diff --git a/packages/opal-client/opal_client/config.py b/packages/opal-client/opal_client/config.py index 936caaa63..7e281c53e 100644 --- a/packages/opal-client/opal_client/config.py +++ b/packages/opal-client/opal_client/config.py @@ -20,33 +20,38 @@ class EngineLogFormat(str, Enum): class OpalClientConfig(Confi): # opa client (policy store) configuration POLICY_STORE_TYPE = confi.enum( - "POLICY_STORE_TYPE", PolicyStoreTypes, PolicyStoreTypes.OPA + "POLICY_STORE_TYPE", PolicyStoreTypes, PolicyStoreTypes.OPA, + description="The type of policy store to use (e.g., OPA, Cedar, etc.)" + ) + POLICY_STORE_URL = confi.str( + "POLICY_STORE_URL", "http://localhost:8181", + description="The URL of the policy store (e.g., OPA agent)." ) - POLICY_STORE_URL = confi.str("POLICY_STORE_URL", "http://localhost:8181") POLICY_STORE_AUTH_TYPE = confi.enum( - "POLICY_STORE_AUTH_TYPE", PolicyStoreAuth, PolicyStoreAuth.NONE + "POLICY_STORE_AUTH_TYPE", PolicyStoreAuth, PolicyStoreAuth.NONE, + description="The authentication type to use for the policy store (e.g., NONE, TOKEN, etc.)" ) POLICY_STORE_AUTH_TOKEN = confi.str( "POLICY_STORE_AUTH_TOKEN", None, - description="the authentication (bearer) token OPAL client will use to " + description="The authentication (bearer) token OPAL client will use to " "authenticate against the policy store (i.e: OPA agent).", ) POLICY_STORE_AUTH_OAUTH_SERVER = confi.str( "POLICY_STORE_AUTH_OAUTH_SERVER", None, - description="the authentication server OPAL client will use to authenticate against for retrieving the access_token.", + description="The authentication server OPAL client will use to authenticate against for retrieving the access_token.", ) POLICY_STORE_AUTH_OAUTH_CLIENT_ID = confi.str( "POLICY_STORE_AUTH_OAUTH_CLIENT_ID", None, - description="the client_id OPAL will use to authenticate against the OAuth server.", + description="The client_id OPAL will use to authenticate against the OAuth server.", ) POLICY_STORE_AUTH_OAUTH_CLIENT_SECRET = confi.str( "POLICY_STORE_AUTH_OAUTH_CLIENT_SECRET", None, - description="the client secret OPAL will use to authenticate against the OAuth server.", + description="The client secret OPAL will use to authenticate against the OAuth server.", ) POLICY_STORE_CONN_RETRY: ConnRetryOptions = confi.model( @@ -54,7 +59,7 @@ class OpalClientConfig(Confi): ConnRetryOptions, # defaults are being set according to ConnRetryOptions pydantic definitions (see class) {}, - description="retry options when connecting to the policy store (i.e. the agent that handles the policy, e.g. OPA)", + description="Retry options when connecting to the policy store (i.e. the agent that handles the policy, e.g. OPA)", ) POLICY_UPDATER_CONN_RETRY: ConnRetryOptions = confi.model( "POLICY_UPDATER_CONN_RETRY", @@ -65,14 +70,14 @@ class OpalClientConfig(Confi): "attempts": 5, "wait_time": 1, }, - description="retry options when connecting to the policy source (e.g. the policy bundle server)", + description="Retry options when connecting to the policy source (e.g. the policy bundle server)", ) DATA_STORE_CONN_RETRY: ConnRetryOptions = confi.model( "DATA_STORE_CONN_RETRY", ConnRetryOptions, None, - description="DEPTRECATED - The old confusing name for