Documentation
¶
Overview ¶
Package platform defines the core types and interfaces for the platform abstraction layer. It provides a three-tier model (Infrastructure, Shared Primitives, Application) for declarative infrastructure management through capability-based abstractions that are provider-agnostic.
Index ¶
- Variables
- func ValidatePlatformConfig(cfg *PlatformConfig) error
- type AuthzPolicy
- type CapabilityConfig
- type CapabilityDeclaration
- type CapabilityMapper
- type CapabilityType
- type CapabilityUnsupportedError
- type Constraint
- type ConstraintConfig
- type ConstraintValidator
- type ConstraintViolation
- type ConstraintViolationError
- type ContextResolver
- type CredentialBroker
- type CredentialRef
- type CredentialRequest
- type CrossTierImpact
- type DependencyRef
- type DiffEntry
- type DriftResult
- type ExecutionConfig
- type FidelityGap
- type FidelityGapError
- type FidelityLevel
- type FidelityReport
- type HealthStatus
- type LockConflictError
- type LockHandle
- type NotScalableError
- type Plan
- type PlanAction
- type PlanConflictError
- type PlatformConfig
- type PlatformContext
- type PlatformRBAC
- type PropertySchema
- type Provider
- type ProviderConfig
- type ProviderFactory
- type ReconcileResult
- type Reconciler
- type ReconcilerDriftReport
- type ReconcilerStateStore
- type ResourceDriver
- type ResourceDriverNotFoundError
- type ResourceNotFoundError
- type ResourceOutput
- type ResourcePlan
- type ResourceStatus
- type StateStore
- type StdContextResolver
- func (r *StdContextResolver) PropagateOutputs(ctx context.Context, pctx *PlatformContext, outputs []*ResourceOutput) error
- func (r *StdContextResolver) RegisterConstraints(ctx context.Context, pctx *PlatformContext, constraints []Constraint) error
- func (r *StdContextResolver) ResolveContext(ctx context.Context, org, env, app string, tier Tier) (*PlatformContext, error)
- func (r *StdContextResolver) ValidateTierBoundary(pctx *PlatformContext, declarations []CapabilityDeclaration) []ConstraintViolation
- type StdTemplateRegistry
- func (r *StdTemplateRegistry) Get(_ context.Context, name, version string) (*WorkflowTemplate, error)
- func (r *StdTemplateRegistry) GetLatest(_ context.Context, name string) (*WorkflowTemplate, error)
- func (r *StdTemplateRegistry) List(_ context.Context) ([]*WorkflowTemplateSummary, error)
- func (r *StdTemplateRegistry) Register(_ context.Context, template *WorkflowTemplate) error
- func (r *StdTemplateRegistry) Resolve(_ context.Context, name, version string, params map[string]any) ([]CapabilityDeclaration, error)
- type StdTierAuthorizer
- type TemplateOutput
- type TemplateParameter
- type TemplateRegistry
- type TemplateResolver
- type Tier
- type TierAuthorizer
- type TierBoundaryError
- type TierConfig
- type TierRole
- type TiersConfig
- type WorkflowTemplate
- type WorkflowTemplateSummary
Constants ¶
This section is empty.
Variables ¶
var ( // ErrPlanNotApproved is returned when attempting to apply a plan that // has not been approved. ErrPlanNotApproved = fmt.Errorf("plan has not been approved") // ErrPlanAlreadyApplied is returned when attempting to apply a plan // that has already been applied. ErrPlanAlreadyApplied = fmt.Errorf("plan has already been applied") // ErrPlanExpired is returned when a plan is too old to be applied safely. ErrPlanExpired = fmt.Errorf("plan has expired and must be regenerated") // ErrContextNotFound is returned when a platform context cannot be resolved. ErrContextNotFound = fmt.Errorf("platform context not found") // ErrProviderNotInitialized is returned when a provider method is called // before Initialize. ErrProviderNotInitialized = fmt.Errorf("provider has not been initialized") )
Sentinel errors for common conditions.
Functions ¶
func ValidatePlatformConfig ¶
func ValidatePlatformConfig(cfg *PlatformConfig) error
ValidatePlatformConfig checks that required fields are present and that constraint operators are recognized.
Types ¶
type AuthzPolicy ¶
type AuthzPolicy struct {
// Role is the tier role this policy applies to.
Role TierRole
// AllowedTiers is the set of tiers the role may access.
AllowedTiers []Tier
// AllowedOperations is the set of operation names the role may perform.
// An empty slice means no operations are allowed.
AllowedOperations []string
}
AuthzPolicy defines the allowed operations for a role within specific tiers.
type CapabilityConfig ¶
type CapabilityConfig struct {
// Name is the unique identifier for this capability within its tier.
Name string `yaml:"name" json:"name"`
// Type is the abstract capability type (e.g., "container_runtime", "database").
Type string `yaml:"type" json:"type"`
// Properties are provider-agnostic configuration values.
Properties map[string]any `yaml:"properties,omitempty" json:"properties,omitempty"`
// DependsOn lists other capability names that must be provisioned first.
DependsOn []string `yaml:"dependsOn,omitempty" json:"dependsOn,omitempty"`
}
CapabilityConfig is the YAML representation of a single capability declaration.
type CapabilityDeclaration ¶
type CapabilityDeclaration struct {
// Name is the unique identifier for this capability within a tier.
Name string `yaml:"name" json:"name"`
// Type is the abstract capability type (e.g., "container_runtime", "database", "message_queue").
Type string `yaml:"type" json:"type"`
// Tier indicates which infrastructure tier this capability belongs to.
Tier Tier `yaml:"tier" json:"tier"`
// Properties are abstract, provider-agnostic configuration values
// (e.g., replicas, memory, ports).
Properties map[string]any `yaml:"properties" json:"properties"`
// Constraints are hard limits imposed by parent tiers.
Constraints []Constraint `yaml:"constraints" json:"constraints"`
// DependsOn lists other capability names that must be provisioned first.
DependsOn []string `yaml:"dependsOn" json:"dependsOn"`
}
CapabilityDeclaration is a provider-agnostic resource requirement. This is what users write in YAML configuration files. The platform abstraction layer maps these to provider-specific resources.
type CapabilityMapper ¶
type CapabilityMapper interface {
// CanMap returns true if this mapper can handle the given capability type.
CanMap(capabilityType string) bool
// Map translates a capability declaration into one or more resource plans.
// The PlatformContext provides parent tier outputs and constraints.
Map(decl CapabilityDeclaration, pctx *PlatformContext) ([]ResourcePlan, error)
// ValidateConstraints checks if a capability declaration satisfies all
// constraints imposed by parent tiers. Returns any constraint violations found.
