Documentation
¶
Overview ¶
Package config provides configuration management for agentapi-proxy using viper.
Configuration can be loaded from:
- JSON files (backward compatibility)
- YAML files
- Environment variables with AGENTAPI_ prefix
Environment variable examples:
AGENTAPI_START_PORT=8080 AGENTAPI_AUTH_ENABLED=true AGENTAPI_AUTH_STATIC_ENABLED=true AGENTAPI_AUTH_STATIC_HEADER_NAME=X-API-Key AGENTAPI_AUTH_STATIC_KEYS_FILE=/path/to/keys.json AGENTAPI_AUTH_GITHUB_ENABLED=true AGENTAPI_AUTH_GITHUB_BASE_URL=https://api.github.com AGENTAPI_AUTH_GITHUB_TOKEN_HEADER=Authorization AGENTAPI_AUTH_GITHUB_OAUTH_CLIENT_ID=your_client_id AGENTAPI_AUTH_GITHUB_OAUTH_CLIENT_SECRET=your_client_secret AGENTAPI_AUTH_GITHUB_OAUTH_SCOPE=read:user read:org AGENTAPI_AUTH_GITHUB_USER_MAPPING_DEFAULT_ROLE=user AGENTAPI_ENABLE_MULTIPLE_USERS=true AGENTAPI_WEBHOOK_BASE_URL=https://example.com AGENTAPI_WEBHOOK_GITHUB_ENTERPRISE_HOST=github.enterprise.com
Configuration file search paths:
- Current directory
- $HOME/.agentapi/
- /etc/agentapi/
Configuration file names: config.json, config.yaml, config.yml
Index ¶
- func ApplyEnvVars(envVars []EnvVar) []string
- func GetRoleFromContext(userID string, role string) string
- func LoadAuthConfigFromFile(config *Config, filename string) error
- type APIKey
- type AWSAuthConfig
- type AWSUserMapping
- type AuthConfig
- type AuthConfigOverride
- type Config
- type EnvVar
- type GitHubAuthConfig
- type GitHubAuthConfigOverride
- type GitHubOAuthConfig
- type GitHubUserMapping
- type K8sSessionConfigOverride
- type KubernetesSessionConfig
- type RoleEnvFilesConfig
- type ScheduleWorkerConfig
- type StaticAuthConfig
- type TeamRoleRule
- type Toleration
- type WebhookConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApplyEnvVars ¶ added in v1.42.0
ApplyEnvVars sets environment variables in the current process Returns the list of variables that were set
func GetRoleFromContext ¶ added in v1.42.0
GetRoleFromContext extracts the user's role from the authentication context This is a helper function that should be called from the auth package
func LoadAuthConfigFromFile ¶ added in v1.9.1
LoadAuthConfigFromFile loads auth configuration from an external file (e.g., ConfigMap)
Types ¶
type APIKey ¶ added in v0.13.0
type APIKey struct {
Key string `json:"key" mapstructure:"key"`
UserID string `json:"user_id" mapstructure:"user_id"`
Role string `json:"role" mapstructure:"role"`
Permissions []string `json:"permissions" mapstructure:"permissions"`
CreatedAt string `json:"created_at" mapstructure:"created_at"`
ExpiresAt string `json:"expires_at,omitempty" mapstructure:"expires_at"`
}
APIKey represents an API key configuration
func (*APIKey) HasPermission ¶ added in v0.13.0
HasPermission checks if a user has a specific permission
type AWSAuthConfig ¶ added in v1.141.0
type AWSAuthConfig struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
Region string `json:"region" mapstructure:"region"`
AllowedAccountIDs []string `json:"allowed_account_ids" mapstructure:"allowed_account_ids"` // Required: list of allowed AWS account IDs (empty = deny all)
TeamTagKey string `json:"team_tag_key" mapstructure:"team_tag_key"`
RequiredTagKey string `json:"required_tag_key" mapstructure:"required_tag_key"` // Tag key that must exist (e.g., "agentapi-proxy")
RequiredTagVal string `json:"required_tag_value" mapstructure:"required_tag_value"` // Expected tag value (e.g., "enabled")
CacheTTL string `json:"cache_ttl" mapstructure:"cache_ttl"`
UserMapping AWSUserMapping `json:"user_mapping" mapstructure:"user_mapping"`
}
AWSAuthConfig represents AWS IAM authentication configuration
type AWSUserMapping ¶ added in v1.141.0
type AWSUserMapping struct {
DefaultRole string `json:"default_role" mapstructure:"default_role" yaml:"default_role"`
DefaultPermissions []string `json:"default_permissions" mapstructure:"default_permissions" yaml:"default_permissions"`
TeamRoleMapping map[string]TeamRoleRule `json:"team_role_mapping" mapstructure:"team_role_mapping" yaml:"team_role_mapping"`
}
AWSUserMapping represents AWS user role mapping configuration
type AuthConfig ¶ added in v0.13.0
type AuthConfig struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
Static *StaticAuthConfig `json:"static,omitempty" mapstructure:"static"`
GitHub *GitHubAuthConfig `json:"github,omitempty" mapstructure:"github"`
AWS *AWSAuthConfig `json:"aws,omitempty" mapstructure:"aws"`