DATA_UPDATER_CONN_RETRY, kept for backwards compatibilit (for now)", + description="DEPRECATED - The old confusing name for DATA_UPDATER_CONN_RETRY, kept for backwards compatibility (for now)", ) DATA_UPDATER_CONN_RETRY: ConnRetryOptions = confi.model( @@ -84,7 +89,7 @@ class OpalClientConfig(Confi): "attempts": 5, "wait_time": 1, }, - description="retry options when connecting to the base data source (e.g. an external API server which returns data snapshot)", + description="Retry options when connecting to the base data source (e.g. an external API server which returns data snapshot)", ) POLICY_STORE_POLICY_PATHS_TO_IGNORE = confi.list( @@ -102,17 +107,17 @@ class OpalClientConfig(Confi): POLICY_STORE_TLS_CLIENT_CERT = confi.str( "POLICY_STORE_TLS_CLIENT_CERT", None, - description="path to the client certificate used for tls authentication with the policy store", + description="Path to the client certificate used for TLS authentication with the policy store", ) POLICY_STORE_TLS_CLIENT_KEY = confi.str( "POLICY_STORE_TLS_CLIENT_KEY", None, - description="path to the client key used for tls authentication with the policy store", + description="Path to the client key used for TLS authentication with the policy store", ) POLICY_STORE_TLS_CA = confi.str( "POLICY_STORE_TLS_CA", None, - description="path to the file containing the ca certificate(s) used for tls authentication with the policy store", + description="Path to the file containing the CA certificate(s) used for TLS authentication with the policy store", ) EXCLUDE_POLICY_STORE_SECRETS = confi.bool( @@ -132,7 +137,10 @@ def load_policy_store(): # opa runner configuration (OPA can optionally be run by OPAL) ---------------- # whether or not OPAL should run OPA by itself in the same container - INLINE_OPA_ENABLED = confi.bool("INLINE_OPA_ENABLED", True) + INLINE_OPA_ENABLED = confi.bool( + "INLINE_OPA_ENABLED", True, + description="Whether or not OPAL should run OPA by itself in the same container" + ) INLINE_OPA_EXEC_PATH = confi.str( "INLINE_OPA_EXEC_PATH", @@ -146,17 +154,21 @@ def load_policy_store(): "INLINE_OPA_CONFIG", OpaServerOptions, {}, # defaults are being set according to OpaServerOptions pydantic definitions (see class) - description="cli options used when running `opa run --server` inline", + description="CLI options used when running `opa run --server` inline", ) INLINE_OPA_LOG_FORMAT: EngineLogFormat = confi.enum( - "INLINE_OPA_LOG_FORMAT", EngineLogFormat, EngineLogFormat.NONE + "INLINE_OPA_LOG_FORMAT", EngineLogFormat, EngineLogFormat.NONE, + description="The log format to use for inline OPA logs" ) # Cedar runner configuration (Cedar-engine can optionally be run by OPAL) ---------------- # whether or not OPAL should run the Cedar agent by itself in the same container - INLINE_CEDAR_ENABLED = confi.bool("INLINE_CEDAR_ENABLED", True) + INLINE_CEDAR_ENABLED = confi.bool( + "INLINE_CEDAR_ENABLED", True, + description="Whether or not OPAL should run the Cedar agent by itself in the same container" + ) INLINE_CEDAR_EXEC_PATH = confi.str( "INLINE_CEDAR_EXEC_PATH", @@ -170,23 +182,30 @@ def load_policy_store(): "INLINE_CEDAR_CONFIG", CedarServerOptions, {}, # defaults are being set according to CedarServerOptions pydantic