ValidateConstraints(decl CapabilityDeclaration, constraints []Constraint) []ConstraintViolation
}
CapabilityMapper translates abstract capability declarations into provider-specific resource plans. Each provider has one mapper that understands how to convert capability-level abstractions into the concrete resources the provider manages.
type CapabilityType ¶
type CapabilityType struct {
// Name is the capability type identifier (e.g., "container_runtime", "database").
Name string `json:"name"`
// Description is a human-readable description of the capability.
Description string `json:"description"`
// Tier indicates which infrastructure tier this capability belongs to.
Tier Tier `json:"tier"`
// Properties are the property schemas this capability accepts.
Properties []PropertySchema `json:"properties"`
// Constraints are the constraint schemas this capability can enforce.
Constraints []PropertySchema `json:"constraints"`
// Fidelity indicates how faithfully this provider implements the capability.
Fidelity FidelityLevel `json:"fidelity"`
}
CapabilityType describes a capability a provider can satisfy. It includes schema information for the properties and constraints the capability accepts.
type CapabilityUnsupportedError ¶
type CapabilityUnsupportedError struct {
// Capability is the unsupported capability type.
Capability string
// Provider is the provider that does not support it.
Provider string
}
CapabilityUnsupportedError is returned when a provider does not support the requested capability type at all.
func (*CapabilityUnsupportedError) Error ¶
func (e *CapabilityUnsupportedError) Error() string
Error implements the error interface.
type Constraint ¶
type Constraint struct {
// Field is the property being constrained (e.g., "memory", "replicas", "cpu").
Field string `yaml:"field" json:"field"`
// Operator is the comparison operator: "<=", ">=", "==", "in", "not_in".
Operator string `yaml:"operator" json:"operator"`
// Value is the constraint limit value.
Value any `yaml:"value" json:"value"`
// Source identifies which context or tier imposed this constraint.
Source string `yaml:"source" json:"source"`
}
Constraint represents a limit or requirement imposed by a parent tier on downstream tier resources.
type ConstraintConfig ¶
type ConstraintConfig struct {
// Field is the property being constrained (e.g., "memory", "replicas").
Field string `yaml:"field" json:"field"`
// Operator is the comparison operator: "<=", ">=", "==", "in", "not_in".
Operator string `yaml:"operator" json:"operator"`
// Value is the constraint limit value.
Value any `yaml:"value" json:"value"`
}
ConstraintConfig is the YAML representation of a constraint imposed by a parent tier.
type ConstraintValidator ¶
type ConstraintValidator struct{}
ConstraintValidator validates capability declarations against constraints imposed by parent tiers. It supports resource unit parsing (memory, CPU) and standard comparison operators.
func NewConstraintValidator ¶
func NewConstraintValidator() *ConstraintValidator
NewConstraintValidator creates a new ConstraintValidator.
func (*ConstraintValidator) Validate ¶
func (cv *ConstraintValidator) Validate(properties map[string]any, constraints []Constraint) []ConstraintViolation
Validate checks the given properties against a set of constraints and returns any violations found. Properties is a map of field names to values (matching CapabilityDeclaration.Properties), and constraints are the accumulated limits from parent tiers.
type ConstraintViolation ¶
type ConstraintViolation struct {
// Constraint is the constraint that was violated.
Constraint Constraint `json:"constraint"`
// Actual is the value that violated the constraint.
Actual any `json:"actual"`
// Message is a human-readable description of the violation.
Message string `json:"message"`
}
ConstraintViolation describes a single constraint check failure. It identifies which constraint was violated and the actual value that caused the violation.
type ConstraintViolationError ¶
type ConstraintViolationError struct {
// Resource is the name of the resource that violated the constraint.
Resource string
// Constraint is the constraint field that was violated.
Constraint string
// Value is the actual value that caused the violation.
Value any
// Limit is the constraint limit that was exceeded.
Limit any
}
ConstraintViolationError is returned when a capability declaration violates a constraint imposed by a parent tier.
func (*ConstraintViolationError) Error ¶
func (e *ConstraintViolationError) Error() string
Error implements the error interface.
type ContextResolver ¶
type ContextResolver interface {
// ResolveContext builds a PlatformContext for the given tier and identifiers.
// It reads parent tier state stores to populate ParentOutputs and Constraints.
ResolveContext(ctx context.Context, org, env, app string, tier Tier) (*PlatformContext, error)
// PropagateOutputs writes resource outputs into the context store so that
// downstream tiers can resolve them via ResolveContext.
PropagateOutputs(ctx context.Context, pctx *PlatformContext, outputs []*ResourceOutput) error
// ValidateTierBoundary ensures a workflow operating at the given tier
// does not attempt to modify resources outside its scope. Returns any
// constraint violations found.
ValidateTierBoundary(pctx *PlatformContext, declarations []CapabilityDeclaration) []ConstraintViolation
}
ContextResolver builds PlatformContext instances by aggregating parent tier state. It reads state stores to populate parent outputs and constraints, enabling the downward flow of context through the tier hierarchy.
type CredentialBroker ¶
type CredentialBroker interface {
// IssueCredential creates a scoped credential for the given platform context.
// The credential value is stored in the secrets backend and a reference is returned.
IssueCredential(ctx context.Context, pctx *PlatformContext, request CredentialRequest) (*CredentialRef, error)
// RevokeCredential invalidates a previously issued credential and removes it
// from the secrets backend.
RevokeCredential(ctx context.Context, ref *CredentialRef) error
// ResolveCredential retrieves the actual credential value from a reference.
// This is the only way to access the credential value at runtime.
ResolveCredential(ctx context.Context, ref *CredentialRef) (string, error)
// RotateCredential replaces an existing credential with a new one, revoking
// the old credential. Returns the new credential reference.
RotateCredential(ctx context.Context, ref *CredentialRef) (*CredentialRef, error)
// ListCredentials returns all credential references for a given platform context.
ListCredentials(ctx context.Context, pctx *PlatformContext) ([]*CredentialRef, error)
}
CredentialBroker issues and manages credentials scoped to specific tiers, environments, and applications. It integrates with the existing secrets.Provider system to store credential values securely. Only credential references are persisted in state; actual values live in the secrets backend.
type CredentialRef ¶
type CredentialRef struct {
// ID is the unique credential identifier.
ID string `json:"id"`
// Name is the human-readable credential name.
Name string `json:"name"`
// SecretPath is the path in the secrets backend where the value is stored.
SecretPath string `json:"secretPath"`
// Provider is the name of the secrets provider that holds the value.
