Documentation
¶
Index ¶
- Constants
- Variables
- func GetAppUrl(appPathDomain AppPathDomain, serverConfig *ServerConfig) string
- func GetCommit() string
- func GetHTTPHeader(header http.Header, key string) string
- func GetVersion() string
- func Int64ToInt32(v int64) (int32, error)
- func RegexMatch(perm, entry string) (bool, error)
- func RollingFileLogger(config *LogConfig, logType string) io.Writer
- func StripQuotes(s string) string
- type AccountLink
- type ActionConfig
- type AppApplyResponse
- type AppApplyResult
- type AppApproveResponse
- type AppAuthnType
- type AppBuilderConfig
- type AppConfig
- type AppCreateResponse
- type AppDeleteResponse
- type AppEntry
- type AppExportResponse
- type AppFile
- type AppGetResponse
- type AppId
- type AppInfo
- type AppLinkAccountResponse
- type AppListResponse
- type AppMetadata
- type AppMetadataConfigType
- type AppPathDomain
- type AppPreviewResponse
- type AppPromoteResponse
- type AppReloadOption
- type AppReloadResponse
- type AppReloadResult
- type AppResponse
- type AppSettings
- type AppSpec
- type AppStagedUpdateResponse
- type AppToken
- type AppUpdateMessage
- type AppUpdateMetadataResponse
- type AppUpdatePayload
- type AppUpdateSettingsResponse
- type AppVersion
- type AppVersionFilesResponse
- type AppVersionListResponse
- type AppVersionSwitchResponse
- type ApproveResult
- type Audit
- type AuditEvent
- type AuthConfig
- type AuthorizerFunc
- type Binding
- type BindingGrant
- type BindingMetadata
- type BoolValue
- type BuilderActivity
- type BuilderAgentConfig
- type BuilderConfig
- type BuilderGitConfig
- type BuilderPromptConfig
- type BuilderPublishConfig
- type BuilderSession
- type BuilderSessionStatus
- type CORS
- type ClientCertConfig
- type ClientConfig
- type ClientConfigStruct
- type ConfigDraft
- type ConfigHistoryEntry
- type ConfigResponse
- type ConfigUpdateMessage
- type ConfigUpdatePayload
- type Container
- type ContextKey
- type CreateAppRequest
- type CreateBindingRequest
- type CreateSecretRequest
- type CustomPermsFunc
- type DryRun
- type DynamicConfig
- type EventStatus
- type EventType
- type ExportOptions
- type FS
- type ForwardConfig
- type GitAuthEntry
- type GlobalConfig
- type GrantType
- type HttpConfig
- type HttpsConfig
- type JSLibrary
- type Kubernetes
- type KubernetesConfig
- type LibraryType
- type LogConfig
- type Logger
- type MetadataConfig
- type NodeConfig
- type NotificationMessage
- type Permission
- type PermissionsConfig
- type PluginContext
- type PluginSettings
- type Proxy
- type RBACConfig
- type RBACGrant
- type RBACPermission
- type RBACPermissionGroup
- type RegistryConfig
- type RequestError
- type RunBindingCommandRequest
- type SAMLConfig
- type SecretConfig
- type SecretCreateResponse
- type SecretDeleteResponse
- type SecretEntry
- type SecretGetResponse
- type SecretInfo
- type SecretListResponse
- type SecretMetadata
- type SecretRekeyResponse
- type Security
- type SecurityConfig
- type ServerConfig
- type ServerId
- type Service
- type SpecFiles
- type StringValue
- type StyleType
- type SyncCreateResponse
- type SyncDeleteResponse
- type SyncEntry
- type SyncJobStatus
- type SyncListResponse
- type SyncMetadata
- type SystemConfig
- type TelemetryConfig
- type TokenCreateResponse
- type TokenDeleteResponse
- type TokenListResponse
- type Transaction
- type UpdateAppMetadataRequest
- type UpdateAppRequest
- type UpdateBindingRequest
- type UserFile
- type VersionMetadata
- type WebhookTokens
- type WebhookType
Constants ¶
const ( ExportRefDefault = "default" // reference the target instance's default entry ExportRefExact = "exact" // reference the exact entry name from this instance )
Export reference modes, controlling how server-level config references (service names, git auth entries) are written in the exported config
const ( OPENRUN_HOME = "OPENRUN_HOME" ID_PREFIX_APP_PROD = "app_prd_" ID_PREFIX_APP_DEV = "app_dev_" ID_PREFIX_APP_STAGE = "app_stg_" ID_PREFIX_APP_PREVIEW = "app_pre_" ID_PREFIX_SERVICE = "srv_" ID_PREFIX_BINDING = "bnd_" ID_PREFIX_SERVER = "srv_id_" ID_PREFIX_BUILDER_SES = "bld_ses_" ID_PREFIX_BUILDER_ACT = "bld_act_" INTERNAL_URL_PREFIX = "/_openrun" WEBHOOK_URL_PREFIX = "/_openrun_webhook" APP_INTERNAL_URL_PREFIX = "/_openrun_app" INTERNAL_APP_DELIM = "_cl_" STAGE_SUFFIX = INTERNAL_APP_DELIM + "stage" PREVIEW_SUFFIX = INTERNAL_APP_DELIM + "preview" NO_SOURCE = "-" // No source url is provided )
const ( TL_CONTEXT = "TL_context" TL_DEFER_MAP = "TL_defer_map" TL_CURRENT_MODULE_FULL_PATH = "TL_current_module_full_path" TL_PLUGIN_API_FAILED_ERROR = "TL_plugin_api_failed_error" TL_CONTAINER_URL = "TL_container_url" TL_AUDIT_OPERATION = "TL_audit_operation" TL_AUDIT_TARGET = "TL_audit_target" TL_AUDIT_DETAIL = "TL_audit_detail" TL_CONTAINER_HANDLER = "TL_container_handler" TL_BRANCH = "TL_branch" TL_DEV = "TL_dev" TL_APP_URL = "TL_app_url" )
const ( CONTAINER_SOURCE_AUTO = "auto" CONTAINER_SOURCE_NIXPACKS = "nixpacks" CONTAINER_SOURCE_IMAGE_PREFIX = "image:" CONTAINER_LIFETIME_COMMAND = "command" CONTAINER_KUBERNETES = "kubernetes" )
const ( ANONYMOUS_USER = "anonymous" ADMIN_USER = "admin" AUTH_MODIFIER_DELIMITER string = "+" )
const ( BuilderGitDefaultBranch = "main" BuilderGitDefaultAppsFile = "apps.star" BuilderGitDefaultSourceDir = "apps" )
Defaults applied to empty [builder_git.*] entry fields
const ( TailwindVersionLegacy = 3 TailwindVersionCurrent = 4 TailwindVersionDefault = TailwindVersionCurrent TailwindVersionMin = TailwindVersionLegacy )
const ( LIB_PATH = "static/gen/lib" ESM_PATH = "static/gen/esm" )
const ( SAML_SESSION_KV_PREFIX = "saml_session:" OAUTH_SESSION_KV_PREFIX = "oauth_session:" HTTP_SESSION_KV_PREFIX = "http_session:" CONSTANT_KV_PREFIX = "constant:" COOKIE_SESSION_SECRET_KV = "cookie_session_secret" COOKIE_SESSION_BLOCK_KEY_KV = "cookie_session_block_key" OPENRUN_COOKIE_MARKER = "_openrun_" GOTHIC_SESSION_COOKIE = "_gothic_session" OAUTH_SESSION_COOKIE = "openrun_session" SAML_SESSION_COOKIE = "openrun_saml_session" )
const ( // OpenRun headers are used to pass information to the downstream service OPENRUN_HEADER_PREFIX = "X-Openrun-" OPENRUN_HEADER_USER = OPENRUN_HEADER_PREFIX + "User" OPENRUN_HEADER_USER_STRIPPED = OPENRUN_HEADER_PREFIX + "User-Stripped" // the user ID stripped of the provider prefix OPENRUN_HEADER_USER_ID = OPENRUN_HEADER_PREFIX + "User-Id" OPENRUN_HEADER_USER_EMAIL = OPENRUN_HEADER_PREFIX + "User-Email" OPENRUN_HEADER_PERMS = OPENRUN_HEADER_PREFIX + "Perms" OPENRUN_HEADER_APP_RBAC_ENABLED = OPENRUN_HEADER_PREFIX + "Rbac-Enabled" )
const (
GrantTargetAll = "*"
)
