Deferred from the infra-admin v1.1 program (workflow#807). v1/v1.1 serve provider regions from the host-side local catalog (AdminProviderSummary.regions_source = "local-catalog"); the proto field is intentionally forward-compatible for a future provider-sourced lister.
Placement (contract vs impl)
- Contract → this repo (
workflow): add an optional IaCProviderRegionLister gRPC service to plugin/external/proto/iac.proto, alongside the existing optional IaCProvider services (IaCProviderDriftDetector, IaCProviderEnumerator, IaCProviderCredentialRevoker) — same "required + optional services + ContractRegistry advertisement" pattern. Advertised via ContractRegistry; absence = no registration (default-deny → host falls back to local-catalog).
- Implementations → the cloud provider plugins (
workflow-plugin-aws/-gcp/-azure/-digitalocean) — they hold the cloud SDK + credentials to enumerate live regions.
- NOT
workflow-plugin-infra — it's the abstract-type + delegation layer (registers infra.* types that delegate to a named iac.provider module); it has no cloud access and doesn't own the engine↔plugin contract surface.
Consumer
The infra-admin form-builder calls the lister when a provider advertises it (set regions_source accordingly) and falls back to the host local-catalog otherwise.
Scope note: multi-provider cascade (1 engine-contract change in workflow + N provider-plugin impls). Orthogonal to the v1.1 mutation surface — deferred to keep the loose-coupling boundary clean. Design context: workspace docs/plans/2026-05-31-infra-admin-v1.1-design.md §1 (#20).
Deferred from the infra-admin v1.1 program (workflow#807). v1/v1.1 serve provider regions from the host-side local catalog (
AdminProviderSummary.regions_source = "local-catalog"); the proto field is intentionally forward-compatible for a future provider-sourced lister.Placement (contract vs impl)
workflow): add an optionalIaCProviderRegionListergRPC service toplugin/external/proto/iac.proto, alongside the existing optional IaCProvider services (IaCProviderDriftDetector,IaCProviderEnumerator,IaCProviderCredentialRevoker) — same "required + optional services + ContractRegistry advertisement" pattern. Advertised viaContractRegistry; absence = no registration (default-deny → host falls back tolocal-catalog).workflow-plugin-aws/-gcp/-azure/-digitalocean) — they hold the cloud SDK + credentials to enumerate live regions.workflow-plugin-infra— it's the abstract-type + delegation layer (registersinfra.*types that delegate to a namediac.providermodule); it has no cloud access and doesn't own the engine↔plugin contract surface.Consumer
The infra-admin form-builder calls the lister when a provider advertises it (set
regions_sourceaccordingly) and falls back to the hostlocal-catalogotherwise.Scope note: multi-provider cascade (1 engine-contract change in workflow + N provider-plugin impls). Orthogonal to the v1.1 mutation surface — deferred to keep the loose-coupling boundary clean. Design context: workspace
docs/plans/2026-05-31-infra-admin-v1.1-design.md§1 (#20).