Provider string `json:"provider"`
// ExpiresAt is when the credential expires.
ExpiresAt time.Time `json:"expiresAt"`
// Tier is the infrastructure tier the credential is scoped to.
Tier Tier `json:"tier"`
// ContextPath is the hierarchical context path (org/env/app).
ContextPath string `json:"contextPath"`
}
CredentialRef is a pointer to a stored credential. The actual credential value is never stored in state -- only this reference is persisted. Use CredentialBroker.ResolveCredential to retrieve the actual value.
type CredentialRequest ¶
type CredentialRequest struct {
// Name is a human-readable name for the credential.
Name string `json:"name"`
// Type is the credential type: "api_key", "database", "tls_cert", "token".
Type string `json:"type"`
// Scope lists the resource names this credential can access.
Scope []string `json:"scope"`
// TTL is the credential lifetime. A zero value means no expiry.
TTL time.Duration `json:"ttl"`
// Renewable indicates whether the credential can be renewed before expiry.
Renewable bool `json:"renewable"`
}
CredentialRequest specifies what credential to issue, including its type, scope, and lifetime.
type CrossTierImpact ¶
type CrossTierImpact struct {
// SourceDrift is the drift that triggered the impact analysis.
SourceDrift DriftResult `json:"sourceDrift"`
// AffectedResources are the downstream resources potentially impacted.
AffectedResources []DependencyRef `json:"affectedResources"`
}
CrossTierImpact describes how drift in one tier affects resources in another tier.
type DependencyRef ¶
type DependencyRef struct {
// SourceContext is the context path of the depended-upon resource.
SourceContext string `json:"sourceContext"`
// SourceResource is the name of the depended-upon resource.
SourceResource string `json:"sourceResource"`
// TargetContext is the context path of the dependent resource.
TargetContext string `json:"targetContext"`
// TargetResource is the name of the dependent resource.
TargetResource string `json:"targetResource"`
// Type is the dependency type: "hard" (must exist) or "soft" (optional).
Type string `json:"type"`
}
DependencyRef tracks cross-resource and cross-tier dependencies. These are used for impact analysis when upstream resources change.
type DiffEntry ¶
type DiffEntry struct {
// Path is the dot-separated field path (e.g., "properties.replicas").
Path string `json:"path"`
// OldValue is the current value of the field.
OldValue any `json:"oldValue"`
// NewValue is the desired value of the field.
NewValue any `json:"newValue"`
}
DiffEntry represents a single field difference in a plan action.
type DriftResult ¶
type DriftResult struct {
// ContextPath is the hierarchical context path of the resource.
ContextPath string `json:"contextPath"`
// ResourceName is the name of the resource.
ResourceName string `json:"resourceName"`
// ResourceType is the provider-specific resource type.
ResourceType string `json:"resourceType"`
// Tier is the tier the resource belongs to.
Tier Tier `json:"tier"`
// DriftType classifies the drift: "changed", "added", "removed".
DriftType string `json:"driftType"`
// Diffs contains the individual field differences (for "changed" type).
Diffs []DiffEntry `json:"diffs,omitempty"`
// Expected is the stored state.
Expected map[string]any `json:"expected,omitempty"`
// Actual is the live state from the provider.
Actual map[string]any `json:"actual,omitempty"`
}
DriftResult represents the outcome of a single resource drift check.
type ExecutionConfig ¶
type ExecutionConfig struct {
// Tier1Mode controls Tier 1 execution: "plan_and_approve" or "auto_apply".
Tier1Mode string `yaml:"tier1_mode" json:"tier1_mode"`
// Tier2Mode controls Tier 2 execution: "plan_and_approve" or "auto_apply".
Tier2Mode string `yaml:"tier2_mode" json:"tier2_mode"`
// Tier3Mode controls Tier 3 execution: "plan_and_approve" or "auto_apply".
Tier3Mode string `yaml:"tier3_mode" json:"tier3_mode"`
// ReconciliationInterval is how often drift detection runs (e.g., "5m").
ReconciliationInterval string `yaml:"reconciliation_interval" json:"reconciliation_interval"`
// LockTimeout is the advisory lock TTL (e.g., "10m").
LockTimeout string `yaml:"lock_timeout" json:"lock_timeout"`
}
ExecutionConfig controls how each tier's changes are applied and how often drift detection runs.
type FidelityGap ¶
type FidelityGap struct {
// Property is the capability property that has a fidelity gap.
Property string `json:"property"`
// Description explains what is missing or different.
Description string `json:"description"`
// Workaround describes what the provider does instead, if anything.
Workaround string `json:"workaround,omitempty"`
}
FidelityGap describes a specific property that is not fully implemented by a provider for a given capability.
type FidelityGapError ¶
type FidelityGapError struct {
// Provider is the provider that has the fidelity gap.
Provider string
// Capability is the capability type that is not fully supported.
Capability string
// Level is the actual fidelity level the provider offers.
Level FidelityLevel
// Details describes what is missing.
Details string
}
FidelityGapError is returned when a provider cannot satisfy a capability at the required fidelity level.
func (*FidelityGapError) Error ¶
func (e *FidelityGapError) Error() string
Error implements the error interface.
type FidelityLevel ¶
type FidelityLevel string
FidelityLevel indicates how faithfully a provider implements a capability. Providers may not support all capabilities at full fidelity; this type makes gaps explicit so users can make informed decisions.
const ( // FidelityFull indicates production-equivalent implementation. FidelityFull FidelityLevel = "full" // FidelityPartial indicates the capability works but with limitations. FidelityPartial FidelityLevel = "partial" // FidelityStub indicates a mock or no-op implementation (e.g., IAM on local). FidelityStub FidelityLevel = "stub" // FidelityNone indicates the capability is not supported by this provider. FidelityNone FidelityLevel = "none" )
func WorseOf ¶
func WorseOf(a, b FidelityLevel) FidelityLevel
WorseOf returns the lower fidelity level between two levels. The ordering from best to worst is: Full > Partial > Stub > None.
type FidelityReport ¶
type FidelityReport struct {
// Capability is the abstract capability type being reported on.
Capability string `json:"capability"`
// Provider is the provider name.
Provider string `json:"provider"`
// Fidelity is the overall fidelity level for this capability.
Fidelity FidelityLevel `json:"fidelity"`
// Gaps lists the specific properties that are not fully implemented.
