205 lines
6.9 KiB
Plaintext
205 lines
6.9 KiB
Plaintext
"""
|
|
System Configuration Schema for Provisioning Platform (SIMPLIFIED)
|
|
|
|
Defines all configuration categories with clear override rules.
|
|
Note: This is a simplified version focusing on compilable schemas.
|
|
Complex union types and nested structures have been flattened.
|
|
|
|
Version: 1.0.0
|
|
Last Updated: 2025-12-11
|
|
"""
|
|
|
|
import regex
|
|
|
|
# ============================================================================
|
|
# CORE SCHEMAS (Simplified for KCL 0.11.3 compatibility)
|
|
# ============================================================================
|
|
|
|
schema SystemConfig:
|
|
"""System-level immutable configuration"""
|
|
version: str = "1.0.0"
|
|
install_path: str
|
|
os_name: "macos" | "linux" | "windows" = "linux"
|
|
os_version: str
|
|
config_base_path: str
|
|
cache_base_path: str
|
|
workspaces_dir: str
|
|
system_architecture: str
|
|
cpu_count: int
|
|
memory_total_gb: int
|
|
disk_total_gb: int
|
|
setup_date: str # ISO 8601 timestamp
|
|
setup_by_user: str
|
|
setup_hostname: str
|
|
|
|
check:
|
|
len(install_path) > 0, "install_path cannot be empty"
|
|
len(config_base_path) > 0, "config_base_path cannot be empty"
|
|
cpu_count > 0 and cpu_count <= 1024, "cpu_count must be 1-1024"
|
|
memory_total_gb > 0 and memory_total_gb <= 4096, "memory must be 1-4096 GB"
|
|
disk_total_gb > 0 and disk_total_gb <= 100000, "disk must be 1-100000 GB"
|
|
|
|
schema OrchestratorConfig:
|
|
"""Orchestrator service configuration"""
|
|
enabled: bool = True
|
|
endpoint: str = "http://localhost:9090"
|
|
port: int = 9090
|
|
timeout_seconds: int = 30
|
|
health_check_interval_seconds: int = 5
|
|
|
|
check:
|
|
port > 0 and port <= 65535, "port must be 1-65535"
|
|
timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"
|
|
|
|
schema DatabaseConfig:
|
|
"""Database configuration"""
|
|
backend: "memory" | "surrealdb" = "memory"
|
|
url?: str
|
|
|
|
schema ControlCenterConfig:
|
|
"""Control Center service configuration"""
|
|
enabled: bool = True
|
|
url: str = "http://localhost:3000"
|
|
port: int = 3000
|
|
timeout_seconds: int = 30
|
|
database: DatabaseConfig
|
|
|
|
check:
|
|
port > 0 and port <= 65535, "port must be 1-65535"
|
|
timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"
|
|
|
|
schema KMSConfig:
|
|
"""Key Management System configuration"""
|
|
enabled: bool = True
|
|
backend: "rustyvault" | "age" | "vault" | "aws-kms" = "age"
|
|
endpoint?: str
|
|
port?: int
|
|
rotation_days?: int = 90
|
|
|
|
check:
|
|
port == Undefined or (port > 0 and port <= 65535), "port must be 1-65535 if specified"
|
|
rotation_days == Undefined or (rotation_days > 0 and rotation_days <= 3650), \
|
|
"rotation_days must be 1-3650 if specified"
|
|
|
|
schema PlatformServicesConfig:
|
|
"""Platform services configuration"""
|
|
orchestrator: OrchestratorConfig
|
|
control_center: ControlCenterConfig
|
|
kms_service: KMSConfig
|
|
|
|
schema ProviderCredentialsReference:
|
|
"""Reference to credentials stored in RustyVault"""
|
|
credentials_source: str # rustyvault://workspace_prod/providers/upcloud
|
|
credentials_source_type: "rustyvault" | "vault" | "kms" = "rustyvault"
|
|
|
|
check:
|
|
len(credentials_source) > 0, "credentials_source cannot be empty"
|
|
credentials_source.startswith("rustyvault://") or credentials_source.startswith("vault://") or credentials_source.startswith("kms://"), \
|
|
"credentials_source must start with rustyvault://, vault://, or kms://"