const MessageTypeAppUpdate = "app_update"
const MessageTypeConfigUpdate = "config_update"
const REGEX_PREFIX = "regex:"
Variables ¶
var ErrSecretExists = errors.New("secret already exists")
ErrSecretExists is returned when a secret with the given name already exists
var ErrSecretNotFound = errors.New("secret not found")
ErrSecretNotFound is returned when a secret with the given name does not exist
var RBACPermissionGroups = []RBACPermissionGroup{ {Resource: "app", Permissions: []RBACPermission{ PermissionAccess, PermissionRead, PermissionCreate, PermissionUpdate, PermissionReload, PermissionApply, PermissionDelete, PermissionApprove, PermissionPromote, PermissionPreview, PermissionTokenRead, PermissionTokenManage, PermissionAppAdmin}}, {Resource: "sync", Permissions: []RBACPermission{ PermissionSyncCreate, PermissionSyncRun, PermissionSyncDelete, PermissionSyncRead}}, {Resource: "service", Permissions: []RBACPermission{ PermissionServiceCreate, PermissionServiceUpdate, PermissionServiceDelete, PermissionServiceRead}}, {Resource: "binding", Permissions: []RBACPermission{ PermissionBindingCreate, PermissionBindingUpdate, PermissionBindingDelete, PermissionBindingRead, PermissionBindingRunCommand}}, {Resource: "container", Permissions: []RBACPermission{ PermissionContainerRead, PermissionContainerManage}}, {Resource: "config", Permissions: []RBACPermission{ PermissionConfigRead, PermissionConfigUpdate}}, {Resource: "secret", Permissions: []RBACPermission{ PermissionSecretCreate, PermissionSecretRead, PermissionSecretDelete, PermissionSecretReveal}}, {Resource: "builder", Permissions: []RBACPermission{ PermissionBuilderList, PermissionBuilderRead, PermissionBuilderCreate, PermissionBuilderPublish}}, {Resource: "server", Permissions: []RBACPermission{PermissionServerStop}}, {Resource: "audit", Permissions: []RBACPermission{PermissionAuditRead}}, }
RBACPermissionGroups is the canonical list of all RBAC permissions, grouped by resource type. UIs read this through the list_rbac_permissions plugin API; keep it in sync with the permission constants above
Functions ¶
func GetAppUrl ¶ added in v0.14.8
func GetAppUrl(appPathDomain AppPathDomain, serverConfig *ServerConfig) string
func GetHTTPHeader ¶
GetHTTPHeader returns the first value of the header with the given key. The key has to be a HTTP Canonical Header Key (case is important)
func GetVersion ¶ added in v0.16.9
func GetVersion() string
func Int64ToInt32 ¶ added in v0.16.24
Int64ToInt32 converts an int64 to an int32, returning an error if the value is out of range
func RegexMatch ¶
func StripQuotes ¶
Types ¶
type AccountLink ¶
AccountLink links the account to use for each plugin
type ActionConfig ¶ added in v0.17.1
type ActionConfig struct {
MaxRequestBodyBytes int64 `toml:"max_request_body_bytes"`
}
type AppApplyResponse ¶
type AppApplyResponse struct {
DryRun bool `json:"dry_run"`
CommitId string `json:"commit_id"`
SkippedApply bool `json:"skipped_apply"`
CreateResults []AppCreateResponse `json:"create_results"`
UpdateResults []AppPathDomain `json:"update_results"`
ApproveResults []ApproveResult `json:"approve_results"`
PromoteResults []AppPathDomain `json:"promote_results"`
ReloadResults []AppPathDomain `json:"reload_results"`
SkippedResults []AppPathDomain `json:"skipped_results"`
FilteredApps []AppPathDomain `json:"filtered_apps"`
CreateBindingResults []string `json:"create_binding_results"`
UpdateBindingResults []string `json:"update_binding_results"`
PromoteBindingResults []string `json:"promote_binding_results"`
}
type AppApplyResult ¶
type AppApplyResult struct {
DryRun bool `json:"dry_run"`
CreateResult AppCreateResponse `json:"create_result"`
ApproveResult *ApproveResult `json:"approve_result"`
Updated []AppPathDomain `json:"updated"`
Reloaded []AppPathDomain `json:"reloaded"`
Skipped []AppPathDomain `json:"skipped"`
Promoted bool `json:"promoted"`
}
type AppApproveResponse ¶
type AppApproveResponse struct {
DryRun bool `json:"dry_run"`
StagedUpdateResults []ApproveResult `json:"staged_update_results"`
PromoteResults []AppPathDomain `json:"promote_results"`
}
type AppAuthnType ¶
type AppAuthnType string
AppAuthnType is the app level authentication type
const ( AppAuthnNone AppAuthnType = "none" // No auth AppAuthnDefault AppAuthnType = "default" // Use whatever auth is the default for the system AppAuthnSystem AppAuthnType = "system" // Use the system admin user )
type AppBuilderConfig ¶ added in v0.18.6
type AppBuilderConfig struct {
Enabled bool `toml:"enabled"`
PreviewPath string `toml:"preview_path"` // mount prefix for draft preview apps
DefaultAgent string `toml:"default_agent"`
MaxSessions int `toml:"max_sessions"`
SessionIdleMins int `toml:"session_idle_mins"`
WorkspaceDir string `toml:"workspace_dir"` // default $OPENRUN_HOME/run/builder
SystemPrompt string `toml:"system_prompt"` // replaces the embedded base prompt when set
PromptExtra string `toml:"prompt_extra"` // admin text appended to the system prompt
// DefaultGitConfig names the [builder_git.*] entry used when the
// session's prompt preset does not pick one. Empty (and no preset
// choice) selects local publish mode ($OPENRUN_HOME/app_src)
DefaultGitConfig string `toml:"default_git_config"`
}
AppBuilderConfig configures the AI app builder (console Builder tab). Not supported when the container backend is Kubernetes: the agent sandbox needs a local docker/podman runtime with host directory volume mounts
type AppConfig ¶
type AppConfig struct {
CORS CORS `toml:"cors"`
Action ActionConfig `toml:"action"`
Container Container `toml:"container"`
Kubernetes Kubernetes `toml:"kubernetes"`
Proxy Proxy `toml:"proxy"`
FS FS `toml:"fs"`
Audit Audit `toml:"audit"`
Security Security `toml:"security"`
StarBase string `toml:"star_base"` // The base directory for starlark config files
}
type AppCreateResponse ¶
type AppCreateResponse struct {
AppPathDomain AppPathDomain `json:"app_path_domain"`
DryRun bool `json:"dry_run"`
HttpUrl string `json:"http_url"`
HttpsUrl string `json:"https_url"`
ApproveResults []ApproveResult `json:"approve_results"`
OrigSourceUrl string `json:"orig_source_url"`
SourceUrl string `json:"source_url"`
}
type AppDeleteResponse ¶
type AppEntry ¶
type AppEntry struct {
Id AppId `json:"id"`
Path string `json:"path"`
Domain string `json:"domain"`
MainApp AppId `json:"main_app"` // the id of the app that this app is linked to
LinkedAppPath string `json:"linked_app_path"` // the path of the app that this app is linked to
// for main app, points to the stage app. For stage app, points to the main app.
// For preview apps, points to the base app. Not set for dev apps.