Gaps []FidelityGap `json:"gaps"`
}
FidelityReport is returned during plan generation to inform users of capability gaps in the current provider. It identifies which properties of a capability are not fully implemented.
func (*FidelityReport) HasGaps ¶
func (fr *FidelityReport) HasGaps() bool
HasGaps returns true if the fidelity report contains any gaps.
func (*FidelityReport) IsFullFidelity ¶
func (fr *FidelityReport) IsFullFidelity() bool
IsFullFidelity returns true if the fidelity level is Full with no gaps.
type HealthStatus ¶
type HealthStatus struct {
// Status is the health state: "healthy", "unhealthy", "degraded", or "unknown".
Status string `json:"status"`
// Message is a human-readable description of the health state.
Message string `json:"message"`
// Details contains provider-specific health check details.
Details map[string]any `json:"details,omitempty"`
// CheckedAt is when the health check was performed.
CheckedAt time.Time `json:"checkedAt"`
}
HealthStatus represents the health of a managed resource as reported by the provider.
type LockConflictError ¶
type LockConflictError struct {
// ContextPath is the context path that is locked.
ContextPath string
// HeldBy is an identifier for the holder, if known.
HeldBy string
}
LockConflictError is returned when a lock cannot be acquired because another operation holds it.
func (*LockConflictError) Error ¶
func (e *LockConflictError) Error() string
Error implements the error interface.
type LockHandle ¶
type LockHandle interface {
// Unlock releases the advisory lock.
Unlock(ctx context.Context) error
// Refresh extends the lock TTL to prevent expiration during long operations.
Refresh(ctx context.Context, ttl time.Duration) error
}
LockHandle represents an advisory lock on a context path. Locks prevent concurrent modifications and must be explicitly released.
type NotScalableError ¶
type NotScalableError struct {
// ResourceType is the resource type that does not support scaling.
ResourceType string
}
NotScalableError is returned when a Scale operation is attempted on a resource type that does not support scaling.
func (*NotScalableError) Error ¶
func (e *NotScalableError) Error() string
Error implements the error interface.
type Plan ¶
type Plan struct {
// ID is a unique identifier for this plan.
ID string `json:"id"`
// Tier indicates which infrastructure tier this plan operates on.
Tier Tier `json:"tier"`
// Context is the hierarchical context path (e.g., "acme/production/api-service").
Context string `json:"context"`
// Actions is the ordered list of changes to execute.
Actions []PlanAction `json:"actions"`
// CreatedAt is when the plan was generated.
CreatedAt time.Time `json:"createdAt"`
// ApprovedAt is when the plan was approved (nil if pending).
ApprovedAt *time.Time `json:"approvedAt,omitempty"`
// ApprovedBy is the principal who approved the plan.
ApprovedBy string `json:"approvedBy,omitempty"`
// Status is the plan lifecycle state: "pending", "approved", "applying", "applied", "failed".
Status string `json:"status"`
// Provider is the name of the provider that generated this plan.
Provider string `json:"provider"`
// DryRun indicates whether this plan was generated as a dry-run.
DryRun bool `json:"dryRun,omitempty"`
// FidelityReports contains any fidelity gap warnings from the provider.
FidelityReports []FidelityReport `json:"fidelityReports,omitempty"`
}
Plan is the complete execution plan for a set of infrastructure changes. Plans must be approved before they can be applied for Tier 1 and Tier 2.
type PlanAction ¶
type PlanAction struct {
// Action is the operation type: "create", "update", "delete", or "no-op".
Action string `json:"action"`
// ResourceName is the name of the resource being changed.
ResourceName string `json:"resourceName"`
// ResourceType is the provider-specific resource type.
ResourceType string `json:"resourceType"`
// Provider is the name of the provider executing the action.
Provider string `json:"provider"`
// Before is the current state properties (nil for create actions).
Before map[string]any `json:"before,omitempty"`
// After is the desired state properties (nil for delete actions).
After map[string]any `json:"after,omitempty"`
// Diff contains the individual field differences for update actions.
Diff []DiffEntry `json:"diff,omitempty"`
}
PlanAction represents a single planned change to infrastructure.
type PlanConflictError ¶
type PlanConflictError struct {
// PlanID is the conflicting plan's identifier.
PlanID string
// ConflictingResource is the resource that has a conflicting change.
ConflictingResource string
}
PlanConflictError is returned when a plan conflicts with another plan that is currently being applied or was recently applied.
func (*PlanConflictError) Error ¶
func (e *PlanConflictError) Error() string
Error implements the error interface.
type PlatformConfig ¶
type PlatformConfig struct {
// Org is the organization identifier (e.g., "acme-corp").
Org string `yaml:"org" json:"org"`
// Environment is the target environment name (e.g., "production", "staging").
Environment string `yaml:"environment" json:"environment"`
// Provider configures the infrastructure provider to use.
Provider ProviderConfig `yaml:"provider" json:"provider"`
// Tiers defines the three-tier capability layout.
Tiers TiersConfig `yaml:"tiers" json:"tiers"`
// Execution controls per-tier execution modes and reconciliation settings.
Execution ExecutionConfig `yaml:"execution" json:"execution"`
}
PlatformConfig is the top-level platform abstraction configuration. It describes the organization, environment, provider, tier layout, and execution policy for a deployment.
func ParsePlatformConfig ¶
func ParsePlatformConfig(raw map[string]any) (*PlatformConfig, error)
ParsePlatformConfig converts a raw YAML map (typically from the "platform" key in WorkflowConfig) into a typed PlatformConfig. It re-marshals the map through YAML to leverage struct tags for parsing.
type PlatformContext ¶
type PlatformContext struct {
// Org is the organization identifier.
Org string `json:"org"`
// Environment is the deployment environment name (e.g., "production", "staging", "dev").
Environment string `json:"environment"`
// Application is the application name. Empty for Tier 1 and Tier 2 contexts.
Application string `json:"application"`
// Tier is the infrastructure tier this context operates at.
Tier Tier `json:"tier"`
// ParentOutputs are resource outputs inherited from parent tiers, keyed by resource name.
ParentOutputs map[string]*ResourceOutput `json:"parentOutputs"`
// Constraints are the accumulated constraints from all parent tiers.
Constraints []Constraint `json:"constraints"`
// Credentials holds resolved credential values for this scope.
// This field is never serialized to prevent credential leakage.
Credentials map[string]string `json:"-"`
// Labels are metadata key-value pairs for resource tagging.
Labels map[string]string `json:"labels"`
// Annotations are metadata key-value pairs for operational metadata.