definitions (see class) - description="cli options used when running the Cedar agent inline", + description="CLI options used when running the Cedar agent inline", ) INLINE_CEDAR_LOG_FORMAT: EngineLogFormat = confi.enum( - "INLINE_CEDAR_LOG_FORMAT", EngineLogFormat, EngineLogFormat.NONE + "INLINE_CEDAR_LOG_FORMAT", EngineLogFormat, EngineLogFormat.NONE, + description="The log format to use for inline Cedar logs" ) # configuration for fastapi routes ALLOWED_ORIGINS = ["*"] # general configuration for pub/sub clients - KEEP_ALIVE_INTERVAL = confi.int("KEEP_ALIVE_INTERVAL", 0) + KEEP_ALIVE_INTERVAL = confi.int( + "KEEP_ALIVE_INTERVAL", 0, + description="The interval (in seconds) for sending keep-alive messages" + ) # Opal Server general configuration ------------------------------------------- # opal server url - SERVER_URL = confi.str("SERVER_URL", "http://localhost:7002", flags=["-s"]) + SERVER_URL = confi.str( + "SERVER_URL", "http://localhost:7002", flags=["-s"], + description="The URL of the OPAL server" + ) # opal server pubsub url OPAL_WS_ROUTE = "/ws" SERVER_WS_URL = confi.str( @@ -196,16 +215,18 @@ def load_policy_store(): "http", "ws" ) ), + description="The WebSocket URL of the OPAL server" ) SERVER_PUBSUB_URL = confi.str( - "SERVER_PUBSUB_URL", confi.delay("{SERVER_WS_URL}" + f"{OPAL_WS_ROUTE}") + "SERVER_PUBSUB_URL", confi.delay("{SERVER_WS_URL}" + f"{OPAL_WS_ROUTE}"), + description="The Pub/Sub URL of the OPAL server" ) # opal server auth token CLIENT_TOKEN = confi.str( "CLIENT_TOKEN", "THIS_IS_A_DEV_SECRET", - description="opal server auth token", + description="The authentication token for the OPAL server", flags=["-t"], ) @@ -241,7 +262,7 @@ def load_policy_store(): "POLICY_SUBSCRIPTION_DIRS", ["."], delimiter=":", - description="directories in policy repo we should subscribe to", + description="Directories in the policy repo to subscribe to for policy code (rego) modules", ) # Data updater configuration -------------------------------------------------- @@ -284,6 +305,7 @@ def load_policy_store(): "headers": {"content-type": "application/json"}, "process_data": False, }, + description="Configuration for the default update callback", ) DEFAULT_UPDATE_CALLBACKS = confi.model( @@ -317,7 +339,10 @@ def load_policy_store(): OPA_HEALTH_CHECK_POLICY_PATH = "engine/healthcheck/opal.rego" - SCOPE_ID = confi.str("SCOPE_ID", "default", description="OPAL Scope ID") + SCOPE_ID = confi.str( + "SCOPE_ID", "default", + description="OPAL Scope ID" + ) STORE_BACKUP_PATH = confi.str( "STORE_BACKUP_PATH", diff --git a/packages/opal-common/opal_common/config.py b/packages/opal-common/opal_common/config.py index ab18dd0cb..6dbc34bf7 100644 --- a/packages/opal-common/opal_common/config.py +++ b/packages/opal-common/opal_common/config.py @@ -16,7 +16,9 @@ class OpalCommonConfig(Confi): PROCESS_NAME = "" # Logging # - Log formatting - LOG_FORMAT_INCLUDE_PID = confi.bool("LOG_FORMAT_INCLUDE_PID", False) + LOG_FORMAT_INCLUDE_PID = confi.bool( + "LOG_FORMAT_INCLUDE_PID", False, description="Include process ID in log format" + ) LOG_FORMAT = confi.str( "LOG_FORMAT", confi.delay( @@ -106,19 +108,27 @@ class OpalCommonConfig(Confi): # Fetching Providers # - where to load providers from