config

package
v0.2509.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 28, 2025 License: Apache-2.0 Imports: 9 Imported by: 3

Documentation

Overview

Package config implements global configuration options.

Index

Constants

View Source 
const (
	// RuntimesDir is the name of the directory located inside the node's data
	// directory which contains the per-runtime state.
	RuntimesDir = "runtimes"
)

Variables

This section is empty.

Functions

func EnsureRuntimeStateDir added in v0.2502.0 

func EnsureRuntimeStateDir(dataDir string, runtimeID common.Namespace) (string, error)

EnsureRuntimeStateDir ensures a specific per-runtime directory exists and returns its full path.

func GetRuntimeStateDir added in v0.2502.0 

func GetRuntimeStateDir(dataDir string, runtimeID common.Namespace) string

GetRuntimeStateDir derives the path to the runtime state directory.

Types

type ComponentConfig added in v0.2400.0 

type ComponentConfig struct {
	// ID is the component identifier.
	ID component.ID `yaml:"id"`

	// TEE specifies the kind of Trusted Execution Environment (TEE)
	// in which the component should run (none, sgx, tdx).
	//
	// If not provided, the TEE kind is selected automatically.
	TEE TEESelectMode `yaml:"tee,omitempty"`

	// Disabled specifies whether the component is disabled. If a component is specified and not
	// disabled, it is enabled.
	Disabled bool `yaml:"disabled,omitempty"`

	// Networking contains the networking configuration for a component.
	Networking NetworkingConfig `yaml:"networking,omitempty"`

	// Permissions is the list of permissions for this component.
	Permissions []ComponentPermission `yaml:"permissions,omitempty"`

	// Config contains component local configuration.
	Config map[string]any `yaml:"config,omitempty"`
}

ComponentConfig is the component configuration.

func (*ComponentConfig) HasPermission added in v0.2502.0 

func (c *ComponentConfig) HasPermission(perm ComponentPermission) bool

HasPermission returns true iff the component has a given permission configured.

func (*ComponentConfig) TEEKind added in v0.2500.0 

func (c *ComponentConfig) TEEKind() (component.TEEKind, bool)

TEEKind returns the kind of Trusted Execution Environment (TEE) in which the component should run, if it is specified.

func (*ComponentConfig) UnmarshalYAML added in v0.2400.0 

func (c *ComponentConfig) UnmarshalYAML(value *yaml.Node) error

UnmarshalYAML implements yaml.Unmarshaler.

func (*ComponentConfig) Validate added in v0.2500.0 

func (c *ComponentConfig) Validate() error

Validate validates the component configuration.

type ComponentPermission added in v0.2502.0 

type ComponentPermission string

ComponentPermission represents a permission given to a component. 

const (
	// PermissionBundleAdd is the permission that grants the component rights to provision other
	// bundles.
	PermissionBundleAdd ComponentPermission = "bundle_add"

	// PermissionBundleRemove is the permission that grants the component rights to remove other
	// bundles that were previously added by it (e.g. it cannot remove unrelated bundles).
	PermissionBundleRemove ComponentPermission = "bundle_remove"

	// PermissionVolumeAdd is the permission that grants the component rights to add volumes.
	PermissionVolumeAdd ComponentPermission = "volume_add"

	// PermissionVolumeRemove is the permission that grants the component rights to remove volumes.
	PermissionVolumeRemove ComponentPermission = "volume_remove"

	// PermissionLogView is the permission that grants the component rights to view logs.
	PermissionLogView ComponentPermission = "log_view"
)

type Config 

type Config struct {
	// Runtimes is the list of runtimes to configure.
	Runtimes []RuntimeConfig `yaml:"runtimes,omitempty"`

	// Paths to runtime bundles.
	Paths []string `yaml:"paths,omitempty"`

	// Runtime provisioner to use (mock, unconfined, sandboxed).
	Provisioner RuntimeProvisioner `yaml:"provisioner"`

	// Path to the sandbox binary (bubblewrap).
	SandboxBinary string `yaml:"sandbox_binary,omitempty"`

	// Path to SGX runtime loader binary (for SGX runtimes).
	// NOTE: This may go away in the future, use `SGX.Loader` instead.
	SGXLoader string `yaml:"sgx_loader,omitempty"`

	// The runtime environment (sgx, elf, auto).
	// NOTE: This may go away in the future, use `DebugMockTEE` instead.
	Environment RuntimeEnvironment `yaml:"environment,omitempty"`

	// History pruner configuration.
	Prune PruneConfig `yaml:"prune,omitempty"`

	// Indexer is history indexer configuration.
	Indexer IndexerConfig `yaml:"indexer,omitempty"`