}
AuthConfig represents authentication configuration
type AuthConfigOverride ¶ added in v1.9.1
type AuthConfigOverride struct {
GitHub *GitHubAuthConfigOverride `json:"github,omitempty" yaml:"github,omitempty"`
}
AuthConfigOverride represents auth configuration overrides from external file
type Config ¶
type Config struct {
// Auth represents authentication configuration
Auth AuthConfig `json:"auth" mapstructure:"auth"`
// AuthConfigFile is the path to an external auth configuration file (e.g., from ConfigMap)
AuthConfigFile string `json:"auth_config_file" mapstructure:"auth_config_file"`
// RoleEnvFiles is the configuration for role-based environment files
RoleEnvFiles RoleEnvFilesConfig `json:"role_env_files" mapstructure:"role_env_files"`
// KubernetesSession is the configuration for Kubernetes-based session management
KubernetesSession KubernetesSessionConfig `json:"kubernetes_session" mapstructure:"kubernetes_session"`
// ScheduleWorker is the configuration for the schedule worker
ScheduleWorker ScheduleWorkerConfig `json:"schedule_worker" mapstructure:"schedule_worker"`
// Webhook is the configuration for webhook functionality
Webhook WebhookConfig `json:"webhook" mapstructure:"webhook"`
}
Config represents the proxy configuration
func LoadConfig ¶
LoadConfig loads configuration using viper with support for JSON, YAML, and environment variables
func LoadConfigLegacy ¶ added in v1.9.1
LoadConfigLegacy loads configuration from a JSON file (legacy method)
type EnvVar ¶ added in v1.42.0
EnvVar represents a single environment variable
func LoadRoleEnvVars ¶ added in v1.42.0
func LoadRoleEnvVars(config *RoleEnvFilesConfig, role string) ([]EnvVar, error)
LoadRoleEnvVars loads environment variables for a specific role
func LoadTeamEnvVars ¶ added in v1.47.0
LoadTeamEnvVars loads environment variables from a specific file for a team
type GitHubAuthConfig ¶ added in v1.0.0
type GitHubAuthConfig struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
BaseURL string `json:"base_url" mapstructure:"base_url"`
TokenHeader string `json:"token_header" mapstructure:"token_header"`
UserMapping GitHubUserMapping `json:"user_mapping" mapstructure:"user_mapping"`
OAuth *GitHubOAuthConfig `json:"oauth,omitempty" mapstructure:"oauth"`
}
GitHubAuthConfig represents GitHub OAuth authentication
type GitHubAuthConfigOverride ¶ added in v1.9.1
type GitHubAuthConfigOverride struct {
UserMapping *GitHubUserMapping `json:"user_mapping,omitempty" yaml:"user_mapping,omitempty"`
}
GitHubAuthConfigOverride represents GitHub auth configuration overrides
type GitHubOAuthConfig ¶ added in v1.9.1
type GitHubOAuthConfig struct {
ClientID string `json:"client_id" mapstructure:"client_id"`
ClientSecret string `json:"client_secret" mapstructure:"client_secret"`
Scope string `json:"scope" mapstructure:"scope"`
BaseURL string `json:"base_url,omitempty" mapstructure:"base_url"`
}
GitHubOAuthConfig represents GitHub OAuth2 configuration
type GitHubUserMapping ¶ added in v1.0.0
type GitHubUserMapping struct {
DefaultRole string `json:"default_role" mapstructure:"default_role" yaml:"default_role"`
DefaultPermissions []string `json:"default_permissions" mapstructure:"default_permissions" yaml:"default_permissions"`
TeamRoleMapping map[string]TeamRoleRule `json:"team_role_mapping" mapstructure:"team_role_mapping" yaml:"team_role_mapping"`
}
GitHubUserMapping represents user role mapping configuration
type K8sSessionConfigOverride ¶ added in v1.94.0
type K8sSessionConfigOverride struct {
KubernetesSession *struct {
NodeSelector map[string]string `json:"node_selector,omitempty" yaml:"node_selector"`
Tolerations []Toleration `json:"tolerations,omitempty" yaml:"tolerations"`
} `json:"kubernetes_session,omitempty" yaml:"kubernetes_session"`
}
K8sSessionConfigOverride represents kubernetes session configuration overrides from external file
type KubernetesSessionConfig ¶ added in v1.84.0
type KubernetesSessionConfig struct {
// Namespace is the Kubernetes namespace where session resources are created
Namespace string `json:"namespace" mapstructure:"namespace"`
// Image is the container image for session pods
Image string `json:"image" mapstructure:"image"`
// ImagePullPolicy is the image pull policy for session pods
ImagePullPolicy string `json:"image_pull_policy" mapstructure:"image_pull_policy"`
// ServiceAccount is the service account for session pods