SourceUrl string `json:"source_url"`
IsDev bool `json:"is_dev"`
UserID string `json:"user_id"`
CreateTime *time.Time `json:"create_time"`
UpdateTime *time.Time `json:"update_time"`
Settings AppSettings `json:"settings"` // settings are not version controlled
Metadata AppMetadata `json:"metadata"` // metadata is version controlled
}
AppEntry is the application configuration in the DB
func (*AppEntry) AppPathDomain ¶
func (ae *AppEntry) AppPathDomain() AppPathDomain
type AppExportResponse ¶ added in v0.18.6
type AppExportResponse struct {
Config string `json:"config"`
}
AppExportResponse is the response for the export and pretty-print APIs
type AppGetResponse ¶
type AppGetResponse struct {
AppEntry AppEntry `json:"app_entry"`
}
type AppInfo ¶
type AppInfo struct {
AppPathDomain
Name string
Id AppId
IsDev bool
MainApp AppId
LinkedAppPath string
Auth AppAuthnType
SourceUrl string
Spec AppSpec
Version int
GitSha string
GitMessage string
Branch string
StarBase string
UpdateTime time.Time
RetainVersions int
AppliedSyncId string
UserID string // user who created the app, used for RBAC owner checks
}
AppInfo is the basic info for an app
func CreateAppInfo ¶
type AppLinkAccountResponse ¶
type AppLinkAccountResponse struct {
DryRun bool `json:"dry_run"`
StagedUpdateResults []AppPathDomain `json:"staged_update_results"`
PromoteResults []AppPathDomain `json:"promote_results"`
}
type AppListResponse ¶
type AppListResponse struct {
Apps []AppResponse `json:"apps"`
}
type AppMetadata ¶
type AppMetadata struct {
Name string `json:"name"`
VersionMetadata VersionMetadata `json:"version_metadata"`
Loads []string `json:"loads"`
Permissions []Permission `json:"permissions"`
Accounts []AccountLink `json:"accounts"`
BindingSourcePerms []string `json:"binding_source_perms"` // the binding source permissions that are requested for the app
ApprovedBindingSourcePerms []string `json:"approved_binding_source_perms"` // the binding source permissions that are approved for the app
ParamValues map[string]string `json:"param_values"`
Spec AppSpec `json:"spec"`
SpecFiles *SpecFiles `json:"spec_files"`
ContainerOptions map[string]string `json:"container_options"`
ContainerArgs map[string]string `json:"container_args"`
ContainerVolumes []string `json:"container_volumes"`
AppConfig map[string]string `json:"appconfig"`
AuthnType AppAuthnType `json:"authn_type"`
GitAuthName string `json:"git_auth_name"`
Bindings []string `json:"bindings"`
AppliedSyncId string `json:"applied_sync_id"` // id of the sync entry which last applied to this app, empty for imperative changes
}
AppMetadata contains the configuration for an app. App configurations are version controlled.
type AppMetadataConfigType ¶
type AppMetadataConfigType string
const ( AppMetadataAppConfig AppMetadataConfigType = "app_config" AppMetadataContainerOptions AppMetadataConfigType = "container_options" AppMetadataContainerArgs AppMetadataConfigType = "container_args" AppMetadataContainerVolumes AppMetadataConfigType = "container_volumes" AppMetadataAuthnType AppMetadataConfigType = "auth" AppMetadataGitAuthName AppMetadataConfigType = "git_auth" AppMetadataBindings AppMetadataConfigType = "bindings" AppMetadataBindingPerms AppMetadataConfigType = "bind_perm" )
type AppPathDomain ¶
AppPathDomain is a unique identifier for an app, consisting of the path and domain
func CreateAppPathDomain ¶
func CreateAppPathDomain(path, domain string) AppPathDomain
func (AppPathDomain) String ¶
func (a AppPathDomain) String() string
type AppPreviewResponse ¶
type AppPreviewResponse struct {
DryRun bool `json:"dry_run"`
HttpUrl string `json:"http_url"`
HttpsUrl string `json:"https_url"`
Success bool `json:"success"`
ApproveResult ApproveResult `json:"approve_result"`
}
type AppPromoteResponse ¶
type AppPromoteResponse struct {
DryRun bool `json:"dry_run"`
PromoteResults []AppPathDomain `json:"promote_results"`
}
type AppReloadOption ¶
type AppReloadOption string
const ( AppReloadOptionNone AppReloadOption = "none" AppReloadOptionUpdated AppReloadOption = "updated" AppReloadOptionMatched AppReloadOption = "matched" )
type AppReloadResponse ¶
type AppReloadResponse struct {
DryRun bool `json:"dry_run"`
ReloadResults []AppPathDomain `json:"reload_results"`
ApproveResults []ApproveResult `json:"approve_results"`
PromoteResults []AppPathDomain `json:"promote_results"`
SkippedResults []AppPathDomain `json:"skipped_results"`
}
type AppReloadResult ¶
type AppReloadResult struct {
DryRun bool `json:"dry_run"`
ReloadResults []AppPathDomain `json:"reload_results"`
ApproveResult *ApproveResult `json:"approve_result"`
PromoteResults []AppPathDomain `json:"promote_results"`
SkippedResults []AppPathDomain `json:"skipped_results"`
}
type AppResponse ¶
type AppSettings ¶
type AppSettings struct {
//Deprecated: use AppMetadata.AuthnType instead
AuthnType AppAuthnType `json:"authn_type"`
//Deprecated: use AppMetadata.GitAuthName instead
GitAuthName string `json:"git_auth_name"`
StageWriteAccess bool `json:"stage_write_access"`
PreviewWriteAccess bool `json:"preview_write_access"`
WebhookTokens WebhookTokens `json:"webhook_tokens"`
OrigSourceUrl string `json:"orig_source_url"` // the original source url of the app, used for git create in dev mode
}
AppSettings contains the settings for an app. Settings are not version controlled.
type AppStagedUpdateResponse ¶
type AppStagedUpdateResponse struct {
DryRun bool `json:"dry_run"`
StagedUpdateResults any `json:"staged_update_results"`
PromoteResults []AppPathDomain `json:"promote_results"`
}
type AppToken ¶
type AppToken struct {
Type WebhookType `json:"type"`
Url string `json:"url"`
Token string `json:"token"`
}
type AppUpdateMessage ¶
type AppUpdateMessage struct {
MessageType string `json:"message_type"`
Payload AppUpdatePayload `json:"payload"`
}
type AppUpdateMetadataResponse ¶
type AppUpdateMetadataResponse struct {
DryRun bool `json:"dry_run"`
StagedUpdateResults []AppPathDomain `json:"staged_update_results"`
PromoteResults []AppPathDomain `json:"promote_results"`
}
type AppUpdatePayload ¶
type AppUpdatePayload struct {
AppPathDomains []AppPathDomain `json:"app_path_domains"`
ServerId ServerId `json:"server_id"`
}
type AppUpdateSettingsResponse ¶
type AppUpdateSettingsResponse struct {
DryRun bool `json:"dry_run"`
UpdateResults []AppPathDomain `json:"update_results"`
}
type AppVersion ¶
type AppVersionFilesResponse ¶
type AppVersionFilesResponse struct {
Files []AppFile `json:"files"`
}
type AppVersionListResponse ¶
type AppVersionListResponse struct {
Versions []AppVersion `json:"versions"`
}
type ApproveResult ¶
type ApproveResult struct {
Id AppId `json:"id"`
AppPathDomain AppPathDomain `json:"app_path_domain"`
NewLoads []string `json:"new_loads"`
NewPermissions []Permission `json:"new_permissions"`
ApprovedLoads []string `json:"approved_loads"`
ApprovedPermissions []Permission `json:"approved_permissions"`
NewBindingSourcePerms []string `json:"new_binding_source_perms"`
ApprovedBindingSourcePerms []string `json:"approved_binding_source_perms"`
NeedsApproval bool `json:"needs_approval"`
}
ApproveResult represents the result of an app approval audit
type AuditEvent ¶
type AuthConfig ¶
type AuthConfig struct {
Key string `toml:"key"` // the client id
Secret string `toml:"secret"` // the client secret
OrgUrl string `toml:"org_url"` // the org url, used for Okta
Domain string `toml:"domain"` // the domain, used for Auth0
DiscoveryUrl string `toml:"discovery_url"` // the discovery url, used for OIDC
HostedDomain string `toml:"hosted_domain"` // the hosted domain, used for Google
Scopes []string `toml:"scopes"` // oauth scopes
}
AuthConfig is the configuration for the Authentication provider
type AuthorizerFunc ¶ added in v0.15.1
type Binding ¶ added in v0.17.2
type Binding struct {
Id string `json:"id"` // the id of the binding
Path string `json:"path"` // the path of the binding
Source string `json:"source"` // service id, or the base binding path
ServiceType string `json:"service_type"` // the type of the service
ServiceName string `json:"service_name"` // the name of the service
ServiceIsDefault bool `json:"-"`
