# Demo

In [1]:
from datetime import datetime

from confflow import (
    BooleanField,
    DateField,
    FloatField,
    IntegerField,
    Manager,
    Schema,
    StringField,
    StringListField,
)
from confflow.manager.group import MutualExclusive

## Schema (comprehensive)

In [None]:
config_manager = Manager(
    # Core application schema (always required)
    Schema(
        "app",
        description="Application configuration settings that define the core identity and deployment parameters of the service",  # noqa: E501
    )
    .add(
        StringField(
            "name",
            description="The unique identifier name for this application service, used across all deployment environments and monitoring systems. Must be URL-safe and descriptive enough for operations teams to identify the service quickly.",  # noqa: E501
            default_value="analytics-service",
            min_length=3,
            max_length=50,
        ),
    )
    .add(
        StringField(
            "version",
            description="Semantic version number following the major.minor.patch format (e.g., 2.4.1). Used for deployment tracking, rollback procedures, and compatibility checks across dependent services.",  # noqa: E501
            default_value="2.4.1",
            regex=r"^\d+\.\d+\.\d+$",
        ),
    )
    .add(
        Schema(
            "deployment",
            description="Deployment configuration parameters that control how and where the application is deployed across cloud infrastructure",  # noqa: E501
        )
        .add(
            StringField(
                "region",
                description="Primary AWS region identifier where the main application resources will be deployed. This affects latency, compliance requirements, and disaster recovery strategies.",  # noqa: E501
                default_value="us-east-1",
                min_length=4,
                max_length=20,
            ),
        )
        .add(
            StringListField(
                "availabilityZones",
                description="List of AWS Availability Zone identifiers for deploying resources across multiple isolated locations within the region. This ensures high availability and fault tolerance by distributing infrastructure components geographically within the same region.",  # noqa: E501
                default_value=["us-east-1a", "us-east-1b", "us-west-2a"],
                min_items=1,
                max_items=10,
                unique_items=True,
                min_length=8,
                max_length=15,
                regex=r"^[a-z]{2}-[a-z]+-\d[a-z]$",
            ),
        )
        .add(
            IntegerField(
                "replicas",
                description="Number of identical application instances to run simultaneously for load distribution and high availability. Higher values provide better fault tolerance and performance but increase resource costs.",  # noqa: E501
                default_value=3,
                ge=1,
                le=100,
            ),
        )
        .add(
            Schema(
                "resources",
                description="Resource allocation specifications that define the computational limits and requests for the application containers",  # noqa: E501
            )
            .add(
                Schema(
                    "limits",
                    description="Maximum resource constraints that the application container cannot exceed, preventing resource starvation of other services",  # noqa: E501
                ).add(
                    StringField(
                        "cpu",
                        description="Maximum CPU cores or millicores (1000m = 1 core) that the container can consume. Kubernetes will throttle the container if it tries to exceed this limit. Use 'm' suffix for millicores or omit for full cores.",  # noqa: E501
                        default_value="500m",
                        regex=r"^\d+(m|)$",
                    ),
                ),
            )
            .add(
                Schema(
                    "requests",
                    description="Guaranteed resource allocations that Kubernetes scheduler uses for pod placement decisions and billing calculations",  # noqa: E501
                )
                .add(
                    StringField(
                        "cpu",
                        description="Guaranteed CPU cores or millicores that will be reserved for this container on the node. The scheduler ensures this amount is available before placing the pod. Use 'm' suffix for millicores.",  # noqa: E501
                        default_value="250m",
                        regex=r"^\d+(m|)$",
                    ),
                )
                .add(
                    StringField(
                        "memory",
                        description="Guaranteed memory allocation in mebibytes (Mi) or gibibytes (Gi) that will be reserved for this container. This memory is guaranteed to be available and affects pod scheduling decisions.",  # noqa: E501
                        default_value="256Mi",
                        regex=r"^\d+(Mi|Gi|)$",
                    ),
                ),
            ),
        ),
    ),
    # Environment-specific groups (choose one deployment environment)
    MutualExclusive(
        Schema(
            "development",
            description="Development environment configuration with relaxed security and debugging features enabled",  # noqa: E501
        )
        .add(
            BooleanField(
                "debugMode",
                description="Enable debug logging and development tools",
                default_value=True,
            ),
        )
        .add(
            Schema(
                "logging",
                description="Development logging configuration",
            ).add(
                StringField(
                    "level",
                    description="Log level for development environment",
                    default_value="DEBUG",
                    enum=["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"],
                ),
            ),
        ),
        Schema(
            "staging",
            description="Staging environment configuration that mirrors production but with testing features enabled",  # noqa: E501
        )
        .add(
            BooleanField(
                "testDataEnabled",
                description="Allow test data injection for staging tests",
                default_value=True,
            ),
        )
        .add(
            Schema(
                "logging",
                description="Staging logging configuration",
            ).add(
                StringField(
                    "level",
                    description="Log level for staging environment",
                    default_value="INFO",
                    enum=["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"],
                ),
            ),
        ),
        Schema(
            "production",
            description="Production environment configuration with full security and monitoring enabled",  # noqa: E501
