Expand description
Storage Stored* wire types.
These are the serde-friendly DTOs persisted by the daemon’s SqlxStorage
backends and surfaced over the REST API. They live here (not in
zlayer-api) so SDK consumers can deserialize them without pulling in
axum/sqlx/tokio.
Convenience constructors that allocate fresh UUIDs, plus the
database-bound traits and concrete sqlx implementations, remain in
zlayer-api::storage — that’s where the uuid dependency lives. This
crate only carries the wire shapes (structs, enums, and pure-data
Display impls).
Structs§
- Node
Identity - Per-node identity and key material.
- Oidc
Identity - One OIDC identity link row.
- Replicated
Secret - A secret replicated through Raft. Every node has the same encrypted
blob; only nodes whose
secrets_pubkeyis in the currentWrappedDekfor this generation can decrypt. - Step
Result - Result of executing a single step in a workflow run.
- Stored
Deployment - A stored deployment with metadata.
- Stored
Environment - A deployment/runtime environment (e.g. “dev”, “staging”, “prod”).
- Stored
Notifier - A stored notifier — a named notification channel that fires alerts to Slack, Discord, a generic webhook, or SMTP when triggered.
- Stored
Permission - A stored permission grant binding a subject (user or group) to a resource with a specific access level.
- Stored
Project - A project bundles a git source, build configuration, registry credential reference, linked deployments, and a default environment.
- Stored
Sync - A stored sync resource (persistent record of a git-backed resource set).
- Stored
Task - A stored task — a named runnable script that can be executed on demand.
- Stored
User - A stored user account.
- Stored
User Group - A stored user group for role-based access control.
- Stored
Variable - A stored variable — a plaintext key-value pair for template substitution in deployment specs. Variables are NOT encrypted (unlike secrets). They live in their own storage, separate from the encrypted secrets store.
- Stored
Workflow - A stored workflow — a named sequence of steps forming a DAG that composes tasks, project builds, deploys, and sync applies.
- TaskRun
- A recorded execution of a task.
- Workflow
Run - A recorded execution of a workflow.
- Workflow
Step - A single step in a workflow.
- Wrapped
Dek - The cluster data-encryption key (DEK), wrapped per-node so each member can decrypt without ever holding a shared cluster-wide private key.
Enums§
- Build
Kind - How a project is built.
- Deployment
Status - Deployment lifecycle status.
- Node
Affinity - Constrains which nodes are allowed to host a given secret’s
decryptable form. Used as the value of
ReplicatedSecret.node_affinity.Noneon a secret = unconstrained (any node may host);Some(...)= only matching nodes receive a wrap of this row’s DEK material, and the API gate filters reads accordingly. - Notifier
Config - Channel-specific configuration for a notifier.
- Notifier
Kind - Notification channel type.
- Permission
Level - Access level for a resource permission, ordered from least to most privilege.
- Subject
Kind - Whether a permission subject is a user or a group.
- Task
Kind - Script type for a task.
- User
Role - User role. Admins can do everything; regular users are constrained by per-resource permissions (added in a later phase).
- Workflow
Action - The action a workflow step performs.
- Workflow
RunStatus - Overall status of a workflow run.