ServiceAccount string `json:"service_account" mapstructure:"service_account"`
// BasePort is the port that agentapi listens on in session pods
BasePort int `json:"base_port" mapstructure:"base_port"`
// CPURequest is the CPU request for session pods
CPURequest string `json:"cpu_request" mapstructure:"cpu_request"`
// CPULimit is the CPU limit for session pods
CPULimit string `json:"cpu_limit" mapstructure:"cpu_limit"`
// MemoryRequest is the memory request for session pods
MemoryRequest string `json:"memory_request" mapstructure:"memory_request"`
// MemoryLimit is the memory limit for session pods
MemoryLimit string `json:"memory_limit" mapstructure:"memory_limit"`
// PVCEnabled enables PersistentVolumeClaim for session pods workdir
// When disabled, EmptyDir is used instead (data is not persisted across pod restarts)
PVCEnabled *bool `json:"pvc_enabled,omitempty" mapstructure:"pvc_enabled"`
// PVCStorageClass is the storage class for session PVCs
PVCStorageClass string `json:"pvc_storage_class" mapstructure:"pvc_storage_class"`
// PVCStorageSize is the storage size for session PVCs
PVCStorageSize string `json:"pvc_storage_size" mapstructure:"pvc_storage_size"`
// PodStartTimeout is the timeout in seconds for pod startup
PodStartTimeout int `json:"pod_start_timeout" mapstructure:"pod_start_timeout"`
// PodStopTimeout is the timeout in seconds for pod termination
PodStopTimeout int `json:"pod_stop_timeout" mapstructure:"pod_stop_timeout"`
// ClaudeConfigBaseSecret is the name of the base Secret for Claude configuration
// This Secret should contain claude.json and settings.json files
// Note: Changed from ConfigMap to Secret to support sensitive data like GITHUB_TOKEN
ClaudeConfigBaseSecret string `json:"claude_config_base_secret" mapstructure:"claude_config_base_secret"`
// ClaudeConfigUserConfigMapPrefix is the prefix for user-specific ConfigMap names
// Full name will be: {prefix}-{username} (e.g., claude-config-johndoe)
ClaudeConfigUserConfigMapPrefix string `json:"claude_config_user_configmap_prefix" mapstructure:"claude_config_user_configmap_prefix"`
// InitContainerImage is the image used for the init container that sets up Claude configuration
// Defaults to the same image as the session container (Image field) if not specified
InitContainerImage string `json:"init_container_image" mapstructure:"init_container_image"`
// GitHubSecretName is the name of the Kubernetes Secret containing GitHub authentication credentials
// This Secret is used by the clone-repo init container for repository cloning
// Expected keys: GITHUB_TOKEN, GITHUB_APP_ID, GITHUB_APP_PEM, GITHUB_INSTALLATION_ID
GitHubSecretName string `json:"github_secret_name" mapstructure:"github_secret_name"`
// GitHubConfigSecretName is the name of the Kubernetes Secret containing GitHub configuration (non-auth)
// This Secret contains GITHUB_API and GITHUB_URL for GitHub Enterprise Server support
// It is kept separate from GitHubSecretName so that params.github_token can override authentication
// without losing Enterprise Server URL settings
GitHubConfigSecretName string `json:"github_config_secret_name" mapstructure:"github_config_secret_name"`
// ConfigFile is the path to an external configuration file for kubernetes session settings
// This file can contain node_selector and tolerations settings
ConfigFile string `json:"config_file,omitempty" mapstructure:"config_file"`
// NodeSelector is a selector which must be true for the pod to fit on a node
// Example: {"disktype": "ssd", "kubernetes.io/arch": "amd64"}
NodeSelector map[string]string `json:"node_selector,omitempty" mapstructure:"node_selector" yaml:"node_selector"`
// Tolerations are tolerations for session pods to schedule onto nodes with matching taints
Tolerations []Toleration `json:"tolerations,omitempty" mapstructure:"tolerations" yaml:"tolerations"`
// MCP Servers configuration
// MCPServersEnabled enables MCP server configuration from Secrets
MCPServersEnabled bool `json:"mcp_servers_enabled" mapstructure:"mcp_servers_enabled"`
// MCPServersBaseSecret is the name of the Kubernetes Secret containing base MCP server configurations
// This Secret is applied to all sessions. Each key should be a JSON file name (e.g., "github.json")
// containing mcpServers configuration
MCPServersBaseSecret string `json:"mcp_servers_base_secret" mapstructure:"mcp_servers_base_secret"`
// Settings configuration
