ignition-stack 0.2.0__tar.gz → 0.4.0__tar.gz

{ignition_stack-0.2.0 → ignition_stack-0.4.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ignition-stack
-Version: 0.2.0
+Version: 0.4.0
 Summary: CLI that generates ready-to-run Docker Compose stacks for Ignition 8.3 SCADA demos and SE engagements
 Author-email: Eric Knorr <etknorr@gmail.com>
 License: MIT

ignition_stack-0.4.0/builtin_modules.yaml

@@ -0,0 +1,122 @@
+# Catalog of the built-in IA modules that ship inside the Ignition gateway
+# image. Used to translate a gateway's `disable_builtins` slugs into the
+# GATEWAY_MODULES_ENABLED whitelist the engine emits (enabled = all built-ins
+# minus the disabled ones, plus any third-party module identifiers).
+#
+# Why this file exists:
+#   GATEWAY_MODULES_ENABLED is a strict WHITELIST, not a blocklist - anything
+#   not listed is quarantined at boot (verified live on 8.3.6). So "disable
+#   Vision" can only be expressed as "enable every built-in except Vision".
+#   That inversion needs the COMPLETE built-in set; an incomplete list would
+#   silently quarantine the modules we forgot to enumerate. This file is that
+#   complete set, and tests/test_builtin_catalog.py (marked `smoke`) re-derives
+#   it from the live image so a stale list fails CI loudly instead of dropping
+#   modules silently.
+#
+# Provenance (how to regenerate when bumping the Ignition image):
+#   1. Boot the pinned image with no whitelist so every built-in loads:
+#        docker run --rm -e ACCEPT_IGNITION_EULA=Y -e GATEWAY_ADMIN_PASSWORD=x \
+#          inductiveautomation/ignition:<tag>
+#   2. Read the loaded set from the gateway log lines:
+#        Starting up module '<identifier>' ... module-name=<name>
+#   3. Update `ignition_version` and the `modules` list below to match.
+#   The smoke guard test automates this comparison.
+#
+# `identifier` is the fully-qualified module id used verbatim in
+# GATEWAY_MODULES_ENABLED. `slug` is the friendly kebab name a user puts in
+# `disable_builtins`. `name` is the gateway's display name (for wizard labels).
+
+version: 1
+
+# The exact Ignition image tag this built-in set was captured from. The guard
+# test only asserts a match when the running image reports this version.
+ignition_version: "8.3.6"
+
+modules:
+  - slug: alarm-notification
+    identifier: com.inductiveautomation.alarm-notification
+    name: Alarm Notification
+  - slug: allen-bradley-driver
+    identifier: com.inductiveautomation.opcua.drivers.ablegacy
+    name: Allen-Bradley Driver
+  - slug: bacnet-driver
+    identifier: com.inductiveautomation.opcua.drivers.bacnet
+    name: BACnet Driver
+  - slug: enterprise-administration
+    identifier: com.inductiveautomation.eam
+    name: Enterprise Administration
+  - slug: event-streams
+    identifier: com.inductiveautomation.eventstream
+    name: Event Streams
+  - slug: historian-core
+    identifier: com.inductiveautomation.historian
+    name: Historian Core
+  - slug: kafka-connector
+    identifier: com.inductiveautomation.connectors.kafka
+    name: Kafka Connector
+  - slug: legacy-dnp3-driver
+    identifier: com.inductiveautomation.opcua.drivers.dnp3
+    name: Legacy DNP3 Driver
+  - slug: logix-driver
+    identifier: com.inductiveautomation.opcua.drivers.logix
+    name: Logix Driver
+  - slug: mariadb-jdbc-driver
+    identifier: com.inductiveautomation.jdbc.mariadb
+    name: MariaDB JDBC Driver
+  - slug: micro800-driver
+    identifier: com.inductiveautomation.opcua.drivers.micro800
+    name: Micro800 Driver
+  - slug: mitsubishi-driver
+    identifier: com.inductiveautomation.opcua.drivers.mitsubishi
+    name: Mitsubishi Driver
+  - slug: modbus-driver
+    identifier: com.inductiveautomation.opcua.drivers.modbus
+    name: Modbus Driver
+  - slug: mssql-jdbc-driver
+    identifier: com.inductiveautomation.jdbc.mssql
+    name: MSSQL JDBC Driver
+  - slug: omron-driver
+    identifier: com.inductiveautomation.opcua.drivers.omron
+    name: Omron Driver
+  - slug: opc-ua
+    identifier: com.inductiveautomation.opcua
+    name: OPC-UA
+  - slug: perspective
+    identifier: com.inductiveautomation.perspective
+    name: Perspective
+  - slug: postgresql-jdbc-driver
+    identifier: com.inductiveautomation.jdbc.postgresql
+    name: PostgreSQL JDBC Driver
+  - slug: reporting
+    identifier: com.inductiveautomation.reporting
+    name: Reporting
+  - slug: sfc
+    identifier: com.inductiveautomation.sfc
+    name: SFC
+  - slug: siemens-drivers
+    identifier: com.inductiveautomation.opcua.drivers.siemens
+    name: Siemens Drivers
+  - slug: siemens-enhanced-driver
+    identifier: com.inductiveautomation.opcua.drivers.siemens-symbolic
+    name: Siemens Enhanced Driver
+  - slug: sms-notification
+    identifier: com.inductiveautomation.sms-notification
+    name: SMS Notification
+  - slug: sql-bridge
+    identifier: com.inductiveautomation.sqlbridge
+    name: SQL Bridge
+  - slug: sql-historian
+    identifier: com.inductiveautomation.historian.sql
+    name: SQL Historian
+  - slug: symbol-factory
+    identifier: com.inductiveautomation.symbol-factory
+    name: Symbol Factory
+  - slug: udp-and-tcp-drivers
+    identifier: com.inductiveautomation.opcua.drivers.tcpudp
+    name: UDP and TCP Drivers
+  - slug: vision
+    identifier: com.inductiveautomation.vision
+    name: Vision
+  - slug: webdev
+    identifier: com.inductiveautomation.webdev
+    name: WebDev