DerivedFrom string `json:"derived_from"` // the base binding path this is derived from
StagedMetadata BindingMetadata `json:"staged_metadata"`
Metadata BindingMetadata `json:"metadata"`
CreatedBy string `json:"created_by"` // user who created the binding
CreateTime time.Time `json:"create_time"`
UpdateTime time.Time `json:"update_time"`
}
Binding is a binding entry in the metadata database A binding is a link between a service and a source service
type BindingGrant ¶ added in v0.17.3
type BindingGrant struct {
GrantType GrantType `json:"grant_type"`
GrantTarget string `json:"grant_target"`
}
func ParseGrant ¶ added in v0.17.3
func ParseGrant(grant string, supportedGrantTypes []GrantType) (BindingGrant, error)
func (BindingGrant) String ¶ added in v0.17.3
func (g BindingGrant) String() string
type BindingMetadata ¶ added in v0.17.2
type BuilderActivity ¶ added in v0.18.6
type BuilderActivity struct {
Id string `json:"id"`
SessionId string `json:"session_id"`
UserID string `json:"user_id"`
CreateTime time.Time `json:"create_time"`
Kind string `json:"kind"` // prompt|agent_message|tool_call|lifecycle|approve|publish|unpublish|error
Content string `json:"content"`
Metadata map[string]any `json:"metadata,omitempty"`
}
BuilderActivity is one activity log row: prompts, agent messages, tool calls and lifecycle events for a builder session
type BuilderAgentConfig ¶ added in v0.18.6
type BuilderAgentConfig struct {
Type string `toml:"type"` // optional; must match the type inferred from the name
Dockerfile string `toml:"dockerfile"` // overrides the embedded Dockerfile
Command []string `toml:"command"` // overrides the embedded ACP command
Env map[string]string `toml:"env"` // container env, {{secret ...}} resolved at launch
ConfigFiles []string `toml:"config_files"` // host:container[:ro] mounts
Model string `toml:"model"` // model passed to the agent at session start (agent's naming)
Effort string `toml:"effort"` // reasoning effort level passed to the agent at session start
}
BuilderAgentConfig is one agent profile for the app builder. The agent type is inferred from the entry name, like auth entries: opencode, opencode_dev, pi, ... use the embedded Dockerfile and ACP launch command for their type; custom_<name> entries must set Dockerfile and Command. The command must speak the Agent Client Protocol on stdio
type BuilderConfig ¶ added in v0.15.20
type BuilderConfig struct {
Mode string `toml:"mode"` // "auto", "kaniko", "command", "delegate:<url>", "delegate_server"
KanikoImage string `toml:"kaniko_image"`
KanikoCache bool `toml:"kaniko_cache"` // enable kaniko layer caching in the registry
KanikoCacheRepo string `toml:"kaniko_cache_repo"` // cache repo, defaults to <registry_url>[/<project>]/kaniko-cache
}
type BuilderGitConfig ¶ added in v0.18.6
type BuilderGitConfig struct {
Repo string `toml:"repo"` // publish repo url
Branch string `toml:"branch"` // branch for publish commits
Auth string `toml:"auth"` // [git_auth.*] entry for the repo
AppsFile string `toml:"apps_file"` // declarative file, relative to repo root
SourceDir string `toml:"source_dir"` // repo directory for published app sources
}
BuilderGitConfig is one [builder_git.*] entry: a named git publish destination for builder apps. Empty branch/apps_file/source_dir default to main/apps.star/apps
type BuilderPromptConfig ¶ added in v0.18.6
type BuilderPromptConfig struct {
Prompt string `toml:"prompt"`
Replace bool `toml:"replace"` // replace the system prompt instead of appending to it
Description string `toml:"description"` // shown in the new-app form
GitConfig string `toml:"git_config"` // [builder_git.*] entry sessions created with this preset publish to; empty = builder default
}
BuilderPromptConfig is one [builder_prompt.*] entry: a named prompt preset the user can pick when creating a builder app. Replace controls whether the preset replaces the system prompt or is appended to it
type BuilderPublishConfig ¶ added in v0.18.6
type BuilderPublishConfig struct {
Path string `toml:"path"` // app path glob, e.g. /teams/* or example.com:/**
Description string `toml:"description"` // shown in the publish dialog: which RBAC rules apply
}
BuilderPublishConfig is one [builder_publish.*] entry: an app path glob users may publish builder apps to, with a description of the RBAC rules that apply there. No entries means any path is allowed (RBAC still gates)
type BuilderSession ¶ added in v0.18.6
type BuilderSession struct {
Id string `json:"id"`
UserID string `json:"user_id"`
Name string `json:"name"`
Spec string `json:"spec"`
Agent string `json:"agent"` // [builder_agent.*] profile name
Preset string `json:"preset"` // [builder_prompt.*] preset chosen at creation; decides the git destination
Status BuilderSessionStatus `json:"status"`
WorkspaceDir string `json:"workspace_dir"`
PreviewPath string `json:"preview_path"` // dev app path, once created
PublishPath string `json:"publish_path"` // once published
CreateTime time.Time `json:"create_time"`
UpdateTime time.Time `json:"update_time"`
}
BuilderSession is one app builder session (draft app + agent sandbox)
type BuilderSessionStatus ¶ added in v0.18.6
type BuilderSessionStatus string
BuilderSessionStatus is the lifecycle state of a builder session
const ( BuilderSessionStarting BuilderSessionStatus = "starting" // sandbox launching / first turn running BuilderSessionReady BuilderSessionStatus = "ready" // agent idle, sandbox live BuilderSessionRunning BuilderSessionStatus = "running" // prompt turn in flight BuilderSessionDetached BuilderSessionStatus = "detached" // sandbox stopped, workspace persists BuilderSessionPublished BuilderSessionStatus = "published" // published at least once BuilderSessionError BuilderSessionStatus = "error" // failed to start / load )
type ClientCertConfig ¶
type ClientConfig ¶
type ClientConfig struct {
GlobalConfig
Client ClientConfigStruct `toml:"client"`
}
ClientConfig is the configuration for the OpenRun Client
type ClientConfigStruct ¶
type ClientConfigStruct struct {
SkipCertCheck bool `toml:"skip_cert_check"`
AdminPassword string `toml:"admin_password"`
DefaultFormat string `toml:"default_format"` // the default format for the CLI output
}
ClientConfigStruct is the configuration for the OpenRun Client
type ConfigDraft ¶ added in v0.18.4
type ConfigDraft struct {
RBAC RBACConfig `json:"rbac"` // the draft RBAC section
BaseVersion string `json:"base_version"` // live config version the draft was forked from
DraftVersion string `json:"draft_version"` // bumped on every draft edit, CAS for edits/discard
CreatedBy string `json:"created_by"`
CreateTime time.Time `json:"create_time"`
UpdatedBy string `json:"updated_by"`
UpdateTime time.Time `json:"update_time"`
}
ConfigDraft is the staged dynamic config edit, stored separately from the versioned config so draft edits do not pollute the config history. Enforcement always reads the live config; the draft goes live on publish
type ConfigHistoryEntry ¶ added in v0.18.4
type ConfigHistoryEntry struct {
VersionId string `json:"version_id"`
UserId string `json:"user_id"`
UpdateTime time.Time `json:"update_time"`
}
ConfigHistoryEntry describes one snapshot in the dynamic config history
type ConfigResponse ¶ added in v0.14.10
type ConfigResponse struct {
DynamicConfig DynamicConfig `json:"dynamic_config"`
}
type ConfigUpdateMessage ¶ added in v0.15.0
type ConfigUpdateMessage struct {
MessageType string `json:"message_type"`
Payload ConfigUpdatePayload `json:"payload"`
}
type ConfigUpdatePayload ¶ added in v0.15.0
type ConfigUpdatePayload struct {
ServerId ServerId `json:"server_id"`
}
type Container ¶
type Container struct {
// Health check related config
HealthUrl string `toml:"health_url"`
HealthAttemptsAfterStartup int `toml:"health_attempts_after_startup"`
HealthTimeoutSecs int `toml:"health_timeout_secs"`
DeployProbePeriodSecs int `toml:"deploy_probe_period_secs"`
DeployHealthAttempts int `toml:"deploy_health_attempts"`
// Overrides Kubernetes progressDeadlineSeconds when >0. Keep 0 unless tests
// or operators deliberately want failed rollouts to be declared earlier.