Annotations map[string]string `json:"annotations"`
}
PlatformContext is the hierarchical context flowing through the tier system. It carries organization, environment, and application identifiers along with the accumulated outputs and constraints from parent tiers. Context flows downward: Tier 1 outputs feed Tier 2 inputs, Tier 2 outputs feed Tier 3.
func (*PlatformContext) ContextPath ¶
func (pc *PlatformContext) ContextPath() string
ContextPath returns the full hierarchical path: "org/env" or "org/env/app".
type PlatformRBAC ¶
type PlatformRBAC interface {
// CanAuthor checks if a principal can define workflows at the given tier
// and context path.
CanAuthor(ctx context.Context, principal string, tier Tier, contextPath string) (bool, error)
// CanApprove checks if a principal can approve plans at the given tier
// and context path.
CanApprove(ctx context.Context, principal string, tier Tier, contextPath string) (bool, error)
// CanView checks if a principal can read state at the given tier
// and context path.
CanView(ctx context.Context, principal string, tier Tier, contextPath string) (bool, error)
// EnforceConstraints validates that a set of capability declarations
// does not exceed the constraints imposed by parent tiers.
// This is called at plan time before any resources are provisioned.
EnforceConstraints(pctx *PlatformContext, declarations []CapabilityDeclaration) ([]ConstraintViolation, error)
}
PlatformRBAC enforces tier-based access control. It validates that principals have the required roles for the operations they attempt, and that capability declarations do not violate parent tier constraints.
type PropertySchema ¶
type PropertySchema struct {
// Name is the property identifier.
Name string `json:"name"`
// Type is the property data type: "string", "int", "bool", "duration", "map", "list".
Type string `json:"type"`
// Required indicates whether the property must be provided.
Required bool `json:"required"`
// Description is a human-readable description of the property.
Description string `json:"description"`
// DefaultValue is the value used when the property is not specified.
DefaultValue any `json:"defaultValue,omitempty"`
}
PropertySchema describes a property accepted by a capability.
type Provider ¶
type Provider interface {
// Name returns the provider identifier (e.g., "aws", "docker-compose", "gcp").
Name() string
// Version returns the provider version string.
Version() string
// Initialize prepares the provider by authenticating and validating configuration.
Initialize(ctx context.Context, config map[string]any) error
// Capabilities returns the set of capability types this provider supports.
// Used during plan-time to determine if a provider can satisfy a declaration.
Capabilities() []CapabilityType
// MapCapability resolves an abstract capability declaration to a provider-specific
// resource plan. Returns an error if the capability cannot be satisfied.
MapCapability(ctx context.Context, decl CapabilityDeclaration, pctx *PlatformContext) ([]ResourcePlan, error)
// ResourceDriver returns the driver for a specific provider resource type.
// Returns ErrResourceDriverNotFound if the resource type is not supported.
ResourceDriver(resourceType string) (ResourceDriver, error)
// CredentialBroker returns the provider's credential management interface.
// Returns nil if the provider does not support credential brokering.
CredentialBroker() CredentialBroker
// StateStore returns the provider's state persistence interface.
StateStore() StateStore
// Healthy returns nil if the provider is reachable and authenticated.
Healthy(ctx context.Context) error
// Close releases any resources held by the provider.
Close() error
}
Provider is the top-level interface for an infrastructure provider. A provider manages a collection of resource drivers and maps abstract capabilities to provider-specific resource types. Providers are registered with the engine and selected based on the platform configuration.
type ProviderConfig ¶
type ProviderConfig struct {
// Name is the provider identifier (e.g., "aws", "docker-compose", "gcp").
Name string `yaml:"name" json:"name"`
// Config holds provider-specific configuration key-value pairs.
Config map[string]any `yaml:"config,omitempty" json:"config,omitempty"`
}
ProviderConfig identifies and configures an infrastructure provider.
type ProviderFactory ¶
type ProviderFactory func() Provider
ProviderFactory is a constructor function for creating Provider instances.
type ReconcileResult ¶
type ReconcileResult struct {
// ContextPath is the context that was reconciled.
ContextPath string `json:"contextPath"`
// DriftResults contains all detected drifts.
DriftResults []DriftResult `json:"driftResults"`
// CrossTierImpacts describes downstream impacts of detected drifts.
CrossTierImpacts []CrossTierImpact `json:"crossTierImpacts,omitempty"`
// CheckedAt is when the reconciliation was performed.
CheckedAt time.Time `json:"checkedAt"`
// Duration is how long the reconciliation took.
Duration time.Duration `json:"duration"`
// ResourcesChecked is the number of resources that were checked.
ResourcesChecked int `json:"resourcesChecked"`
}
ReconcileResult is the complete output of a reconciliation cycle.
type Reconciler ¶
type Reconciler struct {
// contains filtered or unexported fields
}
Reconciler runs periodic drift detection by comparing stored state with live provider state. It identifies drifted, added, and removed resources and tracks cross-tier impact.
func NewReconciler ¶
func NewReconciler(provider Provider, store StateStore, contextPath string, interval time.Duration) *Reconciler
NewReconciler creates a new reconciler for the given provider and state store.
func (*Reconciler) Reconcile ¶
func (r *Reconciler) Reconcile(ctx context.Context) (*ReconcileResult, error)
Reconcile performs a single reconciliation cycle. It lists all resources in the context path from the state store, reads their live state from the provider, and compares to detect drift.
func (*Reconciler) ReconcileJSON ¶
func (r *Reconciler) ReconcileJSON(ctx context.Context) ([]byte, error)
ReconcileJSON performs a reconciliation and returns the result as JSON. This is a convenience method for trigger integration.
func (*Reconciler) SetLogger ¶
func (r *Reconciler) SetLogger(logger *log.Logger)
SetLogger sets a custom logger for the reconciler.
type ReconcilerDriftReport ¶
type ReconcilerDriftReport struct {
ID int64 `json:"id"`
ContextPath string `json:"contextPath"`
ResourceName string `json:"resourceName"`
ResourceType string `json:"resourceType"`
Tier Tier `json:"tier"`
DriftType string `json:"driftType"`
Expected map[string]any `json:"expected"`
Actual map[string]any `json:"actual"`
Diffs []DiffEntry `json:"diffs"`
DetectedAt time.Time `json:"detectedAt"`
ResolvedAt *time.Time `json:"resolvedAt,omitempty"`
ResolvedBy string `json:"resolvedBy,omitempty"`
}
ReconcilerDriftReport is the drift report type used by the reconciler. It matches the DriftReport in the state package but is defined here to avoid circular imports.
type ReconcilerStateStore ¶
type ReconcilerStateStore interface {
StateStore
SaveDriftReport(ctx context.Context, report *ReconcilerDriftReport) error
}
ReconcilerStateStore extends StateStore with drift report capabilities. This interface is satisfied by the state package implementations.
type ResourceDriver ¶
type ResourceDriver interface {
// ResourceType returns the fully qualified resource type (e.g., "aws.eks_cluster").