ignition_stack-0.4.0/ignition_stack/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.4.0"

ignition_stack-0.4.0/ignition_stack/catalog/builtins.py

@@ -0,0 +1,171 @@
+"""Load and query the built-in IA module catalog (``builtin_modules.yaml``).
+
+The third-party catalog (``modules.yaml`` + ``catalog/schema.py``) covers
+modules the CLI *adds*. This module covers the modules that *already ship*
+inside the gateway image, which the engine needs in order to translate a
+gateway's ``disable_builtins`` slugs into a ``GATEWAY_MODULES_ENABLED``
+whitelist.
+
+The whitelist is strict: anything not listed is quarantined at boot. So
+"disable Vision" is expressed as "enable every built-in except Vision",
+which requires the *complete* built-in set - hence a pinned data file plus a
+smoke guard test that re-derives it from the live image.
+"""
+
+from __future__ import annotations
+
+from functools import lru_cache
+from importlib import resources
+from pathlib import Path
+from typing import Annotated
+
+import yaml
+from pydantic import BaseModel, ConfigDict, Field, ValidationError, field_validator
+
+
+class BuiltinCatalogLoadError(Exception):
+    """Raised when builtin_modules.yaml cannot be read or fails validation."""
+
+
+DEFAULT_BUILTIN_CATALOG_NAME = "builtin_modules.yaml"
+
+
+class BuiltinModule(BaseModel):
+    """One built-in IA module that ships inside the gateway image."""
+
+    model_config = ConfigDict(extra="forbid", frozen=True)
+
+    slug: Annotated[
+        str,
+        Field(
+            min_length=1,
+            pattern=r"^[a-z0-9][a-z0-9-]*$",
+            description="Friendly kebab name a user puts in `disable_builtins`.",
+        ),
+    ]
+    identifier: Annotated[
+        str,
+        Field(
+            min_length=1,
+            pattern=r"^[a-z0-9.-]+$",
+            description="Fully-qualified module id, used verbatim in GATEWAY_MODULES_ENABLED.",
+        ),
+    ]
+    name: Annotated[str, Field(min_length=1, description="Gateway display name (wizard label).")]
+
+
+class BuiltinCatalog(BaseModel):
+    """Top-level shape of builtin_modules.yaml."""
+
+    model_config = ConfigDict(extra="forbid", frozen=True)
+
+    version: Annotated[int, Field(ge=1)]
+    ignition_version: Annotated[
+        str,
+        Field(min_length=1, description="Image tag this built-in set was captured from."),
+    ]
+    modules: Annotated[list[BuiltinModule], Field(min_length=1)]
+
+    @field_validator("modules")
+    @classmethod
+    def _slugs_unique(cls, modules: list[BuiltinModule]) -> list[BuiltinModule]:
+        slugs = [m.slug for m in modules]
+        dupes = sorted({s for s in slugs if slugs.count(s) > 1})
+        if dupes:
+            raise ValueError(f"duplicate built-in slugs: {', '.join(dupes)}")
+        return modules
+
+    @property
+    def slugs(self) -> set[str]:
+        """Every known built-in slug."""
+        return {m.slug for m in self.modules}
+
+    def identifiers_excluding(self, disabled_slugs: list[str]) -> list[str]:
+        """FQ identifiers of every built-in whose slug is not in ``disabled_slugs``.
+
+        Order follows the catalog (already alphabetical by slug) so generated
+        whitelists are deterministic and golden-stable.
+        """
+        disabled = set(disabled_slugs)