	// RuntimeConfig maps runtime IDs to their respective local configurations.
	// NOTE: This may go away in the future, use `RuntimeConfig.Config` instead.
	RuntimeConfig map[string]map[string]any `yaml:"config,omitempty"`

	// Address(es) of sentry node(s) to connect to of the form [PubKey@]ip:port
	// (where the PubKey@ part represents base64 encoded node TLS public key).
	SentryAddresses []string `yaml:"sentry_addresses,omitempty"`

	// Transaction pool configuration.
	TxPool tpConfig.Config `yaml:"tx_pool,omitempty"`

	// Number of epochs before runtime activation epoch when to start the runtime to warm it up and
	// prepare any required attestations. Zero disables pre-warming.
	PreWarmEpochs uint64 `yaml:"pre_warm_epochs,omitempty"`

	// AttestInterval is the interval for periodic runtime re-attestation. If not specified
	// a default will be used.
	AttestInterval time.Duration `yaml:"attest_interval,omitempty"`

	// LoadBalancer is the load balancer configuration.
	LoadBalancer LoadBalancerConfig `yaml:"load_balancer,omitempty"`

	// Registries is the list of base URLs used to fetch runtime bundle metadata.
	//
	// The actual metadata URLs are constructed by appending the manifest hash
	// to the base URL. Therefore, the provided URLs don't need to be valid
	// endpoints themselves, only the constructed URLs need to be valid.
	Registries []string `yaml:"registries,omitempty"`

	// MaxBundleSize is the maximum allowed bundle size.
	//
	// If not specified, a default value is used.
	MaxBundleSize string `yaml:"max_bundle_size,omitempty"`

	// DebugMockTEE enables mocking of the Trusted Execution Environment (TEE).
	//
	// This flag can only be used if the DebugDontBlameOasis flag is set.
	DebugMockTEE bool `yaml:"debug_mock_tee,omitempty"`

	// SGX is configuration specific to Intel SGX.
	SGX SgxConfig `yaml:"sgx,omitempty"`

	// TDX is configuration specific to Intel TDX.
	TDX TdxConfig `yaml:"tdx,omitempty"`

	// Log is the runtime log config.
	Log LogConfig `yaml:"log,omitempty"`
}

Config is the runtime registry configuration structure.

func DefaultConfig 

func DefaultConfig() Config

DefaultConfig returns the default configuration settings.

func (*Config) GetComponent added in v0.2400.0 

func (c *Config) GetComponent(runtimeID common.Namespace, compID component.ID) (ComponentConfig, bool)

GetComponent returns the configuration for the given component of the specified runtime, if it exists.

func (*Config) GetLocalConfig added in v0.2500.0 

func (c *Config) GetLocalConfig(runtimeID common.Namespace) map[string]any

GetLocalConfig returns the local configuration for the given runtime, if it exists.

func (*Config) Validate 

func (c *Config) Validate() error

Validate validates the configuration settings.

type IncomingNetworkingConfig added in v0.2501.0 

type IncomingNetworkingConfig struct {
	// IP is the host IP address to expose to the component.
	IP string `yaml:"ip,omitempty"`
	// Protocol is the optional protocol to expose to the component.
	Protocol string `yaml:"protocol,omitempty"`
	// SrcPort is the source port (on the host).
	SrcPort uint16 `yaml:"src_port"`
	// DstPort is the optional destination port (in the component).
	DstPort uint16 `yaml:"dst_port,omitempty"`
}

IncomingNetworkingConfig describes an IP/port to expose to the component from the host.

type IndexerConfig added in v0.2501.0 

type IndexerConfig struct {
	// BatchSize is max number of blocks committed in a batch during history reindex.
	//
	// Setting it to zero uses the default batch size.
	BatchSize uint16 `yaml:"batch_size,omitempty"`
}

IndexerConfig is history indexer configuration.

type LoadBalancerConfig added in v0.2400.0 

type LoadBalancerConfig struct {
	// NumInstances is the number of runtime instances to provision for load-balancing.
	//
	// Setting it to zero or one disables load balancing.
	NumInstances uint64 `yaml:"num_instances,omitempty"`
}

LoadBalancerConfig is the load balancer configuration.

type LogConfig added in v0.2504.0 

type LogConfig struct {
	// MaxLogSize is the maximum log size in bytes.
	MaxLogSize int `yaml:"max_log_size,omitempty"`
}

LogConfig is the runtime log configuration.

func (*LogConfig) Validate added in v0.2504.0 

func (l *LogConfig) Validate() error

Validate validates the log configuration for correctness.

type NetworkingConfig added in v0.2501.0 

type NetworkingConfig struct {
	// Incoming is a list of IPs/ports to expose to the component from the host.
	Incoming []IncomingNetworkingConfig `yaml:"incoming,omitempty"`
}

