Introduce a config file model for Galley

[ozevren]

Galley is starting to accummulate too many command-line flags. It is going to get worse with future improvements, such as reverse-MCP. This adds a settings file model, and plumbs it through.

• Add a single file-format with sub-sections, that closely map to the existing command-line flags.
• Add a mostly-empty settings file, that is contains examples and documentation of various setting values.
• Plumb it through the command-line.

[googlebot]

So there's good news and bad news.

👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there.

😕 The bad news is that it appears that one or more commits were authored or co-authored by someone other than the pull request submitter. We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that here in the pull request.

Note to project maintainer: This is a terminal state, meaning the cla/google commit status will not change from this state. It's up to you to confirm consent of all the commit author(s), set the cla label to yes (if enabled on your project), and then merge this pull request when appropriate.

[googlebot]

CLAs look good, thanks!

[ayj]

nit: s/metadata/annotations :)

[jeffmendoza]

Do we want gRPC stream metadata and resource annotations?

[ayj]

TLS is a form of authentication. Should it be configured as part of the auth plugin?

[ozevren]

This needs to be strongly typed, at least for the validation case. For MCP case, we can model it as an "auth provider".

[ozevren]

Just pushed another change that incorporates an "Auth Provider" model. I am not going to check this in though. I'd like to get the config model using current settings in first, then change both the settings & the code to be Auth Provider based.

[istio-testing]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ozevren
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: hklai

If they are not already assigned, you can assign the PR to them by writing /assign @hklai in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ozevren]

/test istio_auth_sds_e2e

[istio-testing]

@ozevren: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
prow/e2e-simpleTests-minProfile.sh	c51478d	link	/test e2e-simpleTestsMinProfile
prow/istio-integ-k8s-tests.sh	c51478d	link	/test istio-integ-k8s-tests
prow/istio-pilot-multicluster-e2e.sh	c51478d	link	/test istio-pilot-multicluster-e2e
prow/e2e_pilotv2_auth_sds.sh	c51478d	link	/test istio_auth_sds_e2e

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[geeknoid]

For compat, I think we need to keep the flags that existed in 1.0. You can mark them as deprecated, but they should still work in the same way as before until 1.3

[geeknoid]

WOuld it make sense to leave this on the command-line, like the log flags?

[ayj]

Shouldn't this use the types.DurationFromProto from github.com/gogo/protobuf/types if settings.proto is compiled with gogo proto?

[ayj]

Is this autogenerated from the default settings, or written by hand? Are we relying on PR reviews to maintain consistency between the two?

[istio-testing]

@ozevren: PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 2 weeks. It will be closed in 30 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 2 weeks. It will be closed in 30 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[ozevren]

Will move this to master.