+        return [m.identifier for m in self.modules if m.slug not in disabled]
+
+
+def load_builtin_catalog(path: Path | None = None) -> BuiltinCatalog:
+    """Load and validate the built-in catalog.
+
+    With ``path=None`` the catalog shipped with the installed package is used;
+    a path overrides it (test fixtures). Mirrors ``catalog.loader.load_catalog``.
+    """
+    yaml_text = _read_yaml_text(path)
+    name = DEFAULT_BUILTIN_CATALOG_NAME
+    try:
+        raw = yaml.safe_load(yaml_text)
+    except yaml.YAMLError as exc:
+        raise BuiltinCatalogLoadError(f"{name} is not valid YAML: {exc}") from exc
+
+    if not isinstance(raw, dict):
+        raise BuiltinCatalogLoadError(f"{name} top-level must be a mapping.")
+
+    try:
+        return BuiltinCatalog.model_validate(raw)
+    except ValidationError as exc:
+        raise BuiltinCatalogLoadError(
+            f"{DEFAULT_BUILTIN_CATALOG_NAME} failed schema validation:\n{exc}"
+        ) from exc
+
+
+@lru_cache(maxsize=1)
+def default_builtin_catalog() -> BuiltinCatalog:
+    """The built-in catalog shipped with the package, loaded once and cached.
+
+    The data file is immutable package data, so both config validation and the
+    compose engine can share a single memoized read rather than re-parsing YAML
+    on every gateway.
+    """
+    return load_builtin_catalog()
+
+
+def builtin_slugs() -> frozenset[str]:
+    """Slugs of the shipped built-in catalog, for cheap ``disable_builtins`` validation."""
+    return frozenset(default_builtin_catalog().slugs)
+
+
+def validate_disable_slugs(slugs: list[str]) -> None:
+    """Raise ``ValueError`` if any slug is not a known built-in.
+
+    Shared by ``GatewayConfig`` field validation (construction-time) and
+    ``profiles.apply_disable_builtins`` (post-construction mutation, which
+    pydantic does not re-validate), so the wizard/CLI path is guarded too. A
+    typo would otherwise be a silent no-op - the slug just isn't disabled.
+    """
+    known = builtin_slugs()
+    unknown = [s for s in slugs if s not in known]
+    if unknown:
+        raise ValueError(
+            f"unknown built-in module slug(s): {', '.join(unknown)}. "
+            f"Valid slugs are: {', '.join(sorted(known))}"
+        )
+
+
+def _read_yaml_text(path: Path | None) -> str:
+    if path is not None:
+        if not path.is_file():
+            raise BuiltinCatalogLoadError(f"Built-in catalog not found at {path}.")
+        return path.read_text(encoding="utf-8")
+
+    # Installed wheels: force-included as ignition_stack/builtin_modules.yaml.
+    # Editable dev installs: it lives at the repo root next to pyproject.toml.
+    try:
+        bundled = resources.files("ignition_stack").joinpath(DEFAULT_BUILTIN_CATALOG_NAME)
+        if bundled.is_file():
+            return bundled.read_text(encoding="utf-8")
+    except (FileNotFoundError, OSError, ModuleNotFoundError):
+        pass
+
+    repo_root = Path(__file__).resolve().parents[2]
+    dev_path = repo_root / DEFAULT_BUILTIN_CATALOG_NAME
+    if not dev_path.is_file():
+        raise BuiltinCatalogLoadError(
+            f"{DEFAULT_BUILTIN_CATALOG_NAME} not found in package data or at {dev_path}."
+        )
+    return dev_path.read_text(encoding="utf-8")