ResourceType() string
// Create provisions a new resource with the given properties.
// Returns the resource output when provisioning is complete.
Create(ctx context.Context, name string, properties map[string]any) (*ResourceOutput, error)
// Read fetches the current state of an existing resource from the provider.
Read(ctx context.Context, name string) (*ResourceOutput, error)
// Update modifies an existing resource to match the desired properties.
// Both current and desired property maps are provided for diffing.
Update(ctx context.Context, name string, current, desired map[string]any) (*ResourceOutput, error)
// Delete removes a resource from the provider.
Delete(ctx context.Context, name string) error
// HealthCheck returns the health status of a managed resource.
HealthCheck(ctx context.Context, name string) (*HealthStatus, error)
// Scale adjusts resource scaling parameters if the resource type supports it.
// Returns ErrNotScalable if the resource type does not support scaling.
Scale(ctx context.Context, name string, scaleParams map[string]any) (*ResourceOutput, error)
// Diff compares the desired properties with the actual provider state and
// returns the list of field differences.
Diff(ctx context.Context, name string, desired map[string]any) ([]DiffEntry, error)
}
ResourceDriver handles CRUD lifecycle for a specific provider resource type. Each provider composes multiple drivers, one per resource type it supports. Drivers are responsible for the actual interaction with the provider API.
type ResourceDriverNotFoundError ¶
type ResourceDriverNotFoundError struct {
// ResourceType is the resource type that has no driver.
ResourceType string
// Provider is the provider that was queried.
Provider string
}
ResourceDriverNotFoundError is returned when a provider does not have a driver for the requested resource type.
func (*ResourceDriverNotFoundError) Error ¶
func (e *ResourceDriverNotFoundError) Error() string
Error implements the error interface.
type ResourceNotFoundError ¶
type ResourceNotFoundError struct {
// Name is the resource name that was not found.
Name string
// Provider is the provider where the resource was expected.
Provider string
}
ResourceNotFoundError is returned when a requested resource does not exist in the provider or state store.
func (*ResourceNotFoundError) Error ¶
func (e *ResourceNotFoundError) Error() string
Error implements the error interface.
type ResourceOutput ¶
type ResourceOutput struct {
// Name is the resource identifier matching the CapabilityDeclaration name.
Name string `json:"name"`
// Type is the abstract capability type.
Type string `json:"type"`
// ProviderType is the provider-specific resource type (e.g., "aws.eks_cluster").
ProviderType string `json:"providerType"`
// Endpoint is the primary access endpoint for the resource, if applicable.
Endpoint string `json:"endpoint,omitempty"`
// ConnectionStr is a connection string for database or messaging resources.
ConnectionStr string `json:"connectionString,omitempty"`
// CredentialRef is a reference to a credential in the credential broker.
CredentialRef string `json:"credentialRef,omitempty"`
// Properties are provider-specific output properties.
Properties map[string]any `json:"properties"`
// Status is the current lifecycle state of the resource.
Status ResourceStatus `json:"status"`
// LastSynced is the last time the resource state was read from the provider.
LastSynced time.Time `json:"lastSynced"`
}
ResourceOutput represents the concrete output of a provisioned resource. These become inputs and constraints for downstream tiers.
type ResourcePlan ¶
type ResourcePlan struct {
// ResourceType is the provider-specific resource type (e.g., "aws.eks_nodegroup").
ResourceType string `json:"resourceType"`
// Name is the resource instance name.
Name string `json:"name"`
// Properties are the provider-specific properties for the resource.
Properties map[string]any `json:"properties"`
// DependsOn lists other resource names that must be created first.
DependsOn []string `json:"dependsOn"`
}
ResourcePlan is the provider-specific plan for a single resource. It is the output of capability mapping and the input to resource drivers.
type ResourceStatus ¶
type ResourceStatus string
ResourceStatus represents the lifecycle state of a managed resource.
const ( // ResourceStatusPending indicates the resource has been declared but not yet provisioned. ResourceStatusPending ResourceStatus = "pending" // ResourceStatusCreating indicates the resource is being provisioned. ResourceStatusCreating ResourceStatus = "creating" // ResourceStatusActive indicates the resource is provisioned and healthy. ResourceStatusActive ResourceStatus = "active" // ResourceStatusUpdating indicates the resource is being modified. ResourceStatusUpdating ResourceStatus = "updating" // ResourceStatusDeleting indicates the resource is being torn down. ResourceStatusDeleting ResourceStatus = "deleting" // ResourceStatusDeleted indicates the resource has been removed. ResourceStatusDeleted ResourceStatus = "deleted" // ResourceStatusFailed indicates provisioning or update failed. ResourceStatusFailed ResourceStatus = "failed" // ResourceStatusDegraded indicates the resource is running but not fully healthy. ResourceStatusDegraded ResourceStatus = "degraded" // ResourceStatusDrifted indicates the actual state diverges from declared state. ResourceStatusDrifted ResourceStatus = "drifted" )
type StateStore ¶
type StateStore interface {
// SaveResource persists the state of a resource within a context path.
SaveResource(ctx context.Context, contextPath string, output *ResourceOutput) error
// GetResource retrieves a resource's state by context path and resource name.
GetResource(ctx context.Context, contextPath, resourceName string) (*ResourceOutput, error)
// ListResources returns all resources in a context path.
ListResources(ctx context.Context, contextPath string) ([]*ResourceOutput, error)
// DeleteResource removes a resource from state.
DeleteResource(ctx context.Context, contextPath, resourceName string) error
// SavePlan persists an execution plan.
SavePlan(ctx context.Context, plan *Plan) error
// GetPlan retrieves an execution plan by its ID.
GetPlan(ctx context.Context, planID string) (*Plan, error)
// ListPlans lists plans for a context path, ordered by creation time descending.
// The limit parameter controls the maximum number of plans returned.
ListPlans(ctx context.Context, contextPath string, limit int) ([]*Plan, error)
// Lock acquires an advisory lock for a context path to prevent concurrent
// modifications to the same infrastructure. The TTL controls the maximum
// lock duration.
Lock(ctx context.Context, contextPath string, ttl time.Duration) (LockHandle, error)
// Dependencies returns dependency references for resources that depend on
// the given resource.
Dependencies(ctx context.Context, contextPath, resourceName string) ([]DependencyRef, error)
// AddDependency records a cross-resource or cross-tier dependency.
