Skip to main content

Crate osproxy_config

Crate osproxy_config 

Source
Expand description

Typed configuration.

Loads and fully validates configuration (file → environment → flags) before any socket opens, producing validated value objects the other crates consume (docs/01 §6). Invalid config fails fast with a typed, actionable ConfigError naming the bad field. It contains no business logic, it only turns strings into validated values; mapping those to domain types (the crypto provider, the pipeline) is the binary’s job. Hot-reloadable state (directives, placement) goes through osproxy-control, not here.

§Example

use osproxy_config::Config;
// Defaults apply when nothing is set; a bad value is a typed error.
let cfg = Config::resolve_for_test(&[("bind", "0.0.0.0:9000")]).unwrap();
assert_eq!(cfg.bind.port(), 9000);
assert!(cfg.require_tls_for_mutation, "enforced by default (NFR-S1)");
assert!(Config::resolve_for_test(&[("bind", "not-an-addr")]).is_err());

Structs§

AdminPassthroughConfig
The admin pass-through policy: the cluster that answers admin requests and the allow-listed path prefixes.
CaptureConfig
Full-fidelity traffic capture settings: where to send the captured exchange stream. This is plain data (no broker types), so the config crate stays independent of any Kafka client; the binary builds the producer from it.
CaptureTlsConfig
TLS settings for the capture broker connection: PEM file paths (the binary reads them). Presence of ca_path pins that CA; a client cert/key pair adds mTLS.
Config
The fully validated configuration the binary serves from. Every field is a ready-to-use value object; no further parsing or fallbacks happen downstream.
ConfigError
A configuration failure: which setting was bad and why. Display is a single actionable line for both an operator and an LLM (docs/01 §6).
EtcdConfig
etcd connection settings for the distributed directive store. Plain data (no etcd client types), so the config crate stays free of the etcd dependency.
FanoutConfig
Async fan-out write queue settings: where resolved write ops are enqueued for a downstream applier (docs/04 §9, ADR-010). Plain data (no broker types), so the config crate stays free of any Kafka client.
HeaderForwardingConfig
Client-to-upstream header forwarding (forward_client_headers / forward_header_deny). The proxy rebuilds the upstream request, so this decides which of the client’s own headers ride along.
ObservabilityConfig
Observability and control-plane channel settings.
PassthroughConfig
Tenant-agnostic passthrough: forward matching requests verbatim to one cluster with no tenancy rewrite.
TlsConfig
TLS termination settings: PEM file paths (the binary reads them, config stays free of certificate material). mTLS is required when client_ca_path is set.

Enums§

DiagBaseline
The baseline diagnostics verbosity. A config-local enum so this crate stays independent of osproxy-observe; the binary maps it to the engine’s level.
FanoutBodyEncoding
The on-the-wire encoding of the fan-out op-envelope document body.