DeployProgressDeadlineSecs int `toml:"deploy_progress_deadline_secs"`
LogLinesToShow int `toml:"log_lines_to_show"`
ShowLogsForFailure bool `toml:"show_logs_for_failure"`
// Idle shutdown related config
IdleShutdownSecs int `toml:"idle_shutdown_secs"`
IdleShutdownDevApps bool `toml:"idle_shutdown_dev_apps"`
IdleBytesHighWatermark int `toml:"idle_bytes_high_watermark"`
// Status check related config
StatusCheckIntervalSecs int `toml:"status_check_interval_secs"`
StatusHealthAttempts int `toml:"status_health_attempts"`
}
type ContextKey ¶
type ContextKey string
const ( USER_ID ContextKey = "user_id" USER_SUBJECT ContextKey = "user_subject" USER_EMAIL ContextKey = "user_email" SHARED ContextKey = "shared" REQUEST_ID ContextKey = "request_id" APP_ID ContextKey = "app_id" APP_PATH_DOMAIN ContextKey = "app_path_domain" APP_AUTH ContextKey = "app_auth" GROUPS ContextKey = "groups" RBAC_ENABLED ContextKey = "rbac_enabled" CUSTOM_PERMS ContextKey = "custom_perms" SYNC_ID ContextKey = "sync_id" // id of the sync entry driving the current apply APPLY_OPERATION ContextKey = "apply_operation" // set when the current operation is a declarative apply )
type CreateAppRequest ¶
type CreateAppRequest struct {
Path string `json:"path"`
SourceUrl string `json:"source_url"`
IsDev bool `json:"is_dev"`
AppAuthn AppAuthnType `json:"app_authn"`
GitBranch string `json:"git_branch"`
GitCommit string `json:"git_commit"`
GitAuthName string `json:"git_auth_name"`
Spec AppSpec `json:"spec"`
ParamValues map[string]string `json:"param_values"`
ContainerOptions map[string]string `json:"container_options"`
ContainerArgs map[string]string `json:"container_args"`
ContainerVolumes []string `json:"container_volumes"`
AppConfig map[string]string `json:"appconfig"`
Bindings []string `json:"bindings"`
BindingSourcePerms []string `json:"binding_source_perms"`
StageAt string `json:"stage_at"`
Verify bool `json:"verify"`
}
CreateAppRequest is the request body for creating an app This gets saved as ApplyInfo when doing declarative app creation
type CreateBindingRequest ¶ added in v0.17.5
type CreateBindingRequest struct {
Path string `json:"path"`
Source string `json:"source"`
Grants []string `json:"grants"`
Config map[string]string `json:"config"`
ApplyInfo []byte `json:"-"`
}
CreateBindingRequest is the request body for creating a binding.
type CreateSecretRequest ¶ added in v0.18.6
type CreateSecretRequest struct {
Name string `json:"name"`
Prefix string `json:"prefix"`
Value string `json:"value"`
Encoding string `json:"encoding"` // "" for plain string, "base64" for binary values
Description string `json:"description"`
Provider string `json:"provider"` // secret provider name, default "db"
SourceFile string `json:"source_file"`
}
CreateSecretRequest is the request body for storing a secret in a writable secret provider. Either Name (explicit name) or Prefix (a unique name is generated with the prefix) must be set. Encoding "base64" is used to pass binary values (file contents); the decoded bytes are stored
type CustomPermsFunc ¶ added in v0.15.9
type DynamicConfig ¶ added in v0.14.10
type DynamicConfig struct {
VersionId string `json:"version_id"`
RBAC RBACConfig `json:"rbac"`
// Entries holds the dynamically configured named entries: section name ->
// entry name -> field values, mirroring the named-entry map sections of
// openrun.toml ([git_auth.x], [auth.y], [saml.z], ...). Dynamic entries
// take precedence over static entries with the same name. Unlike RBAC,
// entry updates are not staged and take effect immediately
Entries map[string]map[string]map[string]any `json:"entries,omitempty"`
// Settings holds dynamically configured fields of the struct sections of
// openrun.toml: section name -> dotted field key -> value (for example
// security -> default_git_auth, app_config -> cors.allow_origin). A set
// field takes precedence over the static config value. Like Entries,
// settings updates are not staged and take effect immediately
Settings map[string]map[string]any `json:"settings,omitempty"`
}
DynamicConfig is the configuration which is settable through API and is persisted to metadata
type EventStatus ¶
type EventStatus string
const ( EventStatusSuccess EventStatus = "Success" EventStatusFailure EventStatus = "Failed" )
type ExportOptions ¶ added in v0.18.6
type ExportOptions struct {
ServiceRef string `json:"service_ref"` // default: emit service type only; exact: emit type/name
GitAuthRef string `json:"git_auth_ref"` // default: omit git_auth; exact: emit stored git auth name
ExactCommit bool `json:"exact_commit"` // pin git_commit to the currently deployed commit
ExcludeDeclarative bool `json:"exclude_declarative"` // skip apps and bindings already managed declaratively
}
ExportOptions are the options for exporting app config declaratively
type ForwardConfig ¶ added in v0.17.4
type ForwardConfig struct {
AuthUrl string `toml:"auth_url"` // the auth url to send the GET request to
ForwardHeaders []string `toml:"forward_headers"` // the headers to forward to the auth url. If empty, all headers are forwarded.
CopyResponseHeaders []string `toml:"copy_response_headers"` // the headers to copy from the authserver response to app. Default is none
}
type GitAuthEntry ¶
type GitAuthEntry struct {
UserID string `toml:"user_id"` // the user id of the user, defaults to "git" https://github.com/src-d/go-git/issues/637
KeyFilePath string `toml:"key_file_path"` // the path to the private key file
PrivateKey string `toml:"private_key"` // the private key contents (PEM), used instead of key_file_path; supports {{secret}} references
Password string `toml:"password"` // the password for the private key file
}
GitAuth is a github auth config entry
type GlobalConfig ¶
type GlobalConfig struct {
ConfigFile string `toml:"config_file"`
AdminUser string `toml:"admin_user"`
ServerUri string `toml:"server_uri"`
}
Config entries shared between client and server
type HttpConfig ¶
type HttpConfig struct {
Host string `toml:"host"`
Port int `toml:"port"`
RedirectToHttps bool `toml:"redirect_to_https"`
}
HttpConfig is the configuration for the HTTP server
type HttpsConfig ¶
type HttpsConfig struct {
Host string `toml:"host"`
Port int `toml:"port"`
EnableCertLookup bool `toml:"enable_cert_lookup"`
MkcertPath string `toml:"mkcert_path"`
ServiceEmail string `toml:"service_email"`
UseStaging bool `toml:"use_staging"`
StorageLocation string `toml:"storage_location"`
CertLocation string `toml:"cert_location"`
DisableClientCerts bool `toml:"disable_client_certs"`
}
HttpsConfig is the configuration for the HTTPs server
type JSLibrary ¶
type JSLibrary struct {
LibType LibraryType
DirectUrl string
PackageName string
Version string
EsbuildArgs [10]string // use an array so that the struct can be used as key in the jsCache map
SanitizedFileName string
}
JSLibrary handles the downloading for JS libraries and esbuild based bundling for ESM libraries
type Kubernetes ¶ added in v0.16.0
type Kubernetes struct {
DefaultVolumeSize string `toml:"default_volume_size"`
ScalingThresholdCPU int32 `toml:"scaling_threshold_cpu"` // CPU utilization threshold for HPA scaling
}
Kubernetes related settings in the App Config
type KubernetesConfig ¶ added in v0.15.20
type LibraryType ¶
type LibraryType string
const ( ESModule LibraryType = "ecmascript_module" Library LibraryType = "library" )
type LogConfig ¶
type LogConfig struct {
Level string `toml:"level"`
MaxBackups int `toml:"max_backups"`
MaxSizeMB int `toml:"max_size_mb"`
Console bool `toml:"console"`
File bool `toml:"file"`
AccessLogging bool `toml:"access_logging"`
}
LogConfig is the configuration for the Logger
type MetadataConfig ¶
type MetadataConfig struct {
DBConnection string `toml:"db_connection"`
AutoUpgrade bool `toml:"auto_upgrade"`
AuditDBConnection string `toml:"audit_db_connection"`
IgnoreHigherVersion bool `toml:"ignore_higher_version"` // If true, ignore higher version of the metadata schema
FileCacheConnection string `toml:"file_cache_connection"` // The connection string for the file cache database
// ConfigHistoryVersions is the number of dynamic config snapshots retained
// in the config_history table. Every config change appends a snapshot
ConfigHistoryVersions int `toml:"config_history_versions"`
}
MetadataConfig is the configuration for the Metadata persistence layer
type NodeConfig ¶
type NotificationMessage ¶
type NotificationMessage struct {
MessageType string `json:"message_type"`
}
NotificationMessage is the message sent through the postgres listener
type Permission ¶
type Permission struct {
Plugin string `json:"plugin" toml:"plugin"`
Method string `json:"method" toml:"method"`
Arguments []string `json:"arguments" toml:"arguments"`
Permit []string `json:"permit" toml:"permit"` // Custom RBAC permissions, any one of which allows the call.