{ignition_stack-0.2.0 → ignition_stack-0.4.0}/ignition_stack/cli.py

@@ -22,6 +22,7 @@ from rich.console import Console
 from ignition_stack import __version__
 from ignition_stack.commands.modules import modules_app
 from ignition_stack.completion import (
+    complete_disable_builtin,
     complete_edge_role,
     complete_output_format,
     complete_profile,
@@ -55,6 +56,11 @@ from ignition_stack.profiles import (
     list_profiles,
 )
 from ignition_stack.services.resolver import resolve
+from ignition_stack.update_check import (
+    check_for_update,
+    detect_upgrade_command,
+    should_notify,
+)
 from ignition_stack.wizard import run_wizard
 
 app = typer.Typer(
@@ -88,6 +94,27 @@ def _root(
     if ctx.invoked_subcommand is None:
         console.print(ctx.get_help())
         raise typer.Exit()
+    _notify_update_available()
+
+
+def _notify_update_available() -> None:
+    """Print a one-line advisory when a newer release is on PyPI.
+
+    Runs only for real subcommands (not --version or bare help) and only on an
+    interactive terminal. Best-effort: any failure inside the check is swallowed
+    rather than allowed to disrupt the command the user actually ran.
+    """
+    if not should_notify():
+        return
+    result = check_for_update()
+    if result is None:
+        return
+    current, latest = result
+    console.print(
+        f"[dim]update available[/dim] [yellow]{current}[/yellow] -> "
+        f"[green]{latest}[/green] · run: [cyan]{detect_upgrade_command()}[/cyan]",
+        highlight=False,
+    )
 
 
 def _profile_help() -> str:
@@ -172,6 +199,17 @@ def init(
         ),
         autocompletion=complete_redundant_role,
     ),
+    disable_builtin: list[str] = typer.Option(  # noqa: B008 - Typer pattern
+        [],
+        "--disable-builtin",
+        help=(
+            "Built-in IA module to turn off on every gateway (repeatable), e.g. "
+            "--disable-builtin vision --disable-builtin sfc. Emits a "
+            "GATEWAY_MODULES_ENABLED whitelist of everything else. Slugs "
+            "tab-complete; an unknown slug is rejected with the full valid list."
+        ),
+        autocompletion=complete_disable_builtin,
+    ),
     from_file: Path | None = typer.Option(  # noqa: B008 - Typer pattern
         None,
         "--from-file",
@@ -240,6 +278,7 @@ def init(
             reverse_proxy=reverse_proxy,
             proxy_path=proxy_path,
             redundant=redundant,
+            disable_builtin=disable_builtin,
         )
 
     if dry_run:
@@ -328,6 +367,7 @@ def _build_from_profile(
     reverse_proxy: str | None,
     proxy_path: str,
     redundant: str | None,
+    disable_builtin: list[str],
 ) -> ProjectConfig:
     """Materialize a config from the named profile + CLI flags, or exit cleanly."""
     try:
@@ -345,6 +385,7 @@ def _build_from_profile(
         network_split=network_split,
         reverse_proxy=proxy,
         redundant_role=redundant,
+        disable_builtins=tuple(disable_builtin),
     )
     try:
         config = build_profile(profile, name, options)
@@ -463,7 +504,9 @@ def _options_from_config(config: ProjectConfig) -> ProfileOptions:
     'none' to keep the new profile from re-introducing its edge default); the
     spoke count from the number of spoke-role gateways, the frontend count from
     the number of frontend-role gateways, and the network split is carried over
-    verbatim so a reshape preserves the user's topology choice.
+    verbatim so a reshape preserves the user's topology choice. Disabled
+    built-in modules are carried over too (see below) so a reshape doesn't
+    silently re-enable Vision/SFC/etc.
     """
     edge_roles = [gw.role or gw.name for gw in config.gateways if gw.ignition_edition == "edge"]
     spoke_count = sum(1 for gw in config.gateways if (gw.role or "") == "spoke")
@@ -479,6 +522,12 @@ def _options_from_config(config: ProjectConfig) -> ProfileOptions:
         ),
         None,
     )
+    # Disabled built-ins are applied stack-wide, so carry over the slugs disabled
+    # on EVERY gateway (the intersection) - that is the stack-wide intent, and it
+    # won't over-disable a module that a hand-authored config turned off on only
+    # one node. The target profile re-applies it uniformly.
+    disabled_sets = [set(gw.disable_builtins) for gw in config.gateways]
+    disable_builtins = tuple(sorted(set.intersection(*disabled_sets))) if disabled_sets else ()
     return ProfileOptions(
         spokes=spoke_count or 3,
         frontends=frontend_count or 1,
@@ -488,6 +537,7 @@ def _options_from_config(config: ProjectConfig) -> ProfileOptions:
         database_kind=config.database.kind if config.database else None,
         services=tuple(config.services),
         redundant_role=redundant_role,
+        disable_builtins=disable_builtins,
     )
 
