Expand description
Typed configuration.
Loads and fully validates configuration (file → environment → flags) before
any socket opens, producing validated value objects the other crates consume
(docs/01 §6). Invalid config fails fast with a typed, actionable
ConfigError naming the bad field. It contains no business logic, it only
turns strings into validated values; mapping those to domain types (the
crypto provider, the pipeline) is the binary’s job. Hot-reloadable state
(directives, placement) goes through osproxy-control, not here.
§Example
use osproxy_config::Config;
// Defaults apply when nothing is set; a bad value is a typed error.
let cfg = Config::resolve_for_test(&[("bind", "0.0.0.0:9000")]).unwrap();
assert_eq!(cfg.bind.port(), 9000);
assert!(cfg.require_tls_for_mutation, "enforced by default (NFR-S1)");
assert!(Config::resolve_for_test(&[("bind", "not-an-addr")]).is_err());Structs§
- Admin
Passthrough Config - The admin pass-through policy: the cluster that answers admin requests and the allow-listed path prefixes.
- Capture
Config - Full-fidelity traffic capture settings: where to send the captured exchange stream. This is plain data (no broker types), so the config crate stays independent of any Kafka client; the binary builds the producer from it.
- Capture
TlsConfig - TLS settings for the capture broker connection: PEM file paths (the binary
reads them). Presence of
ca_pathpins that CA; a client cert/key pair adds mTLS. - Config
- The fully validated configuration the binary serves from. Every field is a ready-to-use value object; no further parsing or fallbacks happen downstream.
- Config
Error - A configuration failure: which setting was bad and why.
Displayis a single actionable line for both an operator and an LLM (docs/01§6). - Etcd
Config - etcd connection settings for the distributed directive store. Plain data (no etcd client types), so the config crate stays free of the etcd dependency.
- Fanout
Config - Async fan-out write queue settings: where resolved write ops are enqueued for
a downstream applier (
docs/04§9, ADR-010). Plain data (no broker types), so the config crate stays free of any Kafka client. - Header
Forwarding Config - Client-to-upstream header forwarding (
forward_client_headers/forward_header_deny). The proxy rebuilds the upstream request, so this decides which of the client’s own headers ride along. - Observability
Config - Observability and control-plane channel settings.
- Passthrough
Config - Tenant-agnostic passthrough: forward matching requests verbatim to one cluster with no tenancy rewrite.
- TlsConfig
- TLS termination settings: PEM file paths (the binary reads them, config
stays free of certificate material). mTLS is required when
client_ca_pathis set.
Enums§
- Diag
Baseline - The baseline diagnostics verbosity. A config-local enum so this crate stays
independent of
osproxy-observe; the binary maps it to the engine’s level. - Fanout
Body Encoding - The on-the-wire encoding of the fan-out op-envelope document body.