IsRead *bool `json:"is_read,omitempty" toml:"is_read,omitempty"` // Whether the call is a Read operation or Write operation.
// nil value means go with the default as set in the plugin code
Secrets [][]string `json:"secrets" toml:"secrets"` // The secrets that are allowed to be used in the call.
}
Permission represents a permission granted to an app to run a plugin method with the given arguments
type PermissionsConfig ¶ added in v0.16.21
type PermissionsConfig struct {
Allow []Permission `toml:"allow"` // the permissions that are allowed for all apps, without requiring explicit approval
FullAccess []string `toml:"full_access"` // the apps that have full access to all plugins
BindingSourcePerms []string `toml:"binding_source_perms"` // the binding sources that are allowed for all apps, without requiring explicit approval
}
PermissionsConfig is the permissions configuration for the server. This overrides the permissions configured in the app metadata.
type PluginContext ¶
type PluginContext struct {
Logger *Logger
AppId AppId
StoreInfo *starlark_type.StoreInfo
Config PluginSettings
AppConfig AppConfig
AppPath string
}
type PluginSettings ¶
type RBACConfig ¶ added in v0.14.10
type RBACConfig struct {
Enabled bool `json:"enabled"` // whether rbac is enabled
Groups map[string][]string `json:"groups"` // groups names to user ids. These groups are appended to the groups info from SAML
Roles map[string][]RBACPermission `json:"roles"` // role names to permissions.
Grants []RBACGrant `json:"grants"` // grants are used to grant permissions to users/groups for specific apps
// ForceRBACWhenEnabled applies RBAC to every app when RBAC is enabled,
// as if all app auth strings carried the rbac: prefix. When false, only
// apps whose auth has the rbac: prefix are enforced (the pre-flag
// behavior). A pointer so configs saved before this field keep the
// default (true); use ForceRBAC() to read
ForceRBACWhenEnabled *bool `json:"force_rbac_when_enabled,omitempty"`
// OwnerPermissions overrides the default permissions granted to the creator of an
// asset. Keys are resource names (app, sync); values are the permissions the owner
// gets on assets they created. Missing key means the built-in default; an empty
// list disables the owner rule for that resource. app:approve is not allowed.
OwnerPermissions map[string][]RBACPermission `json:"owner_permissions,omitempty"`
}
func (*RBACConfig) ForceRBAC ¶ added in v0.18.6
func (c *RBACConfig) ForceRBAC() bool
ForceRBAC reports the effective ForceRBACWhenEnabled value: unset (configs saved before the field existed and fresh configs) defaults to true
type RBACPermission ¶ added in v0.14.10
type RBACPermission string
const ( PermissionAccess RBACPermission = "app:access" // access the served app (rbac: auth prefix apps) PermissionRead RBACPermission = "app:read" // list apps, get app details, list versions/files PermissionCreate RBACPermission = "app:create" // create app PermissionUpdate RBACPermission = "app:update" // settings/metadata/links/params/version switch PermissionReload RBACPermission = "app:reload" // reload apps PermissionApply RBACPermission = "app:apply" // declarative apply PermissionDelete RBACPermission = "app:delete" // delete apps PermissionApprove RBACPermission = "app:approve" // approve plugin permissions (operator-only) PermissionPromote RBACPermission = "app:promote" // promote staging to prod PermissionPreview RBACPermission = "app:preview" // create preview apps PermissionTokenRead RBACPermission = "app:token_read" // list webhook tokens PermissionTokenManage RBACPermission = "app:token_manage" // create/delete webhook tokens PermissionAppAdmin RBACPermission = "app:admin" // all app permissions except app:approve PermissionSyncCreate RBACPermission = "sync:create" PermissionSyncRun RBACPermission = "sync:run" PermissionSyncDelete RBACPermission = "sync:delete" PermissionSyncRead RBACPermission = "sync:read" PermissionServiceCreate RBACPermission = "service:create" PermissionServiceUpdate RBACPermission = "service:update" PermissionServiceDelete RBACPermission = "service:delete" PermissionServiceRead RBACPermission = "service:read" PermissionBindingCreate RBACPermission = "binding:create" PermissionBindingUpdate RBACPermission = "binding:update" PermissionBindingDelete RBACPermission = "binding:delete" PermissionBindingRead RBACPermission = "binding:read" PermissionBindingRunCommand RBACPermission = "binding:run_command" PermissionContainerRead RBACPermission = "container:read" // list containers, get container details/logs/stats PermissionContainerManage RBACPermission = "container:manage" // start/stop managed containers PermissionConfigRead RBACPermission = "config:read" PermissionConfigUpdate RBACPermission = "config:update" PermissionServerStop RBACPermission = "server:stop" PermissionAuditRead RBACPermission = "audit:read" // read the audit log across all apps PermissionSecretCreate RBACPermission = "secret:create" // create/update secrets, rekey the store PermissionSecretRead RBACPermission = "secret:read" // list secrets, get secret metadata (not values) PermissionSecretDelete RBACPermission = "secret:delete" PermissionSecretReveal RBACPermission = "secret:reveal" // read back a secret value PermissionBuilderList RBACPermission = "builder:list" // see one's own builder sessions PermissionBuilderRead RBACPermission = "builder:read" // view any session's transcript, files, activity PermissionBuilderCreate RBACPermission = "builder:create" // create sessions, message/stop/resume/delete own sessions PermissionBuilderPublish RBACPermission = "builder:publish" // publish/unpublish (also needs app:create on the path) )
Permissions are resource:verb strings. app:read gates both listing and reading app details (there is no separate list permission). app:approve is special: it is never implied by app:admin, owner permissions or permission globs; it has to be granted by its literal name (or via the built-in admin role).