        )
        .add(
            BooleanField(
                "securityMode",
                description="Enable production security features",
                default_value=True,
            ),
        )
        .add(
            Schema(
                "logging",
                description="Production logging configuration",
            ).add(
                StringField(
                    "level",
                    description="Log level for production environment",
                    default_value="WARNING",
                    enum=["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"],
                ),
            ),
        ),
    ),
    # Database backend group (choose one database type)
    MutualExclusive(
        Schema(
            "database_postgresql",
            description="PostgreSQL database configuration for relational data storage with ACID compliance",  # noqa: E501
        ).add(
            Schema(
                "primary",
                description="Primary PostgreSQL database connection settings",
            )
            .add(
                StringField(
                    "host",
                    description="PostgreSQL server hostname or IP address",
                    default_value="postgres-prod.internal",
                    min_length=5,
                ),
            )
            .add(
                IntegerField(
                    "port",
                    description="PostgreSQL server port number",
                    default_value=5432,
                    ge=1024,
                    le=65535,
                ),
            )
            .add(
                StringField(
                    "database",
                    description="PostgreSQL database name",
                    default_value="analytics_db",
                    min_length=1,
                ),
            )
            .add(
                Schema(
                    "credentials",
                    description="PostgreSQL authentication credentials",
                )
                .add(
                    StringField(
                        "username",
                        description="PostgreSQL username",
                        default_value="analytics_user",
                        min_length=3,
                    ),
                )
                .add(
                    StringField(
                        "passwordFromEnv",
                        description="Environment variable containing PostgreSQL password",  # noqa: E501
                        default_value="POSTGRES_PASSWORD",
                        regex=r"^[A-Z_][A-Z0-9_]*$",
                    )
                )
            )
            .add(
                BooleanField(
                    "ssl",
                    description="Enable SSL encryption for PostgreSQL connections",
                    default_value=True,
                ),
            ),
        ),
        Schema(
            "database_mysql",
            description="MySQL database configuration for high-performance relational data operations",  # noqa: E501
        ).add(
            Schema(
                "primary",
                description="Primary MySQL database connection settings",
            )
            .add(
                StringField(
                    "host",
                    description="MySQL server hostname or IP address",
                    default_value="mysql-prod.internal",
                    min_length=5,
                ),
            )
            .add(
                IntegerField(
                    "port",
                    description="MySQL server port number",
                    default_value=3306,
                    ge=1024,
                    le=65535,
                ),
            )
            .add(
                StringField(
                    "database",
                    description="MySQL database name",
                    default_value="analytics_db",
                    min_length=1,
                ),
            )
            .add(
                Schema(
                    "credentials",
                    description="MySQL authentication credentials",
                )
                .add(
                    StringField(
                        "username",
                        description="MySQL username",
                        default_value="analytics_user",
                        min_length=3,
                    ),
                )
                .add(
                    StringField(
                        "passwordFromEnv",
                        description="Environment variable containing MySQL password",
                        default_value="MYSQL_PASSWORD",
                        regex=r"^[A-Z_][A-Z0-9_]*$",
                    ),
                ),
            )
            .add(
                BooleanField(
                    "ssl",
                    description="Enable SSL encryption for MySQL connections",
                    default_value=True,
                ),
            ),
        ),
        Schema(
            "database_mongodb",
            description="MongoDB configuration for document-based NoSQL data storage and flexible schema operations",  # noqa: E501
        )
        .add(
            StringField(
                "connectionString",
                description="MongoDB connection URI including authentication and database information",  # noqa: E501
                default_value="mongodb://analytics_user:${MONGO_PASSWORD}@mongo-prod.internal:27017/analytics_db",
                min_length=10,
            ),
        )
        .add(
            BooleanField(
                "ssl",
                description="Enable SSL/TLS encryption for MongoDB connections",
                default_value=True,
            ),
        )
        .add(
            IntegerField(
                "maxPoolSize",
                description="Maximum number of connections in the MongoDB connection pool",  # noqa: E501
                default_value=10,
                ge=1,
                le=100,
            ),
        ),
    ),
    # Always required schemas
    Schema(
        "features",
        description="Feature flags and experimental functionality toggles that control application behavior without requiring code deployments",  # noqa: E501
    )
    .add(
        Schema(
            "auditLogging",
            description="Comprehensive audit logging system configuration for compliance, security monitoring, and operational tracking",  # noqa: E501
        )
        .add(
            BooleanField(
                "enabled",
                description="Master switch to enable or disable the entire audit logging system. When disabled, no audit events are captured or stored, which may violate compliance requirements.",  # noqa: E501
                default_value=True,
            ),
        )
        .add(
            IntegerField(
                "retentionDays",
                description="Number of days to retain audit log data before automatic deletion. Longer retention periods improve forensic capabilities but increase storage costs and may have legal implications.",  # noqa: E501