FETCH_PROVIDER_MODULES = confi.list( - "FETCH_PROVIDER_MODULES", ["opal_common.fetcher.providers"] + "FETCH_PROVIDER_MODULES", ["opal_common.fetcher.providers"], + description="List of modules to load fetch providers from" ) # Fetching engine # Max number of worker tasks handling fetch events concurrently - FETCHING_WORKER_COUNT = confi.int("FETCHING_WORKER_COUNT", 6) + FETCHING_WORKER_COUNT = confi.int( + "FETCHING_WORKER_COUNT", 6, description="Max number of worker tasks handling fetch events concurrently" + ) # Time in seconds to wait on the queued fetch task. - FETCHING_CALLBACK_TIMEOUT = confi.int("FETCHING_CALLBACK_TIMEOUT", 10) + FETCHING_CALLBACK_TIMEOUT = confi.int( + "FETCHING_CALLBACK_TIMEOUT", 10, description="Time in seconds to wait on the queued fetch task" + ) # Time in seconds to wait for queuing a new task (if the queue is full) - FETCHING_ENQUEUE_TIMEOUT = confi.int("FETCHING_ENQUEUE_TIMEOUT", 10) + FETCHING_ENQUEUE_TIMEOUT = confi.int( + "FETCHING_ENQUEUE_TIMEOUT", 10, description="Time in seconds to wait for queuing a new task (if the queue is full)" + ) GIT_SSH_KEY_FILE = confi.str( - "GIT_SSH_KEY_FILE", str(Path.home() / ".ssh/opal_repo_ssh_key") + "GIT_SSH_KEY_FILE", str(Path.home() / ".ssh/opal_repo_ssh_key"), + description="Path to the SSH key file for Git" ) # Trust self signed certificates (Advanced Usage - only affects OPAL client) ----------------------------- @@ -139,11 +149,13 @@ class OpalCommonConfig(Confi): # security AUTH_PUBLIC_KEY_FORMAT = confi.enum( - "AUTH_PUBLIC_KEY_FORMAT", EncryptionKeyFormat, EncryptionKeyFormat.ssh + "AUTH_PUBLIC_KEY_FORMAT", EncryptionKeyFormat, EncryptionKeyFormat.ssh, + description="Format of the public key for authentication" ) AUTH_PUBLIC_KEY = confi.delay( lambda AUTH_PUBLIC_KEY_FORMAT=None: confi.public_key( - "AUTH_PUBLIC_KEY", default=None, key_format=AUTH_PUBLIC_KEY_FORMAT + "AUTH_PUBLIC_KEY", default=None, key_format=AUTH_PUBLIC_KEY_FORMAT, + description="Public key for authentication" ) ) AUTH_JWT_ALGORITHM = confi.enum( @@ -152,15 +164,23 @@ class OpalCommonConfig(Confi): getattr(JWTAlgorithm, "RS256"), description="jwt algorithm, possible values: see: https://pyjwt.readthedocs.io/en/stable/algorithms.html", ) - AUTH_JWT_AUDIENCE = confi.str("AUTH_JWT_AUDIENCE", "https://api.opal.ac/v1/") - AUTH_JWT_ISSUER = confi.str("AUTH_JWT_ISSUER", f"https://opal.ac/") + AUTH_JWT_AUDIENCE = confi.str( + "AUTH_JWT_AUDIENCE", "https://api.opal.ac/v1/", + description="Audience for JWT authentication" + ) + AUTH_JWT_ISSUER = confi.str( + "AUTH_JWT_ISSUER", f"https://opal.ac/", + description="Issuer for JWT authentication" + ) POLICY_REPO_POLICY_EXTENSIONS = confi.list( "POLICY_REPO_POLICY_EXTENSIONS", [".rego"], description="List of extensions to serve as policy modules", ) - ENABLE_METRICS = confi.bool("ENABLE_METRICS", False) + ENABLE_METRICS = confi.bool( + "ENABLE_METRICS", False, description="Enable metrics collection" + ) # optional APM tracing with datadog ENABLE_DATADOG_APM = confi.bool( diff --git a/packages/opal-common/opal_common/tests/test_config.py b/packages/opal-common/opal_common/tests/test_config.py new file mode 100644 index 000000000..e44e67c36 --- /dev/null +++ b/packages/opal-common/opal_common/tests/test_config.py @@ -0,0 +1,16 @@ +import pytest +from opal_common.config import opal_common_config +from opal_client.config import opal_client_config +from opal_server.config import opal_server_config + +def test_opal_common_config_descriptions(): + for name, entry in opal_common_config.entries.items(): + assert entry.description is not None, f"{name} is missing a description" + +def test_opal_client_config_descriptions(): + for name, entry in opal_client_config.entries.items(): + assert entry.description is not None, f"{name} is missing a description" + +def test_opal_server_config_descriptions(): + for name, entry in opal_server_config.entries.items(): + assert entry.description is not None, f"{name} is missing a description" diff --git a/packages/opal-server/opal_server/config.py b/packages/opal-server/opal_server/config.py index b272915ad..d1ddd8efc 100644 --- a/packages/opal-server/opal_server/config.py +++ b/packages/opal-server/opal_server/config.py @@ -27,28 +27,38 @@ class ServerRole(str, Enum): class OpalServerConfig(Confi): # ws server - OPAL_WS_LOCAL_URL = confi.str("WS_LOCAL_URL", "ws://localhost:7002/ws") - OPAL_WS_TOKEN = confi.str("WS_TOKEN", "THIS_IS_A_DEV_SECRET") + OPAL_WS_LOCAL_URL = confi.str( + "WS_LOCAL_URL", "ws://localhost:7002/ws", description="The local WebSocket URL for OPAL" + ) + OPAL_WS_TOKEN = confi.str( + "WS_TOKEN", "THIS_IS_A_DEV_SECRET", description="The WebSocket token for OPAL" + ) CLIENT_LOAD_LIMIT_NOTATION = confi.str( "CLIENT_LOAD_LIMIT_NOTATION", None, - "If supplied, rate limit would be enforced on server's websocket endpoint. " + description="If supplied, rate limit would be enforced on server's websocket endpoint. " + "Format is `limits`-style notation (e.g '10 per second'), " + "see link: https://limits.readthedocs.io/en/stable/quickstart.html#rate-limit-string-notation", ) # The URL for the backbone pub/sub server (e.g. Postgres, Kfaka, Redis) @see - BROADCAST_URI = confi.str("BROADCAST_URI", None) + BROADCAST_URI = confi.str( + "BROADCAST_URI", None, description="The URL for the backbone pub/sub server" + ) # The name to be used for segmentation in the backbone pub/sub (e.g. the Kafka topic) - BROADCAST_CHANNEL_NAME = confi.str("BROADCAST_CHANNEL_NAME", "EventNotifier") + BROADCAST_CHANNEL_NAME = confi.str( + "BROADCAST_CHANNEL_NAME", "EventNotifier", description="The name to be used for segmentation in the backbone pub/sub" + ) BROADCAST_CONN_LOSS_BUGFIX_EXPERIMENT_ENABLED = confi.bool( - "BROADCAST_CONN_LOSS_BUGFIX_EXPERIMENT_ENABLED", True + "BROADCAST_CONN_LOSS_BUGFIX_EXPERIMENT_ENABLED", True, description="Enable experimental bugfix for broadcast connection loss" ) # server security AUTH_PRIVATE_KEY_FORMAT = confi.enum( - "AUTH_PRIVATE_KEY_FORMAT", EncryptionKeyFormat, EncryptionKeyFormat.pem + "AUTH_PRIVATE_KEY_FORMAT", EncryptionKeyFormat, EncryptionKeyFormat.pem, description="The format of the private key for authentication" + ) + AUTH_PRIVATE_KEY_PASSPHRASE = confi.str( + "AUTH_PRIVATE_KEY_PASSPHRASE", None, description="The passphrase for the private key" ) - AUTH_PRIVATE_KEY_PASSPHRASE = confi.str("AUTH_PRIVATE_KEY_PASSPHRASE", None) AUTH_PRIVATE_KEY = confi.delay( lambda AUTH_PRIVATE_KEY_FORMAT=None, AUTH_PRIVATE_KEY_PASSPHRASE="": confi.private_key( @@ -56,15 +66,20 @@ class OpalServerConfig(Confi): default=None, key_format=AUTH_PRIVATE_KEY_FORMAT, passphrase=AUTH_PRIVATE_KEY_PASSPHRASE, + description="The private key for authentication" ) ) - AUTH_JWKS_URL = confi.str("AUTH_JWKS_URL", "/.well-known/jwks.json") + AUTH_JWKS_URL = confi.str( + "AUTH_JWKS_URL", "/.well-known/jwks.json", description="The URL for the JSON Web Key Set (JWKS)" + ) AUTH_JWKS_STATIC_DIR = confi.str( - "AUTH_JWKS_STATIC_DIR", os.path.join(os.getcwd(), "jwks_dir") + "AUTH_JWKS_STATIC_DIR", os.path.join(os.getcwd(), "jwks_dir"), description="The directory for static JWKS files" ) - AUTH_MASTER_TOKEN = confi.str("AUTH_MASTER_TOKEN", None) + AUTH_MASTER_TOKEN = confi.str( + "AUTH_MASTER_TOKEN", None, description="The master token for authentication" + ) # policy source watcher POLICY_SOURCE_TYPE = confi.enum( @@ -97,20 +112,24 @@ class OpalServerConfig(Confi): POLICY_REPO_REUSE_CLONE_PATH = confi.bool( "POLICY_REPO_REUSE_CLONE_PATH", False, - "Set if OPAL server should use a fixed clone path (and reuse if it already exists) instead of randomizing its suffix on each run", + description="Set if OPAL server should use a fixed clone path (and reuse if it already exists) instead of randomizing its suffix on each run", + ) + POLICY_REPO_MAIN_BRANCH = confi.str( + "POLICY_REPO_MAIN_BRANCH", "master", description="The main branch of the policy repository" + ) + POLICY_REPO_SSH_KEY = confi.str( + "POLICY_REPO_SSH_KEY", None, description="The SSH key for the policy repository" ) - POLICY_REPO_MAIN_BRANCH = confi.str("POLICY_REPO_MAIN_BRANCH", "master") - POLICY_REPO_SSH_KEY = confi.str("POLICY_REPO_SSH_KEY", None) POLICY_REPO_MANIFEST_PATH = confi.str( "POLICY_REPO_MANIFEST_PATH", "", - "Path of the directory holding the '.manifest' file (new fashion), or of the manifest file itself (old fashion). Repo's root is used by default", + description="Path of the directory holding the '.manifest' file (new fashion), or of the manifest file itself (old fashion). Repo's root is used by default", ) POLICY_REPO_CLONE_TIMEOUT = confi.int( - "POLICY_REPO_CLONE_TIMEOUT", 0 - ) # if 0, waits forever until successful clone + "POLICY_REPO_CLONE_TIMEOUT", 0, description="The timeout for cloning the policy repository (0 means wait forever)" + ) LEADER_LOCK_FILE_PATH = confi.str( - "LEADER_LOCK_FILE_PATH", "/tmp/opal_server_leader.lock" + "LEADER_LOCK_FILE_PATH", "/tmp/opal_server_leader.lock", description="The path to the leader lock file" ) POLICY_BUNDLE_SERVER_TYPE = confi.enum( "POLICY_BUNDLE_SERVER_TYPE", @@ -144,10 +163,14 @@ class OpalServerConfig(Confi): description="File pattern to add files to git default to all the files (*)", ) - REPO_WATCHER_ENABLED = confi.bool("REPO_WATCHER_ENABLED", True) + REPO_WATCHER_ENABLED = confi.bool( + "REPO_WATCHER_ENABLED", True, description="Enable the repository watcher" + ) # publisher - PUBLISHER_ENABLED = confi.bool("PUBLISHER_ENABLED", True) + PUBLISHER_ENABLED = confi.bool( + "PUBLISHER_ENABLED", True, description="Enable the publisher" + ) # broadcaster keepalive BROADCAST_KEEPALIVE_INTERVAL = confi.int( @@ -194,7 +217,9 @@ class OpalServerConfig(Confi): DEFAULT_DATA_TOPIC, description="Top level topic for