AddDependency(ctx context.Context, dep DependencyRef) error
}
StateStore manages the persistent state of provisioned resources. Each provider has its own state store, and there is an aggregate layer that spans across providers. State is partitioned by context path.
type StdContextResolver ¶
type StdContextResolver struct {
// contains filtered or unexported fields
}
StdContextResolver implements the ContextResolver interface. It builds PlatformContext instances by reading tier outputs from a StateStore and assembling the parent context chain with accumulated constraints.
func NewStdContextResolver ¶
func NewStdContextResolver(store StateStore) *StdContextResolver
NewStdContextResolver creates a new StdContextResolver backed by the given StateStore.
func (*StdContextResolver) PropagateOutputs ¶
func (r *StdContextResolver) PropagateOutputs(ctx context.Context, pctx *PlatformContext, outputs []*ResourceOutput) error
PropagateOutputs writes resource outputs into the state store so that downstream tiers can resolve them via ResolveContext. It also stores any constraints defined in the context for downstream consumption.
func (*StdContextResolver) RegisterConstraints ¶
func (r *StdContextResolver) RegisterConstraints(ctx context.Context, pctx *PlatformContext, constraints []Constraint) error
RegisterConstraints stores constraints in the state store for a given tier context. These constraints will be picked up by ResolveContext when building contexts for downstream tiers.
func (*StdContextResolver) ResolveContext ¶
func (r *StdContextResolver) ResolveContext(ctx context.Context, org, env, app string, tier Tier) (*PlatformContext, error)
ResolveContext builds a PlatformContext for the given tier and identifiers. It reads parent tier outputs from the state store, assembles them into the ParentOutputs map, and collects applicable constraints from all parent tiers.
Context flows downward through the tier hierarchy:
- Tier 1 (Infrastructure): no parent outputs or constraints
- Tier 2 (SharedPrimitive): receives Tier 1 outputs and constraints
- Tier 3 (Application): receives Tier 1 + Tier 2 outputs and constraints
func (*StdContextResolver) ValidateTierBoundary ¶
func (r *StdContextResolver) ValidateTierBoundary(pctx *PlatformContext, declarations []CapabilityDeclaration) []ConstraintViolation
ValidateTierBoundary ensures a workflow operating at the given tier does not attempt to modify resources outside its scope. Returns any constraint violations found.
type StdTemplateRegistry ¶
type StdTemplateRegistry struct {
// contains filtered or unexported fields
}
StdTemplateRegistry is an in-memory implementation of the TemplateRegistry interface. It stores templates indexed by name and version, supports listing, and resolves templates by substituting parameters into capability declarations.
func NewStdTemplateRegistry ¶
func NewStdTemplateRegistry() *StdTemplateRegistry
NewStdTemplateRegistry creates a new in-memory template registry.
func (*StdTemplateRegistry) Get ¶
func (r *StdTemplateRegistry) Get(_ context.Context, name, version string) (*WorkflowTemplate, error)
Get retrieves a template by name and version. If version is empty, it returns the latest version (determined by semver-like string sorting).
func (*StdTemplateRegistry) GetLatest ¶
func (r *StdTemplateRegistry) GetLatest(_ context.Context, name string) (*WorkflowTemplate, error)
GetLatest retrieves the latest version of a template by name.
func (*StdTemplateRegistry) List ¶
func (r *StdTemplateRegistry) List(_ context.Context) ([]*WorkflowTemplateSummary, error)
List returns summaries of all registered templates.
func (*StdTemplateRegistry) Register ¶
func (r *StdTemplateRegistry) Register(_ context.Context, template *WorkflowTemplate) error
Register adds a template to the registry. It returns an error if a template with the same name and version already exists, or if the template is invalid.
func (*StdTemplateRegistry) Resolve ¶
func (r *StdTemplateRegistry) Resolve(_ context.Context, name, version string, params map[string]any) ([]CapabilityDeclaration, error)
Resolve instantiates a template with the given parameters, producing concrete CapabilityDeclarations. If version is empty, the latest version is used.
type StdTierAuthorizer ¶
type StdTierAuthorizer struct {
// contains filtered or unexported fields
}
StdTierAuthorizer is the standard implementation of TierAuthorizer. It holds a list of AuthzPolicy entries and checks incoming requests against them.
func NewStdTierAuthorizer ¶
func NewStdTierAuthorizer() *StdTierAuthorizer
NewStdTierAuthorizer creates a StdTierAuthorizer populated with default policies for the built-in roles.
Default policies:
- RoleTierAdmin: all tiers, all operations
- RoleTierAuthor: Tier 2 and 3, read and write operations
- RoleTierViewer: all tiers, read-only operations
- RoleTierApprover: Tier 1 and 2, read and approve operations
func (*StdTierAuthorizer) Authorize ¶
func (a *StdTierAuthorizer) Authorize(_ context.Context, role TierRole, tier Tier, operation string) error
Authorize checks whether role is permitted to perform operation on tier. It returns nil when authorized or a *TierBoundaryError when the role lacks sufficient privileges.
func (*StdTierAuthorizer) RegisterPolicy ¶
func (a *StdTierAuthorizer) RegisterPolicy(policy AuthzPolicy)
RegisterPolicy adds or replaces a policy for the given role.
type TemplateOutput ¶
type TemplateOutput struct {
// Name is the output identifier.
Name string `yaml:"name" json:"name"`
// Value is an expression referencing a resource output (e.g., "service-name.endpoint").
Value string `yaml:"value" json:"value"`
}
TemplateOutput declares a named output of a template that references a resource output from the resolved capabilities.
type TemplateParameter ¶
type TemplateParameter struct {
// Name is the parameter identifier used in placeholder expressions.
Name string `yaml:"name" json:"name"`
// Type is the parameter data type: "string", "int", "bool", "list", "map".
Type string `yaml:"type" json:"type"`
// Required indicates whether the parameter must be provided during resolution.
Required bool `yaml:"required" json:"required"`
// Default is the value used when the parameter is not provided.
Default any `yaml:"default,omitempty" json:"default,omitempty"`
// Description is a human-readable description of the parameter.
Description string `yaml:"description,omitempty" json:"description,omitempty"`
// Validation is a regex pattern or constraint expression for validating the value.
Validation string `yaml:"validation,omitempty" json:"validation,omitempty"`
}
TemplateParameter describes a configurable input for a workflow template.
type TemplateRegistry ¶
type TemplateRegistry interface {
// Register adds or updates a template in the registry.
Register(ctx context.Context, template *WorkflowTemplate) error
// Get retrieves a specific template by name and version.
Get(ctx context.Context, name, version string) (*WorkflowTemplate, error)
// GetLatest retrieves the latest version of a template by name.