 

{ignition_stack-0.2.0 → ignition_stack-0.4.0}/ignition_stack/completion.py

@@ -77,3 +77,18 @@ def complete_module_name(incomplete: str) -> list[str]:
         # catalog must degrade to "no suggestions", never break the shell line.
         return []
     return [entry.name for entry in entries if entry.name.startswith(incomplete)]
+
+
+def complete_disable_builtin(incomplete: str) -> list[tuple[str, str]]:
+    """Built-in module slugs (with display name) matching the typed prefix.
+
+    Reads the bundled built-in catalog; degrades to no suggestions on any error
+    so a TAB never breaks the shell line.
+    """
+    try:
+        from ignition_stack.catalog.builtins import default_builtin_catalog
+
+        modules = default_builtin_catalog().modules
+    except Exception:
+        return []
+    return [(m.slug, m.name) for m in modules if m.slug.startswith(incomplete)]

{ignition_stack-0.2.0 → ignition_stack-0.4.0}/ignition_stack/compose/engine.py

@@ -39,6 +39,7 @@ from typing import TYPE_CHECKING
 from jinja2 import Environment, PackageLoader, StrictUndefined
 from ruamel.yaml import YAML
 
+from ignition_stack.catalog.builtins import default_builtin_catalog
 from ignition_stack.services.loader import load_all_services, load_service
 
 if TYPE_CHECKING:
@@ -131,10 +132,7 @@ def _render_database(config: ProjectConfig) -> str:
     """
     db = config.database
     assert db is not None
-    if config.is_multi_gateway:
-        container_name_ref = f"{db.name}-${{COMPOSE_PROJECT_NAME}}"
-    else:
-        container_name_ref = f"{db.name}-${{GATEWAY_NAME}}"
+    container_name_ref = f"{db.name}-${{COMPOSE_PROJECT_NAME}}" if config.is_multi_gateway else f"{db.name}-${{GATEWAY_NAME}}"
     tpl = _service_jinja_env().get_template(f"{db.kind}/compose.yaml.j2")
     return tpl.render(
         name=db.name,
@@ -186,9 +184,7 @@ def _service_dependencies(manifest: object, config: ProjectConfig) -> list[str]:
     return deps
 
 
-def _gateway_context(
-    gw: GatewayConfig, config: ProjectConfig, catalog: Catalog | None
-) -> dict[str, object]:
+def _gateway_context(gw: GatewayConfig, config: ProjectConfig, catalog: Catalog | None) -> dict[str, object]:
     """Build the per-gateway context dict shared by the bootstrap + gateway fragments."""
     multi = config.is_multi_gateway
 
@@ -215,10 +211,7 @@ def _gateway_context(
         # (DB/broker access). Gateways with no role tag default to
         # frontend membership; explicit role=backend lands a gateway on
         # only the backend (rare; used for backend-only edge cases).
-        if gw.role == "backend":
-            networks = [NETWORK_BACKEND]
-        else:
-            networks = [NETWORK_FRONTEND, NETWORK_BACKEND]
+        networks = [NETWORK_BACKEND] if gw.role == "backend" else [NETWORK_FRONTEND, NETWORK_BACKEND]
 
     module_identifiers = _module_identifiers_for(gw, catalog)
     cached_modules = bool(gw.modules)
@@ -253,24 +246,40 @@ def _bootstrap_context(ctx: dict[str, object]) -> dict[str, object]:
     }
 