data", ) - ALL_DATA_ROUTE = confi.str("ALL_DATA_ROUTE", "/policy-data") + ALL_DATA_ROUTE = confi.str( + "ALL_DATA_ROUTE", "/policy-data", description="The route for all policy data" + ) ALL_DATA_URL = confi.str( "ALL_DATA_URL", confi.delay("http://localhost:7002{ALL_DATA_ROUTE}"), @@ -231,12 +256,14 @@ class OpalServerConfig(Confi): ) # Git service webhook (Default is Github) - POLICY_REPO_WEBHOOK_SECRET = confi.str("POLICY_REPO_WEBHOOK_SECRET", None) + POLICY_REPO_WEBHOOK_SECRET = confi.str( + "POLICY_REPO_WEBHOOK_SECRET", None, description="The secret for the policy repository webhook" + ) # The topic the event of the webhook will publish POLICY_REPO_WEBHOOK_TOPIC = "webhook" # Should we check the incoming webhook mentions the branch by name- and not just in the URL POLICY_REPO_WEBHOOK_ENFORCE_BRANCH: bool = confi.bool( - "POLICY_REPO_WEBHOOK_ENFORCE_BRANCH", False + "POLICY_REPO_WEBHOOK_ENFORCE_BRANCH", False, description="Enforce branch name in incoming webhook" ) # Parameters controlling how the incoming webhook should be read and processed POLICY_REPO_WEBHOOK_PARAMS: GitWebhookRequestParams = confi.model( @@ -250,15 +277,26 @@ class OpalServerConfig(Confi): "event_request_key": None, "push_event_value": "push", }, + description="Parameters for processing the incoming webhook", ) - POLICY_REPO_POLLING_INTERVAL = confi.int("POLICY_REPO_POLLING_INTERVAL", 0) + POLICY_REPO_POLLING_INTERVAL = confi.int( + "POLICY_REPO_POLLING_INTERVAL", 0, description="The polling interval for the policy repository" + ) - ALLOWED_ORIGINS = confi.list("ALLOWED_ORIGINS", ["*"]) - FILTER_FILE_EXTENSIONS = confi.list("FILTER_FILE_EXTENSIONS", [".rego", ".json"]) - BUNDLE_IGNORE = confi.list("BUNDLE_IGNORE", []) + ALLOWED_ORIGINS = confi.list( + "ALLOWED_ORIGINS", ["*"], description="List of allowed origins for CORS" + ) + FILTER_FILE_EXTENSIONS = confi.list( + "FILTER_FILE_EXTENSIONS", [".rego", ".json"], description="List of file extensions to filter. Example: ['.rego', '.json']" + ) + BUNDLE_IGNORE = confi.list( + "BUNDLE_IGNORE", [], description="List of patterns to ignore in the bundle" + ) - NO_RPC_LOGS = confi.bool("NO_RPC_LOGS", True) + NO_RPC_LOGS = confi.bool( + "NO_RPC_LOGS", True, description="Disable RPC logs" + ) # client-api server SERVER_WORKER_COUNT = confi.int( @@ -293,7 +331,9 @@ class OpalServerConfig(Confi): description="Set if OPAL server should enable tracing with datadog APM", ) - SCOPES = confi.bool("SCOPES", default=False) + SCOPES = confi.bool( + "SCOPES", default=False, description="Enable scopes" + ) SCOPES_REPO_CLONES_SHARDS = confi.int( "SCOPES_REPO_CLONES_SHARDS", @@ -301,9 +341,13 @@ class OpalServerConfig(Confi): description="The max number of local clones to use for the same repo (reused across scopes)", ) - REDIS_URL = confi.str("REDIS_URL", default="redis://localhost") + REDIS_URL = confi.str( + "REDIS_URL", default="redis://localhost", description="The URL for the Redis server" + ) - BASE_DIR = confi.str("BASE_DIR", default=pathlib.Path.home() / ".local/state/opal") + BASE_DIR = confi.str( + "BASE_DIR", default=pathlib.Path.home() / ".local/state/opal", description="The base directory for OPAL" + ) POLICY_REFRESH_INTERVAL = confi.int( "POLICY_REFRESH_INTERVAL",