// SettingsBaseSecret is the name of the Kubernetes Secret containing base settings configurations
// This Secret is applied to all sessions and contains marketplaces and enabled_plugins settings
// Team and user settings can override these base settings
SettingsBaseSecret string `json:"settings_base_secret" mapstructure:"settings_base_secret"`
}
KubernetesSessionConfig represents Kubernetes session manager configuration
type RoleEnvFilesConfig ¶ added in v1.42.0
type RoleEnvFilesConfig struct {
// Enabled enables role-based environment file loading
Enabled bool `json:"enabled" mapstructure:"enabled"`
// Path is the directory path containing role-specific .env files
Path string `json:"path" mapstructure:"path"`
// LoadDefault loads default.env before role-specific env file
LoadDefault bool `json:"load_default" mapstructure:"load_default"`
}
RoleEnvFilesConfig represents role-based environment files configuration
type ScheduleWorkerConfig ¶ added in v1.115.0
type ScheduleWorkerConfig struct {
// Enabled enables the schedule worker
Enabled bool `json:"enabled" mapstructure:"enabled"`
// CheckInterval is how often to check for due schedules (e.g., "30s", "1m")
CheckInterval string `json:"check_interval" mapstructure:"check_interval"`
// Namespace is the Kubernetes namespace for schedule resources
Namespace string `json:"namespace" mapstructure:"namespace"`
// DefaultTimezone is the default timezone for schedules (e.g., "Asia/Tokyo")
DefaultTimezone string `json:"default_timezone" mapstructure:"default_timezone"`
// LeaseDuration is the duration that non-leader candidates will wait to force acquire leadership
LeaseDuration string `json:"lease_duration" mapstructure:"lease_duration"`
// RenewDeadline is the duration that the acting master will retry refreshing leadership before giving up
RenewDeadline string `json:"renew_deadline" mapstructure:"renew_deadline"`
// RetryPeriod is the duration the LeaderElector clients should wait between tries of actions
RetryPeriod string `json:"retry_period" mapstructure:"retry_period"`
}
ScheduleWorkerConfig represents schedule worker configuration
type StaticAuthConfig ¶ added in v1.0.0
type StaticAuthConfig struct {
Enabled bool `json:"enabled" mapstructure:"enabled"`
APIKeys []APIKey `json:"api_keys" mapstructure:"api_keys"`
KeysFile string `json:"keys_file" mapstructure:"keys_file"`
HeaderName string `json:"header_name" mapstructure:"header_name"`
}
StaticAuthConfig represents static API key authentication
type TeamRoleRule ¶ added in v1.0.0
type TeamRoleRule struct {
Role string `json:"role" mapstructure:"role" yaml:"role"`
Permissions []string `json:"permissions" mapstructure:"permissions" yaml:"permissions"`
EnvFile string `json:"env_file,omitempty" mapstructure:"env_file" yaml:"env_file"`
}
TeamRoleRule represents a team-based role rule
type Toleration ¶ added in v1.94.0
type Toleration struct {
// Key is the taint key that the toleration applies to
Key string `json:"key" mapstructure:"key" yaml:"key"`
// Operator represents a key's relationship to the value (Equal or Exists)
Operator string `json:"operator" mapstructure:"operator" yaml:"operator"`
// Value is the taint value the toleration matches to
Value string `json:"value" mapstructure:"value" yaml:"value"`
// Effect indicates the taint effect to match (NoSchedule, PreferNoSchedule, NoExecute)
Effect string `json:"effect" mapstructure:"effect" yaml:"effect"`
// TolerationSeconds is the period of time the toleration tolerates the taint (for NoExecute)
TolerationSeconds *int64 `json:"toleration_seconds,omitempty" mapstructure:"toleration_seconds" yaml:"toleration_seconds"`
}
Toleration represents a Kubernetes toleration for session pods
type WebhookConfig ¶ added in v1.156.0
type WebhookConfig struct {
// BaseURL is the base URL for webhook endpoints (e.g., "https://example.com")
// If not set, the URL will be auto-detected from incoming request headers
BaseURL string `json:"base_url" mapstructure:"base_url"`
// GitHubEnterpriseHost is the default GitHub Enterprise host for webhook matching
// When set, webhooks without explicit enterprise_url will match against this host
// Example: "github.enterprise.com" (hostname only, without https://)
GitHubEnterpriseHost string `json:"github_enterprise_host" mapstructure:"github_enterprise_host"`
}
WebhookConfig represents webhook configuration
Source Files
Click to show internal directories.
Click to hide internal directories.