 
-def _ignition_context(
-    ctx: dict[str, object], config: ProjectConfig, multi: bool
-) -> dict[str, object]:
+def _ignition_context(ctx: dict[str, object], config: ProjectConfig, multi: bool) -> dict[str, object]:
     gw: GatewayConfig = ctx["gw"]  # type: ignore[assignment]
     # IGNITION_EDITION lives in the anchor as "standard", so only emit an
     # override when this gateway differs - keeps Phase 2's environment
     # block as the bare anchor reference.
     edition_override = gw.ignition_edition if gw.ignition_edition != "standard" else None
 
-    # Redundancy wiring (Phase 4, per the verified Phase-3 spike):
-    #  - Any node in a pair opens its incoming Gateway Network policy
-    #    (Unrestricted + no-SSL) so the plain redundancy link auto-approves.
-    #  - The backup additionally points a generic outgoing GAN connection at
-    #    the master (HOST/PORT/ENABLESSL - all three, not just HOST, or it
-    #    defaults to SSL:8060 and faults) and must NOT be renamed via -n: it
-    #    adopts the master's system name on first sync.
+    # Gateway Network wiring (Phase 4, per the verified Phase-3 spike, which the
+    # spike itself notes mirrors the publicdemo-all dev stack: 8088 / no-SSL /
+    # Unrestricted). Two kinds of GAN link ride this same plain, auto-approving
+    # path:
+    #  - Redundancy: the backup points an outgoing connection at its master and
+    #    must NOT be renamed via -n (it adopts the master's system name on sync).
+    #  - Multi-gateway profiles: each gateway names its peers in gan_outgoing
+    #    (scaleout frontend -> backend, hub-and-spoke spoke -> hub).
+    # Every GAN participant carries the full open incoming block. Mirroring the
+    # spike's BOTH-ends shape keeps requireSSL=false on the *initiator* too -
+    # the spike flagged that as the load-bearing setting for a plain link, so we
+    # don't shrink it to receiver-only.
     is_redundant = gw.redundancy is not None
     is_backup = is_redundant and gw.redundancy.mode == "backup"
+
+    # HOST/PORT/ENABLESSL trio per outgoing connection (all plain, SSL off).
+    gan_outgoing: list[dict[str, object]] = []
+    if is_backup:
+        gan_outgoing.append({"host": gw.redundancy.peer, "port": gw.redundancy.gan_port})
+    gan_outgoing.extend({"host": peer, "port": 8088} for peer in gw.gan_outgoing)
+
+    # A gateway opens the Unrestricted incoming policy when it takes part in the
+    # GAN at all: it is a redundancy node, it initiates a connection, or some
+    # other gateway opens one to it (hub/backend as a link target).
+    gan_targets = {peer for other in config.gateways for peer in other.gan_outgoing}
+    gan_incoming = is_redundant or bool(gan_outgoing) or gw.name in gan_targets
+
     return {
         "service_name": ctx["service_name"],
         "bootstrap_service_name": ctx["bootstrap_service_name"],
@@ -280,12 +289,16 @@ def _ignition_context(
         "memory_mb": gw.memory_mb,
         "edition_override": edition_override,
         "module_identifiers": ctx["module_identifiers"],
+        # disable_active drives template emission (not the value's truthiness) so
+        # that disabling EVERY built-in emits an empty whitelist - which quarantines
+        # all, matching intent - instead of omitting the var and re-enabling all.
+        "disable_active": bool(gw.disable_builtins),
+        "modules_enabled": _modules_enabled_for(gw, ctx["module_identifiers"]),  # type: ignore[arg-type]
         "database_service": config.database.name if config.database else None,
         "networks": ctx["networks"],
-        "redundant": is_redundant,
         "rename": not is_backup,
-        "gan_peer_host": gw.redundancy.peer if is_backup else None,
-        "gan_port": gw.redundancy.gan_port if is_backup else None,
+        "gan_incoming": gan_incoming,
+        "gan_outgoing": gan_outgoing,
     }
 
