, varItem *SetVarItem) (ValidationErrors, error)
}

func (*ComplexDef) Validate added in v3.5.0 

func (cd *ComplexDef) Validate(itemKey string, varItem *SetVarItem) (ValidationErrors, error)

type ComplexOperationSet added in v3.5.0 

type ComplexOperationSet struct {
	*OperationSet
	Name      string
	Namespace string
	Keys      []string
}

type DatabaseUrlError added in v3.5.0 

type DatabaseUrlError struct {
	// contains filtered or unexported fields
}

func NewDatabaseUrlError added in v3.5.0 

func NewDatabaseUrlError(varItem *SetVarItem, err error, item string) *DatabaseUrlError

func (DatabaseUrlError) Code added in v3.5.0 

func (e DatabaseUrlError) Code() ValidateErrorType

func (DatabaseUrlError) Error added in v3.5.0 

func (e DatabaseUrlError) Error() string

func (DatabaseUrlError) Item added in v3.5.0 

func (e DatabaseUrlError) Item() string

func (DatabaseUrlError) Key added in v3.5.0 

func (e DatabaseUrlError) Key() string

func (DatabaseUrlError) Message added in v3.5.0 

func (e DatabaseUrlError) Message() string

func (DatabaseUrlError) Source added in v3.5.0 

func (e DatabaseUrlError) Source() string

func (DatabaseUrlError) SpecName added in v3.5.0 

func (e DatabaseUrlError) SpecName() string

func (DatabaseUrlError) String added in v3.5.0 

func (e DatabaseUrlError) String() string

func (DatabaseUrlError) VarItem added in v3.5.0 

func (e DatabaseUrlError) VarItem() *SetVarItem

type Operation 

type Operation struct {
	// contains filtered or unexported fields
}

type OperationSet 

type OperationSet struct {
	// contains filtered or unexported fields
}

func NewOperationSet 

func NewOperationSet(opts ...OperationSetOption) (*OperationSet, error)

type OperationSetOption 

type OperationSetOption func(*OperationSet) error

func WithItems added in v3.5.0 

func WithItems(items SetVarItems) OperationSetOption

func WithOperation 

func WithOperation(operation setOperationKind) OperationSetOption

func WithSpecs 

func WithSpecs(included bool) OperationSetOption

type Query 

type Query struct {
	// contains filtered or unexported fields
}

func (*Query) Print 

func (q *Query) Print() (string, error)

type QueryNodeReducer 

type QueryNodeReducer func([]*OperationSet, *ast.OperationDefinition, *ast.SelectionSet) (*ast.SelectionSet, error)

type RequiredError added in v3.2.1 

type RequiredError struct {
	// contains filtered or unexported fields
}

func NewRequiredError added in v3.2.1 

func NewRequiredError(varItem *SetVarItem) *RequiredError

func (RequiredError) Code added in v3.2.1 

func (e RequiredError) Code() ValidateErrorType

func (RequiredError) Error added in v3.2.1 

func (e RequiredError) Error() string

func (RequiredError) Key added in v3.2.1 

func (e RequiredError) Key() string

func (RequiredError) Message added in v3.2.1 

func (e RequiredError) Message() string

func (RequiredError) Source added in v3.2.1 

func (e RequiredError) Source() string

func (RequiredError) SpecName added in v3.2.1 

func (e RequiredError) SpecName() string

func (RequiredError) String added in v3.2.1 

func (e RequiredError) String() string

func (RequiredError) VarItem added in v3.2.1 

func (e RequiredError) VarItem() *SetVarItem

type SetVar 

type SetVar struct {
	Key    string `json:"key"`
	Origin string `json:"origin,omitempty"`
	// Operation *setVarOperation `json:"operation"`
	Created *time.Time `json:"created,omitempty"`
	Updated *time.Time `json:"updated,omitempty"`
}

type SetVarError added in v3.2.1 

type SetVarError struct {
	Code    int    `json:"code,omitempty"`
	Message string `json:"message,omitempty"`
}

type SetVarItem 

type SetVarItem struct {
	Var    *SetVar        `json:"var,omitempty"`
	Value  *varValue      `json:"value,omitempty"`
	Spec   *varSpec       `json:"spec,omitempty"`
	Errors []*SetVarError `json:"errors,omitempty"`
}

type SetVarItems 

type SetVarItems []*SetVarItem

type SetVarSpec 

type SetVarSpec struct {
	Var  *SetVar  `json:"var,omitempty"`
	Spec *varSpec `json:"spec,omitempty"`
}

type SetVarValue 

type SetVarValue struct {
	Var   *SetVar   `json:"var,omitempty"`
	Value *varValue `json:"value,omitempty"`
}

type Spec 

type Spec struct {
	Name     string
	Required bool // Indicates whether the configuration is required.
	Valid    bool // Indicates whether the configuration is valid.
}