type RBACPermissionGroup ¶ added in v0.18.4
type RBACPermissionGroup struct {
Resource string `json:"resource"`
Permissions []RBACPermission `json:"permissions"`
}
RBACPermissionGroup lists the permissions for one resource type, in display order
type RegistryConfig ¶ added in v0.15.20
type RegistryConfig struct {
URL string `toml:"url"`
Project string `toml:"project"`
Type string `toml:"type"` // "", "ecr"
Username string `toml:"username"`
Password string `toml:"password"`
PasswordFile string `toml:"password_file"`
CAFile string `toml:"ca_file"`
ClientCertFile string `toml:"client_cert_file"`
ClientKeyFile string `toml:"client_key_file"`
Insecure bool `toml:"insecure"`
AWSRegion string `toml:"aws_region"`
}
type RequestError ¶
RequestError is the error returned by the API
func CreateRequestError ¶
func CreateRequestError(message string, code int) RequestError
func (RequestError) Error ¶
func (r RequestError) Error() string
type RunBindingCommandRequest ¶ added in v0.17.4
type RunBindingCommandRequest struct {
BindingName string `json:"binding_name"`
UseStaging bool `json:"use_staging"`
Command string `json:"command"`
}
RunBindingCommandRequest is the request body for running a command through a service binding account.
type SAMLConfig ¶ added in v0.15.3
type SAMLConfig struct {
MetadataURL string `toml:"metadata_url"`
GroupsAttr string `toml:"groups_attr"`
UsePost bool `toml:"use_post"` // whether to use POST binding
ForceAuthn bool `toml:"force_authn"` // whether to force authn
SPKeyFile string `toml:"sp_key_file"` // the SP key file to use
SPCertFile string `toml:"sp_cert_file"` // the SP cert file to use
}
type SecretConfig ¶
type SecretCreateResponse ¶ added in v0.18.6
type SecretCreateResponse struct {
Name string `json:"name"`
Provider string `json:"provider"`
SecretRef string `json:"secret_ref"` // ready to use {{secret ...}} reference
Updated bool `json:"updated"` // true if an existing secret was updated
}
SecretCreateResponse returns the stored secret name and the template reference to use in app params/config values
type SecretDeleteResponse ¶ added in v0.18.6
type SecretDeleteResponse struct {
Name string `json:"name"`
}
type SecretEntry ¶ added in v0.18.6
type SecretEntry struct {
Name string
Value []byte
Nonce []byte
KeyId string
CreatedBy string
CreateTime time.Time
UpdateTime time.Time
Metadata SecretMetadata
}
SecretEntry is a row in the secrets table. Value is the AES-256-GCM ciphertext of the secret, sealed with the master key identified by KeyId and a per-write random Nonce
type SecretGetResponse ¶ added in v0.18.6
type SecretGetResponse struct {
SecretInfo
Value string `json:"value,omitempty"`
Encoding string `json:"encoding,omitempty"`
}
SecretGetResponse is the response for getting a secret. Value is set only when reveal is requested; binary values are base64 encoded with Encoding set to "base64"
type SecretInfo ¶ added in v0.18.6
type SecretInfo struct {
Name string `json:"name"`
KeyId string `json:"key_id"`
CreatedBy string `json:"created_by"`
CreateTime time.Time `json:"create_time"`
UpdateTime time.Time `json:"update_time"`
Description string `json:"description"`
SourceFile string `json:"source_file"`
}
SecretInfo is the non-sensitive info about a stored secret
type SecretListResponse ¶ added in v0.18.6
type SecretListResponse struct {
Secrets []SecretInfo `json:"secrets"`
}
type SecretMetadata ¶ added in v0.18.6
type SecretMetadata struct {
Description string `json:"description,omitempty"`
SourceFile string `json:"source_file,omitempty"` // original file name when created from a file
}
SecretMetadata is the non-sensitive metadata stored with an encrypted secret
type SecretRekeyResponse ¶ added in v0.18.6
SecretRekeyResponse reports the result of re-encrypting stored secrets with the active master key. Skipped counts rows sealed with a key id that is not configured for the provider
type Security ¶
type Security struct {
DefaultSecretsProvider string `toml:"default_secrets_provider"`
DisableCSRFProtection bool `toml:"disable_csrf_protection"`
// HeadersLevel controls the set of security related HTTP response headers added to
// app responses. Valid values are 0 to 10: 0 adds no extra headers and 10 adds the
// strictest full set. Levels 0, 2, 5 and 10 are currently implemented; any other
// value is rounded down to the nearest implemented level. Default is 2.
HeadersLevel int `toml:"headers_level"`
}
type SecurityConfig ¶
type SecurityConfig struct {
UnsafeAdminOverTCP bool `toml:"unsafe_admin_over_tcp"`
AdminPasswordBcrypt string `toml:"admin_password_bcrypt"`
AppDefaultAuthType string `toml:"app_default_auth_type"`
AuthRequired bool `toml:"auth_required"`
SessionMaxAge int `toml:"session_max_age"`
SessionHttpsOnly bool `toml:"session_https_only"`
TrustedProxies []string `toml:"trusted_proxies"`
CallbackUrl string `toml:"callback_url"`
DefaultGitAuth string `toml:"default_git_auth"`
StageEnableWriteAccess bool `toml:"stage_enable_write_access"`
PreviewEnableWriteAccess bool `toml:"preview_enable_write_access"`
AllowedContainerArgs map[string]string `toml:"allowed_container_args"` // the container args that are allowed to be used in the app config
AllowedMounts []string `toml:"allowed_mounts"` // the volume mounts paths that are allowed to be used in the app config
}
SecurityConfig is the security related configuration
type ServerConfig ¶
type ServerConfig struct {
GlobalConfig
Http HttpConfig `toml:"http"`
Https HttpsConfig `toml:"https"`
Security SecurityConfig `toml:"security"`
Metadata MetadataConfig `toml:"metadata"`
Log LogConfig `toml:"logging"`
Telemetry TelemetryConfig `toml:"telemetry"`
System SystemConfig `toml:"system"`
Registry RegistryConfig `toml:"registry"`
Builder BuilderConfig `toml:"builder"`
Kubernetes KubernetesConfig `toml:"kubernetes"`
GitAuth map[string]GitAuthEntry `toml:"git_auth"`
Plugins map[string]PluginSettings `toml:"plugin"`
Auth map[string]AuthConfig `toml:"auth"`
SAML map[string]SAMLConfig `toml:"saml"`
ClientAuth map[string]ClientCertConfig `toml:"client_auth"`
Secret map[string]SecretConfig `toml:"secret"`
Forward map[string]ForwardConfig `toml:"forward"`
ProfileMode string `toml:"profile_mode"`
AppConfig AppConfig `toml:"app_config"`
NodeConfig NodeConfig `toml:"node_config"`
Permissions PermissionsConfig `toml:"permissions"`
AppBuilder AppBuilderConfig `toml:"app_builder"`
BuilderAgent map[string]BuilderAgentConfig `toml:"builder_agent"`
BuilderPublish map[string]BuilderPublishConfig `toml:"builder_publish"`
BuilderPrompt map[string]BuilderPromptConfig `toml:"builder_prompt"`
BuilderGit map[string]BuilderGitConfig `toml:"builder_git"`
}
ServerConfig is the configuration for the OpenRun Server
func (*ServerConfig) ResolveBuilderGit ¶ added in v0.18.6
func (c *ServerConfig) ResolveBuilderGit(promptPreset string) (BuilderGitConfig, error)
ResolveBuilderGit returns the git publish destination for a builder session created with promptPreset: the preset's git_config if set, else app_builder.default_git_config. With neither set the result has an empty Repo, which selects local publish mode ($OPENRUN_HOME/app_src)
type ServerId ¶
type ServerId string // the id of the server that sent the notification
var CurrentServerId ServerId // initialized in server.go init()
type Service ¶ added in v0.17.2
type Service struct {
Id string `json:"id"`
Name string `json:"name"`
ServiceType string `json:"service_type"`
IsDefault bool `json:"is_default"`
Staging string `json:"staging"`
Config map[string]string `json:"config"`
CreateTime time.Time `json:"create_time"`
UpdateTime time.Time `json:"update_time"`
}
Service is a service entry in the metadata database service is the admin level connection from which bindings are created
type SpecFiles ¶
SpecFiles is a map of file names to file data. JSON encoding uses base 64 encoding of file text