|
|
|
|
schema UpCloudConfig:
|
|
"""UpCloud provider configuration"""
|
|
api_url: str = "https://api.upcloud.com/1.3"
|
|
interface: "API" | "CLI" = "API"
|
|
credentials: ProviderCredentialsReference
|
|
timeout_seconds: int = 30
|
|
|
|
check:
|
|
len(api_url) > 0, "api_url cannot be empty"
|
|
timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"
|
|
|
|
schema AWSConfig:
|
|
"""AWS provider configuration"""
|
|
region: str = "us-east-1"
|
|
credentials: ProviderCredentialsReference
|
|
timeout_seconds: int = 30
|
|
|
|
check:
|
|
len(region) > 0, "region cannot be empty"
|
|
timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"
|
|
|
|
schema HetznerConfig:
|
|
"""Hetzner provider configuration"""
|
|
api_url: str = "https://api.hetzner.cloud/v1"
|
|
credentials: ProviderCredentialsReference
|
|
timeout_seconds: int = 30
|
|
|
|
check:
|
|
len(api_url) > 0, "api_url cannot be empty"
|
|
timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"
|
|
|
|
schema LocalConfig:
|
|
"""Local provider configuration"""
|
|
base_path: str = "/tmp/provisioning-local"
|
|
timeout_seconds: int = 10
|
|
|
|
check:
|
|
len(base_path) > 0, "base_path cannot be empty"
|
|
timeout_seconds > 0 and timeout_seconds <= 300, "timeout must be 1-300 seconds"
|
|
|
|
schema RustyVaultBootstrap:
|
|
"""RustyVault bootstrap key configuration"""
|
|
encrypted_key_path: str
|
|
encrypted_key_format: "age" | "sops" = "age"
|
|
|
|
check:
|
|
len(encrypted_key_path) > 0, "encrypted_key_path cannot be empty"
|
|
|
|
schema ProviderConfig:
|
|
"""Provider configuration with RustyVault references"""
|
|
upcloud?: UpCloudConfig
|
|
aws?: AWSConfig
|
|
hetzner?: HetznerConfig
|
|
local?: LocalConfig
|
|
rustyvault_bootstrap?: RustyVaultBootstrap
|
|
|
|
schema UserPreferences:
|
|
"""User preferences for provisioning operations"""
|
|
preferred_editor: "vim" | "nano" | "code" = "vim"
|
|
preferred_output_format: "text" | "json" | "yaml" = "text"
|
|
auto_confirm_operations: bool = False
|
|
log_level: "error" | "warn" | "info" | "debug" = "info"
|
|
default_timeout_seconds: int = 300
|
|
|
|
check:
|
|
default_timeout_seconds > 0 and default_timeout_seconds <= 3600, \
|
|
"default_timeout_seconds must be 1-3600"
|
|
|
|
schema WorkspaceConfig:
|
|
"""Workspace-specific configuration"""
|
|
workspace_name: str
|
|
workspace_path: str
|
|
active_infrastructure: str
|
|
active_providers: [str] # ["upcloud", "aws"]
|
|
provider_config: ProviderConfig
|
|
|
|
check:
|
|
len(workspace_name) > 0, "workspace_name cannot be empty"
|
|
len(workspace_path) > 0, "workspace_path cannot be empty"
|
|
len(active_infrastructure) > 0, "active_infrastructure cannot be empty"
|
|
len(active_providers) > 0, "at least one active provider required"
|
|
|
|
# ============================================================================
|
|
# FINAL EXPORT
|
|
# ============================================================================
|
|
|
|
_system_config: SystemConfig = {
|
|
version = "1.0.0"
|
|
install_path = "/opt/provisioning"
|
|
os_name = "linux"
|
|
os_version = "5.15.0"
|
|
config_base_path = "/etc/provisioning"
|
|
cache_base_path = "/var/cache/provisioning"
|
|
workspaces_dir = "/opt/workspaces"
|
|
system_architecture = "x86_64"
|
|
cpu_count = 8
|
|
memory_total_gb = 32
|
|
disk_total_gb = 500
|
|
setup_date = "2025-12-11T00:00:00Z"
|
|
setup_by_user = "provisioning"
|
|
setup_hostname = "provisioning-host"
|
|
}
|
|
|
|
# Export for use in other modules
|
|
system_config_schema = _system_config
|