stdtemporalcodecfx

package
v0.0.231 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 18, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package stdtemporalcodecfx wires the KMS-backed Temporal payload codec into an fx application.

Two composable fx.Options are exposed:

  • Provide() wires the client/worker side. It produces a converter.DataConverter that stdtemporalfx (or any Temporal client) installs on its connection. When Config.Enabled is false a no-op DataConverter is provided so local development works without KMS; when true, payloads are envelope-encrypted with the configured KMS key. The KMS client is built from the ambient aws.Config (typically provided by stdawsfx).

  • ProvideServer() wires the codec HTTP server. It produces an http.Handler under the fx name tag "codec" implementing Temporal's remote codec contract (POST /encode and POST /decode). The handler enforces an allowlist on the X-Namespace request header. The KMS client is built from the ambient aws.Config.

Tests can substitute the KMS dependency by supplying a stdtemporalcodec.KMS directly: 

fx.Supply(fx.Annotate(fakeKMS, fx.As(new(stdtemporalcodec.KMS))))

When supplied that way it takes precedence over the AWS-built client and aws.Config does not need to be in the graph.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Provide 

func Provide() fx.Option

Provide returns an fx.Option providing the client/worker side data converter. See package documentation for details.

func ProvideServer 

func ProvideServer() fx.Option

ProvideServer returns an fx.Option providing the codec server http.Handler under the fx name tag "codec". See package documentation for details.

Types

type Config 

type Config struct {
	// Enabled toggles KMS encryption of Temporal payloads. When false a
	// pass-through DataConverter is provided so local development works
	// without KMS. Default false.
	Enabled bool `env:"ENABLED"`

	// KMSKeyID is the KMS key ARN or alias used to generate data keys.
	// Required when Enabled is true.
	KMSKeyID string `env:"KMS_KEY_ID"`

	// Namespace is the Temporal namespace this client/worker operates in.
	// It is bound into the KMS EncryptionContext to enforce cryptographic
	// tenant isolation. Required when Enabled is true.
	Namespace string `env:"NAMESPACE"`
}

Config configures the client/worker side of the codec module (Provide). Environment variables are prefixed with STDTEMPORALCODEC_.

type Params 

type Params struct {
	fx.In

	Config    Config
	AWSConfig aws.Config `optional:"true"`
	// KMS is an optional override for the KMS client. When nil the codec
	// uses kms.NewFromConfig(AWSConfig). Tests supply a fake here.
	KMS stdtemporalcodec.KMS `optional:"true"`
}

Params holds the dependencies for Provide.

type Result 

type Result struct {
	fx.Out

	// DataConverter is suitable for installing on a Temporal client.
	// stdtemporalfx already consumes it as an optional dependency.
	DataConverter converter.DataConverter
}

Result holds the values provided by Provide.

func New 

func New(par Params) (Result, error)

New constructs the data converter.

type ServerConfig 

type ServerConfig struct {
	// KMSKeyID is the KMS key ARN/alias the codec uses to wrap data keys.
	// Required.
	KMSKeyID string `env:"KMS_KEY_ID,required"`

	// AllowedNamespaces lists the Temporal namespaces this server will
	// service. Requests bearing any other (normalized) namespace are
	// rejected with 403 Forbidden. If empty, all requests are rejected.
	AllowedNamespaces []string `env:"ALLOWED_NAMESPACES" envSeparator:","`

	// StripCloudSuffix toggles the StripCloudAccountSuffix normalizer
	// (which trims everything after the last dot in X-Namespace). Defaults
	// to true so the handler works out of the box with the Temporal Cloud
	// Web UI.
	StripCloudSuffix bool `env:"STRIP_CLOUD_SUFFIX" envDefault:"true"`
}

ServerConfig configures the codec server (ProvideServer). Environment variables are prefixed with STDTEMPORALCODECSERVER_.

type ServerParams 

type ServerParams struct {
	fx.In

	Config    ServerConfig
	Logger    *zap.Logger
	AWSConfig aws.Config `optional:"true"`
	// KMS is an optional override for the KMS client. When nil the server
	// uses kms.NewFromConfig(AWSConfig). Tests supply a fake here.
	KMS stdtemporalcodec.KMS `optional:"true"`
}

ServerParams holds the dependencies for ProvideServer.

type ServerResult 

type ServerResult struct {
	fx.Out

	// Handler is the codec server handler, exposing POST /encode and
	// POST /decode (suffix-matched so it can be mounted anywhere).
	Handler http.Handler `name:"codec"`
}

ServerResult holds the values provided by ProvideServer.

func NewServer 

func NewServer(par ServerParams) (ServerResult, error)

NewServer constructs the codec server handler.

Source Files

View all Source files

Directories

Path Synopsis
Package stdtemporalcodec implements a Temporal converter.PayloadCodec that encrypts payloads using AWS KMS envelope encryption, together with an HTTP handler that exposes the codec over Temporal's remote codec contract.
 Package stdtemporalcodec implements a Temporal converter.PayloadCodec that encrypts payloads using AWS KMS envelope encryption, together with an HTTP handler that exposes the codec over Temporal's remote codec contract.
stdtemporalcodectest
Package stdtemporalcodectest provides test doubles for the stdtemporalcodec package.
 Package stdtemporalcodectest provides test doubles for the stdtemporalcodec package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.