NetworkingConfig is the networking configuration.

type PruneConfig 

type PruneConfig struct {
	// History pruner strategy.
	Strategy string `yaml:"strategy"`
	// History pruning interval.
	Interval time.Duration `yaml:"interval"`
	// Number of last rounds to keep.
	NumKept uint64 `yaml:"num_kept"`
}

PruneConfig is the history pruner configuration structure.

type RuntimeConfig added in v0.2500.0 

type RuntimeConfig struct {
	// ID is the runtime identifier.
	ID common.Namespace `yaml:"id"`

	// Components is the list of components to configure.
	Components []ComponentConfig `yaml:"components,omitempty"`

	// Config contains runtime local configuration.
	// NOTE: This may go away in the future, use `Components.Config` instead.
	Config map[string]any `yaml:"config,omitempty"`

	// Registries is the list of base URLs used to fetch runtime bundle metadata.
	//
	// The actual metadata URLs are constructed by appending the manifest hash
	// to the base URL. Therefore, the provided URLs don't need to be valid
	// endpoints themselves, only the constructed URLs need to be valid.
	Registries []string `yaml:"registries,omitempty"`
}

RuntimeConfig is the runtime configuration.

func (*RuntimeConfig) Validate added in v0.2500.0 

func (c *RuntimeConfig) Validate() error

Validate validates the runtime configuration.

type RuntimeEnvironment 

type RuntimeEnvironment string

RuntimeEnvironment is the runtime environment. 

const (
	// RuntimeEnvironmentSGX specifies to run the runtime in SGX.
	RuntimeEnvironmentSGX RuntimeEnvironment = "sgx"

	// RuntimeEnvironmentSGXMock specifies to run the runtime in mocked SGX.
	//
	// Use of this runtime environment is only allowed if DebugDontBlameOasis flag is set.
	RuntimeEnvironmentSGXMock RuntimeEnvironment = "sgx-mock"

	// RuntimeEnvironmentAuto specifies to run the runtime in the most appropriate location.
	RuntimeEnvironmentAuto RuntimeEnvironment = "auto"
)

type RuntimeProvisioner 

type RuntimeProvisioner string

RuntimeProvisioner is the runtime provisioner. 

const (
	// RuntimeProvisionerMock is the name of the mock runtime provisioner.
	//
	// Use of this provisioner is only allowed if DebugDontBlameOasis flag is set.
	RuntimeProvisionerMock RuntimeProvisioner = "mock"

	// RuntimeProvisionerUnconfined is the name of the unconfined runtime
	// provisioner that executes runtimes as regular processes without any
	// sandboxing.
	//
	// Use of this provisioner is only allowed if DebugDontBlameOasis flag is set.
	RuntimeProvisionerUnconfined RuntimeProvisioner = "unconfined"

	// RuntimeProvisionerSandboxed is the name of the sandboxed runtime
	// provisioner that executes runtimes as regular processes in a Linux
	// namespaces/cgroups/SECCOMP sandbox.
	RuntimeProvisionerSandboxed RuntimeProvisioner = "sandboxed"
)

func (*RuntimeProvisioner) UnmarshalText 

func (m *RuntimeProvisioner) UnmarshalText(text []byte) error

UnmarshalText decodes a text marshaled runtime provisioner.

type SgxConfig added in v0.2502.0 

type SgxConfig struct {
	// Loader is the path to the SGX runtime loader binary.
	Loader string `yaml:"loader,omitempty"`
}

SgxConfig is configuration specific to Intel SGX.

type TEESelectMode added in v0.2500.0 

type TEESelectMode string

TEESelectMode is the selection mode for the Trusted Execution Environment (TEE). 

const (
	// TEESelectModeAuto specifies that the runtime should run in the most appropriate TEE.
	TEESelectModeAuto TEESelectMode = ""

	// TEESelectModeNone specifies that the runtime should run without using any TEE.
	TEESelectModeNone TEESelectMode = "none"

	// TEESelectModeSGX specifies that the runtime should run in an SGX environment.
	TEESelectModeSGX TEESelectMode = "sgx"

	// TEESelectModeTDX specifies that the runtime should run in a TDX environment.
	TEESelectModeTDX TEESelectMode = "tdx"
)

type TdxConfig added in v0.2502.0 

type TdxConfig struct {
	// CidStart is the start of the CID range allocated to VMs.
	CidStart uint32 `yaml:"cid_start,omitempty"`
	// CidCount is the number of CIDs allocated to VMs.
	CidCount uint32 `yaml:"cid_count,omitempty"`
}

TdxConfig is configuration specific to Intel TDX.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.