Spec represents the available configuration options and their flags.

type SpecResolverMutator 

type SpecResolverMutator func(val *SetVarValue, spec *SetVarSpec, insecure bool)

type Specs 

type Specs map[string]Spec

Specs represents a collection of configuration specifications.

func ParseRawSpec 

func ParseRawSpec(values map[string]string, comments map[string]string) Specs

GenerateSpecsFromComments maps comments to configuration key specifications.

type Store 

type Store struct {
	// contains filtered or unexported fields
}

func NewStore 

func NewStore(opts ...StoreOption) (*Store, error)

func (*Store) InsecureGet added in v3.3.0 

func (s *Store) InsecureGet(k string) (string, error)

func (*Store) InsecureValues 

func (s *Store) InsecureValues() ([]string, error)

func (*Store) NewQuery added in v3.5.0 

func (s *Store) NewQuery(name string, varDefs []*ast.VariableDefinition, reducers []QueryNodeReducer) (*Query, error)

func (*Store) SensitiveKeys added in v3.2.2 

func (s *Store) SensitiveKeys() ([]string, error)

func (*Store) Snapshot 

func (s *Store) Snapshot() (SetVarItems, error)

func (*Store) Update 

func (s *Store) Update(context context.Context, newOrUpdated, deleted []string) error

type StoreOption 

type StoreOption func(*Store) error

func WithEnvFile 

func WithEnvFile(specFile string, raw []byte) StoreOption

func WithEnvs 

func WithEnvs(source string, envs ...string) StoreOption

func WithLogger 

func WithLogger(logger *zap.Logger) StoreOption

func WithSpecFile 

func WithSpecFile(specFile string, raw []byte) StoreOption

type TagFailedError added in v3.5.0 

type TagFailedError struct {
	// contains filtered or unexported fields
}

func NewTagFailedError added in v3.5.0 

func NewTagFailedError(varItem *SetVarItem, tag string, item string) *TagFailedError

func (TagFailedError) Code added in v3.5.0 

func (e TagFailedError) Code() ValidateErrorType

func (TagFailedError) Error added in v3.5.0 

func (e TagFailedError) Error() string

func (TagFailedError) Item added in v3.5.0 

func (e TagFailedError) Item() string

func (TagFailedError) Key added in v3.5.0 

func (e TagFailedError) Key() string

func (TagFailedError) Message added in v3.5.0 

func (e TagFailedError) Message() string

func (TagFailedError) Source added in v3.5.0 

func (e TagFailedError) Source() string

func (TagFailedError) SpecName added in v3.5.0 

func (e TagFailedError) SpecName() string

func (TagFailedError) String added in v3.5.0 

func (e TagFailedError) String() string

func (TagFailedError) Tag added in v3.5.0 

func (e TagFailedError) Tag() string

func (TagFailedError) VarItem added in v3.5.0 

func (e TagFailedError) VarItem() *SetVarItem

type ValidateErrorType added in v3.2.1 

type ValidateErrorType uint8
const (
	ValidateErrorVarRequired ValidateErrorType = iota
	ValidateErrorTagFailed
	ValidateErrorDatabaseUrl
)

type ValidationError added in v3.2.1 

type ValidationError interface {
	fmt.Stringer
	VarItem() *SetVarItem
	Error() string
	Message() string
	Key() string
	SpecName() string
	Source() string
	Code() ValidateErrorType
}

type ValidationErrors added in v3.2.1 

type ValidationErrors []ValidationError

func DatabaseValidator added in v3.5.0 

func DatabaseValidator(item *varSpec, itemKey string, varItem *SetVarItem) (ValidationErrors, error)

func TagValidator added in v3.5.0 

func TagValidator(item *varSpec, itemKey string, varItem *SetVarItem) (ValidationErrors, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.