GetLatest(ctx context.Context, name string) (*WorkflowTemplate, error)
// List returns summaries of all available templates.
List(ctx context.Context) ([]*WorkflowTemplateSummary, error)
// Resolve instantiates a template with the given parameters, producing
// a set of concrete capability declarations.
Resolve(ctx context.Context, name, version string, params map[string]any) ([]CapabilityDeclaration, error)
}
TemplateRegistry manages versioned platform workflow templates. Templates are parameterized, reusable definitions of capability declarations that can be instantiated with specific values.
type TemplateResolver ¶
type TemplateResolver struct{}
TemplateResolver resolves a WorkflowTemplate with concrete parameter values, producing a list of CapabilityDeclarations with all placeholders substituted.
func NewTemplateResolver ¶
func NewTemplateResolver() *TemplateResolver
NewTemplateResolver creates a new TemplateResolver.
func (*TemplateResolver) Resolve ¶
func (r *TemplateResolver) Resolve(template *WorkflowTemplate, params map[string]any) ([]CapabilityDeclaration, error)
Resolve substitutes parameter values into the template's capability declarations. It validates that all required parameters are present, applies defaults for optional parameters, and performs deep substitution in nested structures.
type Tier ¶
type Tier int
Tier represents the infrastructure tier a resource belongs to. The three tiers form a hierarchy where each tier's outputs constrain the tier below it.
const ( // TierInfrastructure represents Tier 1: compute, networking, IAM. // Changes are infrequent and approval-gated. TierInfrastructure Tier = 1 // Changes are moderate frequency. TierSharedPrimitive Tier = 2 // TierApplication represents Tier 3: app deployments, scaling policies. // Changes are frequent and CI/CD-driven. TierApplication Tier = 3 )
type TierAuthorizer ¶
type TierAuthorizer interface {
// Authorize checks whether the given role may perform operation on tier.
// Returns nil if authorized, or a TierBoundaryError if not.
Authorize(ctx context.Context, role TierRole, tier Tier, operation string) error
// RegisterPolicy adds or replaces a policy for the given role.
RegisterPolicy(policy AuthzPolicy)
}
TierAuthorizer checks whether a role is permitted to perform an operation on a given tier. It is the low-level authorization primitive used by middleware and the PlatformRBAC implementation.
type TierBoundaryError ¶
type TierBoundaryError struct {
// SourceTier is the tier the operation originated from.
SourceTier Tier
// TargetTier is the tier the operation attempted to reach.
TargetTier Tier
// Operation is the operation that was attempted.
Operation string
// Reason explains why the operation is not allowed.
Reason string
}
TierBoundaryError is returned when an operation attempts to cross tier boundaries in a prohibited direction.
func (*TierBoundaryError) Error ¶
func (e *TierBoundaryError) Error() string
Error implements the error interface.
type TierConfig ¶
type TierConfig struct {
// Capabilities lists the abstract resources declared in this tier.
Capabilities []CapabilityConfig `yaml:"capabilities,omitempty" json:"capabilities,omitempty"`
// ConstraintsForDownstream are hard limits imposed on lower tiers.
ConstraintsForDownstream []ConstraintConfig `yaml:"constraints_for_downstream,omitempty" json:"constraints_for_downstream,omitempty"`
}
TierConfig describes the capabilities and downstream constraints for a single tier.
type TierRole ¶
type TierRole string
TierRole defines what a principal can do within a specific tier. Roles are scoped to a tier and context path combination.
const ( // RoleTierAdmin grants full CRUD on tier resources. RoleTierAdmin TierRole = "tier_admin" // RoleTierAuthor grants permission to create and update workflows for a tier. RoleTierAuthor TierRole = "tier_author" // RoleTierViewer grants read-only access to tier state. RoleTierViewer TierRole = "tier_viewer" // RoleTierApprover grants permission to approve plans for a tier. RoleTierApprover TierRole = "tier_approver" )
type TiersConfig ¶
type TiersConfig struct {
// Infrastructure is Tier 1: compute, networking, IAM.
Infrastructure TierConfig `yaml:"infrastructure" json:"infrastructure"`
SharedPrimitives TierConfig `yaml:"shared_primitives" json:"shared_primitives"`
// Application is Tier 3: app deployments, scaling policies.
Application TierConfig `yaml:"application" json:"application"`
}
TiersConfig groups the three infrastructure tiers.
type WorkflowTemplate ¶
type WorkflowTemplate struct {
// Name is the template identifier.
Name string `yaml:"name" json:"name"`
// Version is the template version following semantic versioning.
Version string `yaml:"version" json:"version"`
// Description is a human-readable description of what the template provides.
Description string `yaml:"description" json:"description"`
// Parameters are the configurable inputs for this template.
Parameters []TemplateParameter `yaml:"parameters" json:"parameters"`
// Capabilities are the capability declarations with parameter placeholders.
Capabilities []CapabilityDeclaration `yaml:"capabilities" json:"capabilities"`
// Outputs are the declared outputs of this template, referencing resource outputs.
Outputs []TemplateOutput `yaml:"outputs" json:"outputs"`
// Tier is the infrastructure tier this template targets.
Tier Tier `yaml:"tier" json:"tier"`
}
WorkflowTemplate is a parameterized, reusable platform workflow definition. Users define templates with parameters that are substituted at resolution time to produce concrete capability declarations.
type WorkflowTemplateSummary ¶
type WorkflowTemplateSummary struct {
// Name is the template identifier.
Name string `json:"name"`
// Version is the template version.
Version string `json:"version"`
// Description is a human-readable description.
Description string `json:"description"`
// Parameters lists the parameter names accepted by this template.
Parameters []string `json:"parameters"`
}
WorkflowTemplateSummary is a condensed view of a template for listing purposes.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package middleware provides HTTP middleware for the platform abstraction layer.
|
Package middleware provides HTTP middleware for the platform abstraction layer. |
|
providers
|
|
|
dockercompose
Package dockercompose implements a platform.Provider that maps abstract capability declarations to Docker Compose services, networks, and volumes.
|
Package dockercompose implements a platform.Provider that maps abstract capability declarations to Docker Compose services, networks, and volumes. |
|
dockercompose/drivers
Package drivers provides resource driver implementations for the Docker Compose provider.
|
Package drivers provides resource driver implementations for the Docker Compose provider. |
|
mock
Package mock provides configurable test doubles for all platform interfaces.
|
Package mock provides configurable test doubles for all platform interfaces. |
|
Package state provides persistent StateStore implementations for the platform abstraction layer.
|
Package state provides persistent StateStore implementations for the platform abstraction layer. |