func (*SpecFiles) MarshalJSON ¶
func (*SpecFiles) UnmarshalJSON ¶
type StringValue ¶
type StringValue string
const (
StringValueUndefined StringValue = "<OPENRUN_UNDEFINED>"
)
type SyncCreateResponse ¶
type SyncDeleteResponse ¶
type SyncEntry ¶
type SyncEntry struct {
Id string `json:"id"`
Path string `json:"path"`
IsScheduled bool `json:"is_scheduled"` // whether this is a scheduled sync
UserID string `json:"user_id"`
CreateTime *time.Time `json:"create_time"`
Metadata SyncMetadata `json:"metadata"`
Status SyncJobStatus `json:"status"`
}
type SyncJobStatus ¶
type SyncJobStatus struct {
State string `json:"state"` // the state of the sync job
FailureCount int `json:"failure_count"` // the number of times the sync job has failed recently
LastExecutionTime time.Time `json:"last_execution_time"` // the last time the sync job was executed
Error string `json:"error"` // the error message if the sync job failed
CommitId string `json:"commit_id"` // the commit id of the sync job
IsApply bool `json:"is_apply"` // whether this is an apply job
ApplyResponse AppApplyResponse `json:"app_apply_response"` // the response of the apply job
}
type SyncListResponse ¶
type SyncListResponse struct {
Entries []*SyncEntry `json:"entries"`
}
type SyncMetadata ¶
type SyncMetadata struct {
GitBranch string `json:"git_branch"` // the git branch to sync from
GitAuth string `json:"git_auth"` // the git auth entry to use for the sync
Promote bool `json:"promote"` // whether this sync does a promote
Approve bool `json:"approve"` // whether this sync does an approve
Verify bool `json:"verify"` // whether this sync verifies container reloads
Reload string `json:"reload"` // which apps to reload after the sync
Clobber bool `json:"clobber"` // whether to force update the sync, overwriting non-declarative changes
ForceReload bool `json:"force_reload"` // whether to force reload even if there is no new commit
WebhookUrl string `json:"webhook_url"` // for webhook : the url to use
WebhookSecret string `json:"webhook_secret"` // for webhook : the secret to use
ScheduleFrequency int `json:"schedule_frequency"` // for scheduled: the frequency of the sync, every N minutes
}
type SystemConfig ¶
type SystemConfig struct {
TailwindCSSCommand string `toml:"tailwindcss_command"`
TailwindVersion int `toml:"tailwind_version"`
DaisyUIURL string `toml:"daisyui_url"` // url for the prebundled daisyui plugin, used with tailwind_version 4
DaisyUIThemeURL string `toml:"daisyui_theme_url"` // url for the prebundled daisyui theme plugin, used for custom themes
FileWatcherDebounceMillis int `toml:"file_watcher_debounce_millis"`
WatchIgnorePatterns []string `toml:"watch_ignore_patterns"`
NodePath string `toml:"node_path"`
ContainerCommand string `toml:"container_command"`
StaleContainerCleanupIntervalMins int `toml:"stale_container_cleanup_interval_mins"` // Interval for stale OpenRun container cleanup. Set <=0 to disable.
ContainerBuilder string `toml:"container_builder"`
DefaultDomain string `toml:"default_domain"`
RootServeListApps string `toml:"root_serve_list_apps"`
EnableCompression bool `toml:"enable_compression"`
HttpEventRetentionDays int `toml:"http_event_retention_days"`
NonHttpEventRetentionDays int `toml:"non_http_event_retention_days"`
AllowedEnv []string `toml:"allowed_env"` // List of environment variables that are allowed to be used in the node config
DefaultScheduleMins int `toml:"default_schedule_mins"` // Default schedule time in minutes for scheduled sync
MaxSyncFailureCount int `toml:"max_sync_failure_count"` // Max failure count for sync jobs
MaxConcurrentBuilds int `toml:"max_concurrent_builds"` // Max concurrent container builds
MaxBuildWaitSecs int `toml:"max_build_wait_secs"` // Max wait time for a build lock
UseImagePreBuildStep bool `toml:"use_image_pre_build_step"` // Pre-build container images for verified reloads before the metadata transaction starts
EarlyHints bool `toml:"early_hints"` // enable early hints for HTML responses
LeaderElectionLeaseSecs int `toml:"leader_election_lease_secs"` // The lease time for the leader election
LeaderElectionHeartbeatIntervalSecs int `toml:"leader_election_heartbeat_interval_secs"` // The interval for the leader election heartbeat
FileWorkers int `toml:"file_workers"` // number of parallel workers for file compression during app version creation
ListAppsTitle string `toml:"list_apps_title"` // the title of the list apps page
ShowHostedWith bool `toml:"show_hosted_with"` // whether to show "Hosted with OpenRun" in the list apps page
FallbackUnknownDomains bool `toml:"fallback_unknown_domains"` // whether to fallback to default domain for unknown domains
ForwardAuthTimeoutSecs int `toml:"forward_auth_timeout_secs"` // timeout in seconds for forward auth requests. Defaults to 30 seconds.
BuilderAuthToken string `toml:"builder_auth_token"` // the token for the builder auth
// StageAt is the default staging mode for new prod apps. "domain" stages at domain level,
// "path" stages at path level, and any other value is treated as the staging domain.
// Defaults to "domain".
StageAt string `toml:"stage_at"`
DefaultStageDomain string `toml:"default_stage_domain"`
}
SystemConfig is the system level configuration
type TelemetryConfig ¶ added in v0.17.1
type TelemetryConfig struct {
Enabled bool `toml:"enabled"`
ServiceName string `toml:"service_name"`
Environment string `toml:"environment"`
Endpoint string `toml:"endpoint"`
Headers map[string]string `toml:"headers"`
Traces bool `toml:"traces"`
Metrics bool `toml:"metrics"`
// PluginSpans, when true, creates a span around each Starlark plugin
// invocation. Off by default because data-heavy apps may issue many
// plugin calls per request.
PluginSpans bool `toml:"plugin_spans"`
}
TelemetryConfig is the OpenTelemetry configuration.
type TokenCreateResponse ¶
type TokenDeleteResponse ¶
type TokenDeleteResponse struct {
DryRun bool `json:"dry_run"`
}
type TokenListResponse ¶
type TokenListResponse struct {
Tokens []AppToken `json:"tokens"`
}
type Transaction ¶
Transaction is a wrapper around sql.Tx
func (*Transaction) IsInitialized ¶
func (t *Transaction) IsInitialized() bool
type UpdateAppMetadataRequest ¶
type UpdateAppMetadataRequest struct {
Spec StringValue `json:"spec"`
ConfigType AppMetadataConfigType `json:"config_type"`
ConfigEntries []string `json:"config_entries"`
}
UpdateAppMetadataRequest is the request body for updating an app metadata
func CreateUpdateAppMetadataRequest ¶
func CreateUpdateAppMetadataRequest() UpdateAppMetadataRequest
type UpdateAppRequest ¶
type UpdateAppRequest struct {
AuthnType StringValue `json:"authn_type"`
GitAuthName StringValue `json:"git_auth_name"`
StageWriteAccess BoolValue `json:"stage_write_access"`
PreviewWriteAccess BoolValue `json:"preview_write_access"`
Spec StringValue `json:"spec"`
}
UpdateAppRequest is the request body for updating an app settings
func CreateUpdateAppRequest ¶
func CreateUpdateAppRequest() UpdateAppRequest
type UpdateBindingRequest ¶ added in v0.17.3
type UpdateBindingRequest struct {
Path string `json:"path"`
AddGrants []string `json:"add_grants"`
DeleteGrants []string `json:"delete_grants"`
}
UpdateBindingRequest is the request body for updating a binding. Binding updates are limited to grant changes.
type VersionMetadata ¶
type VersionMetadata struct {
Version int `json:"version"`
PreviousVersion int `json:"previous_version"`
GitBranch string `json:"git_branch"`
GitCommit string `json:"git_commit"`
GitMessage string `json:"git_message"`
ApplyInfo []byte `json:"apply_info"`
AppliedSyncId string `json:"applied_sync_id"`
}
VersionMetadata contains the metadata for an app
type WebhookTokens ¶
type WebhookType ¶
type WebhookType string
const ( WebhookReload WebhookType = "reload" WebhookReloadPromote WebhookType = "reload_promote" WebhookPromote WebhookType = "promote" )