                default_value=30,
                ge=1,
                le=3650,
            ),
        )
        .add(
            Schema(
                "output",
                description="Configuration for where and how audit log data is stored and transmitted",  # noqa: E501
            )
            .add(
                StringField(
                    "type",
                    description="Output destination type for audit logs. 's3' stores in AWS S3 buckets, 'gcs' uses Google Cloud Storage, 'stdout' outputs to standard output for container log aggregation.",  # noqa: E501
                    default_value="s3",
                    regex=r"^(s3|gcs|stdout)$",
                ),
            )
            .add(
                StringField(
                    "bucket",
                    description="Name of the S3 or GCS bucket where audit logs will be stored. Bucket must exist and the application must have write permissions. Consider bucket lifecycle policies for cost optimization.",  # noqa: E501
                    default_value="prod-audit-logs",
                    min_length=3,
                ),
            )
            .add(
                StringField(
                    "path",
                    description="Prefix path within the storage bucket for organizing audit log files. Use date-based paths for easier log management and lifecycle policies. Should end with a trailing slash.",  # noqa: E501
                    default_value="logs/2025/",
                    min_length=1,
                ),
            ),
        ),
    )
    .add(
        Schema(
            "experiments",
            description="A/B testing and experimental feature configurations for gradual feature rollouts and user experience optimization",  # noqa: E501
        )
        .add(
            Schema(
                "userSegmentation",
                description="User segmentation experiment configuration for testing personalized user experiences and behavioral analysis",  # noqa: E501
            )
            .add(
                BooleanField(
                    "enabled",
                    description="Enable the user segmentation experiment. When disabled, all users receive the default experience regardless of their segment classification.",  # noqa: E501
                    default_value=True,
                ),
            )
            .add(
                FloatField(
                    "rollout",
                    description="Percentage of users (as a decimal between 0.0 and 1.0) who will be included in the experiment. Start with small values and gradually increase based on results and confidence levels.",  # noqa: E501
                    default_value=0.3,
                    ge=0.0,
                    le=1.0,
                ),
            )
            .add(
                DateField(
                    "startDate",
                    description="Date when the experiment begins. Users will only be enrolled in the experiment on or after this date. Use for coordinating with marketing campaigns or business requirements.",  # noqa: E501
                    default_value=datetime(2025, 1, 1),
                ),
            )
        )
        .add(
            Schema(
                "newUI",
                description="New user interface experiment for testing redesigned user experience components and interaction patterns",  # noqa: E501
            )
            .add(
                BooleanField(
                    "enabled",
                    description="Enable the new UI experiment. When enabled, selected users will see the redesigned interface elements instead of the legacy UI components.",  # noqa: E501
                    default_value=False,
                ),
            )
            .add(
                StringField(
                    "notes",
                    description="Free-form notes about the experiment including hypothesis, expected outcomes, measurement criteria, and any special considerations for the development or operations teams.",  # noqa: E501
                    default_value=None,
                    max_length=200,
                ),
            ),
        ),
    ),
    Schema(
        "network",
        description="Network connectivity and security configuration including ingress routing, TLS termination, and firewall rules",  # noqa: E501
    )
    .add(
        Schema(
            "ingress",
            description="Ingress controller configuration for routing external traffic to the application and managing public-facing connectivity",  # noqa: E501
        )
        .add(
            StringField(
                "hostname",
                description="Public-facing hostname where the application will be accessible to end users. Must be a valid DNS name that resolves to the ingress controller. Consider using subdomains for different environments.",  # noqa: E501
                default_value="analytics.example.com",
                regex=r"^[a-z0-9.-]+$",
            )
        )
        .add(
            Schema(
                "tls",
                description="Transport Layer Security configuration for encrypting traffic between clients and the application",  # noqa: E501
            )
            .add(
                BooleanField(
                    "enabled",
                    description="Enable HTTPS/TLS encryption for all incoming traffic. Essential for production deployments to protect data in transit and maintain user trust. Required for modern web standards.",  # noqa: E501
                    default_value=True,
                )
            )
            .add(
                StringField(
                    "secretName",
                    description="Name of the Kubernetes secret containing the TLS certificate and private key. The secret must be present in the same namespace and contain 'tls.crt' and 'tls.key' data fields.",  # noqa: E501
                    default_value="analytics-tls",
                    min_length=3,
                ),
            ),
        ),
    )
    .add(
        Schema(
            "firewall",
            description="Network firewall rules and access control configuration for securing inbound and outbound traffic at the network level",  # noqa: E501
        ).add(
            StringListField(
                name="allowCIDRs",
                description="List of CIDR (Classless Inter-Domain Routing) blocks that are permitted to access the application. Each CIDR block represents a range of IP addresses that can bypass firewall restrictions. Use specific ranges for better security - avoid 0.0.0.0/0 in production. Common private network ranges are included by default for internal service communication.",  # noqa: E501
                default_value=["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"],
                min_items=1,
                max_items=100,
                unique_items=True,
                regex=r"^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(?:[0-2]?[0-9]|3[0-2])$",
            ),
        ),
    ),
)

