pkg/settings/cresettings: add ConfidentialWorkflows.Enabled feature gate#2165
pkg/settings/cresettings: add ConfidentialWorkflows.Enabled feature gate#2165nadahalli wants to merge 4 commits into
Conversation
|
👋 nadahalli, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
✅ API Diff Results -
|
There was a problem hiding this comment.
Pull request overview
Adds a new feature gate to the CRE settings schema to allow confidential-workflows executions to be enabled/disabled via scoped settings (resolvable across workflow/owner/org/global through the settings registry’s scope fallback behavior).
Changes:
- Added
PerWorkflow.ConfidentialWorkflows.Enabled(Setting[bool], defaulttrue) to the CRE settings schema and defaults. - Updated golden defaults (
defaults.toml,defaults.json) to include the new key. - Updated the README mermaid flowchart to include the new setting key (required by package tests).
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| pkg/settings/cresettings/settings.go | Adds ConfidentialWorkflows.Enabled to the PerWorkflow schema and initializes its default to true. |
| pkg/settings/cresettings/README.md | Documents the new setting key in the flowchart to keep the README complete per tests. |
| pkg/settings/cresettings/defaults.toml | Regenerated defaults to include [PerWorkflow.ConfidentialWorkflows].Enabled = 'true'. |
| pkg/settings/cresettings/defaults.json | Regenerated defaults to include PerWorkflow.ConfidentialWorkflows.Enabled = "true". |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Adds PerWorkflow.ConfidentialWorkflows.Enabled (Setting[bool], default true) so the confidential-workflows capability can be toggled in production via the scoped settings registry, overridable at workflow/owner/org/global. Regenerated golden defaults and README.
nadahalli
force-pushed
the
tejaswi/cre-cw-enabled-flag
branch
from
19190ce to
6c25e6d
Compare
| "ResponseSizeLimit": "100kb" | ||
| }, | ||
| "ConfidentialWorkflows": { | ||
| "Enabled": "true" |
There was a problem hiding this comment.
Shouldn't the default be set to false?
Off by default; enable per workflow/owner/org/global to roll out confidential workflows in production. Addresses review feedback.
Adds
PerWorkflow.ConfidentialWorkflows.Enabled(Setting[bool], default true) to the CRE settings schema.This gives the confidential-workflows capability a feature flag that can be flipped in production through the scoped settings registry, with overrides resolvable at workflow, owner, org, or global level. The consuming GateLimiter lands separately in confidential-compute.
Regenerated defaults.toml / defaults.json and added the key to the README flowchart (both required by the package tests).