feat(gateway): add TOML configuration file (RFC 0003)#1317
Open
TaylorMutch wants to merge 4 commits into
Open
Conversation
Introduces an opt-in --config / OPENSHELL_GATEWAY_CONFIG flag that loads a TOML file with gateway-wide settings and per-driver tables. Source precedence is CLI > env > file > built-in default, implemented via clap's ValueSource so existing flags and env vars keep their priority. Driver crates (kubernetes, docker, podman, vm) now derive Deserialize on their config structs. SupervisorSideloadMethod gains Deserialize with kebab-case rename. A per-driver inheritance allowlist on the loader side overlays [openshell.gateway] shared defaults (default_image, supervisor_image, image_pull_policy, guest_tls_*, ssh_handshake_skew_secs, client_tls_secret_name, host_gateway_ip, enable_user_namespaces) onto each [openshell.drivers.<name>] table before deserialization. The Helm chart renders a new gateway-config ConfigMap and mounts it at /etc/openshell/gateway.toml. The migrated OPENSHELL_* env entries are dropped from the StatefulSet — only the Secret-backed OPENSHELL_SSH_HANDSHAKE_SECRET remains. database_url stays on --db-url. Adds examples/gateway/gateway.example.toml and updates architecture/gateway.md with the source precedence and inheritance rules.
…from examples Both fields are scheduled for removal. Remove the example values and the env-only note so the gateway.toml example and the architecture doc stop recommending settings that will not exist much longer.
TaylorMutch
requested review from
a team,
derekwaynecarr,
maxamillion and
mrunalp
as code owners
|
Label |
Adds focused single-driver examples next to the comprehensive gateway.example.toml: kubernetes, docker, podman, and microvm. Each one demonstrates the realistic settings for that driver plus how shared [openshell.gateway] defaults inherit into the driver table. A new unit test (`checked_in_examples_parse`) loads every example through the config_file loader so schema drift fails CI rather than silently shipping a broken example.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements RFC 0003: an opt-in
--config/OPENSHELL_GATEWAY_CONFIGflag that loads a TOML file with gateway-wide settings and per-driver tables. Source precedence staysCLI > env > file > built-in default, so existing flags andOPENSHELL_*env vars are not affected when no file is supplied. Includes the matching HelmConfigMapcutover.Related Issue
N/A — implements RFC 0003.
Changes
crates/openshell-server/src/config_file.rs): TOML parser withdeny_unknown_fieldseverywhere, version-1 enforcement, env-only rejection ofdatabase_url/ssh_handshake_secret, and adriver_table()that overlays inheritable[openshell.gateway]defaults onto each[openshell.drivers.<name>]table.crates/openshell-server/src/cli.rs): new--configflag;merge_file_into_args()applies file values only when clap'sValueSource::DefaultValueindicates an arg was not supplied; newbuild_vm_config()/build_docker_config()consume merged driver tables.kubernetes,docker,podman,vm): config structs deriveDeserialize/Serializewith struct-level#[serde(default, deny_unknown_fields)].SupervisorSideloadMethodgainsDeserializewithkebab-caserename. RefreshedDefaultimpls where needed.run_server/build_compute_runtimethreadOption<&ConfigFile>through; the ad-hoc env reads for Kubernetes/Podman supervisor settings now fold into the file-driven pipeline (env still wins).templates/gateway-config.yamlConfigMaprenderinggateway.tomlfrom existing.Values.server.*/.Values.service.*/.Values.supervisor.*keys;StatefulSetmounts it at/etc/openshell/gateway.toml, passes--config, and drops the 18 migratedOPENSHELL_*env entries. OnlyOPENSHELL_SSH_HANDSHAKE_SECRET(Secret-backed) remains.architecture/gateway.mddocuments source precedence and the inheritance allowlist;examples/gateway/gateway.example.tomlships a worked example.default_image,supervisor_image,image_pull_policy,client_tls_secret_name,host_gateway_ip,enable_user_namespaces,guest_tls_ca/cert/key.ssh_handshake_skew_secs/ssh_handshake_secretreferences from examples and architecture ahead of their planned removal.Testing
mise run pre-commitpassesconfig_file.rs(parse, secret rejection, version, unknown field, inheritance merge, override) and 6 new tests incli.rs(file value applies when defaulted, CLI overrides file, env overrides file, OIDC block, driver inheritance, driver override). Fullmise run testpasses.test:e2elabel applied; the sandbox-infra path should be exercised against the new--configstartup mode.Manual smoke:
helm lint .clean,helm template .rendersgateway.tomlwith TLS, with TLS disabled, and with OIDC enabled.database_url,ssh_handshake_secret,version = 2, and unknown fields with friendly errors.Checklist
Deferred (explicit follow-ups)
values.yaml.--config-dirdirectory loader (RFC open question Prototype data access layer that can connect to outlook data #2).