cfgd_core/config/
security.rs

1use serde::{Deserialize, Serialize};
2
3use super::module::ModuleRegistryEntry;
4
5#[derive(Debug, Clone, Default, Serialize, Deserialize)]
6#[serde(rename_all = "camelCase", deny_unknown_fields)]
7pub struct SecurityConfig {
8    /// Allow unsigned source content even when the source requires signed commits.
9    /// Intended for development/testing environments.
10    #[serde(default)]
11    pub allow_unsigned: bool,
12}
13
14#[derive(Debug, Clone, Default, Serialize, Deserialize)]
15#[serde(rename_all = "camelCase", deny_unknown_fields)]
16pub struct ModulesConfig {
17    /// Module registries — git repos containing modules in a prescribed directory structure.
18    #[serde(default)]
19    pub registries: Vec<ModuleRegistryEntry>,
20
21    /// Module security settings.
22    #[serde(default)]
23    pub security: Option<ModuleSecurityConfig>,
24}
25
26#[derive(Debug, Clone, Serialize, Deserialize)]
27#[serde(rename_all = "camelCase", deny_unknown_fields)]
28pub struct ModuleSecurityConfig {
29    /// Require GPG/SSH signatures on all remote module tags.
30    /// When true, unsigned modules are rejected unless `--allow-unsigned` is passed.
31    #[serde(default)]
32    pub require_signatures: bool,
33}
cfgd_core/config/security.rs

cfgd_core/config/
security.rs