 
@@ -294,19 +307,13 @@ def _module_identifiers_for(gw: GatewayConfig, catalog: Catalog | None) -> str:
     if not gw.modules:
         return ""
     if catalog is None:
-        raise ValueError(
-            f"gateway '{gw.name}' lists modules {gw.modules} but no catalog "
-            "was passed to render_compose; load modules.yaml first"
-        )
+        raise ValueError(f"gateway '{gw.name}' lists modules {gw.modules} but no catalog " "was passed to render_compose; load modules.yaml first")
     identifiers: list[str] = []
     for slug in gw.modules:
         try:
             entry = catalog.by_name(slug)
         except KeyError as exc:
-            raise ValueError(
-                f"gateway '{gw.name}' references unknown module '{slug}'; "
-                "check modules.yaml and the gateway config"
-            ) from exc
+            raise ValueError(f"gateway '{gw.name}' references unknown module '{slug}'; " "check modules.yaml and the gateway config") from exc
         # Modules-only env vars: JDBC drivers shouldn't be enumerated here.
         if not _is_module(entry):
             continue
@@ -314,6 +321,29 @@ def _module_identifiers_for(gw: GatewayConfig, catalog: Catalog | None) -> str:
     return ",".join(identifiers)
 
 
+def _modules_enabled_for(gw: GatewayConfig, module_identifiers: str) -> str:
+    """The GATEWAY_MODULES_ENABLED whitelist VALUE for this gateway.
+
+    GATEWAY_MODULES_ENABLED is a strict whitelist: if set, every built-in not
+    listed is quarantined at boot. The template emits the var based on
+    ``disable_active`` (whether any built-in was disabled), not on this value's
+    truthiness - so disabling every built-in yields an empty string here and an
+    empty whitelist downstream (quarantines all), rather than silently omitting
+    the var and re-enabling everything.
+
+    When something is disabled the whitelist must be complete: every built-in the
+    user did not disable, PLUS any third-party modules we added
+    (``module_identifiers``) - or those added modules would be quarantined too.
+    Returns '' when nothing is disabled (the var is omitted in that case).
+    """
+    if not gw.disable_builtins:
+        return ""
+    enabled = default_builtin_catalog().identifiers_excluding(gw.disable_builtins)
+    added = [ident for ident in module_identifiers.split(",") if ident]
+    enabled.extend(ident for ident in added if ident not in enabled)
+    return ",".join(enabled)
+
+
 def _is_module(entry: ModuleEntry | object) -> bool:
     return getattr(entry, "kind", None) == "module"
 
@@ -347,10 +377,7 @@ def _describe(config: ProjectConfig) -> str:
     """Human-readable header comment summarizing the stack."""
     n = len(config.gateways)
     if n == 1 and config.database and config.database.kind == "postgres" and not config.services:
-        return (
-            "Walking skeleton: one Ignition 8.3 gateway, one Postgres, "
-            "env-driven commissioning so first boot needs no UI."
-        )
+        return "Walking skeleton: one Ignition 8.3 gateway, one Postgres, " "env-driven commissioning so first boot needs no UI."
     parts = [f"{n} Ignition 8.3 gateway{'s' if n != 1 else ''}"]
     if config.database:
         parts.append(f"one {config.database.kind}")

{ignition_stack-0.2.0 → ignition_stack-0.4.0}/ignition_stack/compose/templates/services/ignition.yaml.j2

@@ -22,18 +22,21 @@
     ACCEPT_MODULE_LICENSES: "{{ module_identifiers }}"
     ACCEPT_MODULE_CERTS: "{{ module_identifiers }}"
 {%- endif %}
-{%- if redundant %}
+{%- if disable_active %}
+    GATEWAY_MODULES_ENABLED: "{{ modules_enabled }}"
+{%- endif %}
+{%- if gan_incoming %}
     GATEWAY_NETWORK_ENABLED: "true"
     GATEWAY_NETWORK_ALLOWINCOMING: "true"
     GATEWAY_NETWORK_SECURITYPOLICY: "Unrestricted"
     GATEWAY_NETWORK_REQUIRESSL: "false"
     GATEWAY_NETWORK_REQUIRETWOWAYAUTH: "false"
 {%- endif %}
-{%- if gan_peer_host %}
-    GATEWAY_NETWORK_0_HOST: "{{ gan_peer_host }}"
-    GATEWAY_NETWORK_0_PORT: "{{ gan_port }}"
-    GATEWAY_NETWORK_0_ENABLESSL: "false"
-{%- endif %}
+{%- for conn in gan_outgoing %}
+    GATEWAY_NETWORK_{{ loop.index0 }}_HOST: "{{ conn.host }}"
+    GATEWAY_NETWORK_{{ loop.index0 }}_PORT: "{{ conn.port }}"
+    GATEWAY_NETWORK_{{ loop.index0 }}_ENABLESSL: "false"
+{%- endfor %}
   command: >
 {%- if rename %}
     -n {{ gateway_name_ref }}