In [3]:
config_manager.template("./comprehensive_template.yaml", descriptions=True)

In [4]:
a = {
    "auditLogging": {
        "enabled": True,
        "retentionDays": 30,
        "output": {"type": "s3", "bucket": "prod-audit-logs", "path": "logs/2025/"},
    },
    "experiments": {
        "userSegmentation": {
            "enabled": True,
            "rollout": 0.3,
        },
        "newUI": {"enabled": False},
        "notes": "These are notes.",
    },
}

In [5]:
config = config_manager.load("./comprehensive.yaml")

In [6]:
config["database_postgresql"]["host"]

'postgres-prod.internal'

# Simple

In [7]:
config_manager = Manager(
    # Core application settings (always required)
    Schema("app", description="Basic application configuration")
    .add(
        StringField(
            "name",
            description="Application name",
            default_value="my-app",
            min_length=3,
            max_length=30,
        )
    )
    .add(
        StringField(
            "version",
            description="Application version (e.g., 1.0.0)",
            default_value="1.0.0",
            regex=r"^\d+\.\d+\.\d+$",
        )
    )
    .add(
        IntegerField(
            "port",
            description="Port number for the application",
            default_value=8080,
            ge=1024,
            le=65535,
        )
    ),
    # Environment selection (choose one)
    MutualExclusive(
        Schema("development", description="Development environment settings")
        .add(
            BooleanField(
                "debug",
                description="Enable debug mode",
                default_value=True,
            )
        )
        .add(
            StringField(
                "logLevel",
                description="Logging level",
                default_value="DEBUG",
                enum=["DEBUG", "INFO", "WARN", "ERROR"],
            )
        ),
        Schema("production", description="Production environment settings")
        .add(
            BooleanField(
                "debug",
                description="Enable debug mode",
                default_value=False,
            )
        )
        .add(
            StringField(
                "logLevel",
                description="Logging level",
                default_value="ERROR",
                enum=["DEBUG", "INFO", "WARN", "ERROR"],
            )
        )
        .add(
            StringField(
                "secretKey",
                description="Production secret key",
                min_length=32,
            )
        ),
    ),
    # Database selection (choose one)
    MutualExclusive(
        Schema("database_sqlite", description="SQLite database configuration").add(
            StringField(
                "path",
                description="Database file path",
                default_value="./data.db",
            )
        ),
        Schema("database_postgres", description="PostgreSQL database configuration")
        .add(
            StringField(
                "host",
                description="Database host",
                default_value="localhost",
            )
        )
        .add(
            IntegerField(
                "port",
                description="Database port",
                default_value=5432,
                ge=1,
                le=65535,
            )
        )
        .add(
            StringField(
                "database",
                description="Database name",
                default_value="myapp_db",
            )
        )
        .add(
            StringField(
                "username",
                description="Database username",
                default_value="user",
            )
        ),
    ),
    # Features (always included)
    Schema("features", description="Feature toggles and settings")
    .add(
        BooleanField(
            "enableAuth",
            description="Enable user authentication",
            default_value=True,
        )
    )
    .add(
        BooleanField(
            "enableCache",
            description="Enable caching layer",
            default_value=False,
        )
    )
    .add(
        Schema("notifications", description="Notification system settings")
        .add(
            BooleanField(
                "email",
                description="Enable email notifications",
                default_value=True,
            )
        )
        .add(
            StringField(
                "fromAddress",
                description="Email sender address",
                default_value="noreply@myapp.com",
                regex=r"^[^@]+@[^@]+\.[^@]+$",
            )
        )
    ),
)

In [8]:
config_manager.template("./simple_template.yaml", descriptions=True)

In [9]:
config = config_manager.load("./simple.yaml")

In [10]:
config["database_postgres"]["host"]

'localhost'