1use std::time::Duration;
13
14use mz_dyncfg::{Config, ConfigSet};
15
16pub const ALLOW_USER_SESSIONS: Config<bool> = Config::new(
17 "allow_user_sessions",
18 true,
19 "Whether to allow user roles to create new sessions. When false, only system roles will be permitted to create new sessions.",
20);
21
22pub const WITH_0DT_DEPLOYMENT_MAX_WAIT: Config<Duration> = Config::new(
24 "with_0dt_deployment_max_wait",
25 Duration::from_hours(365 * 24),
28 "How long to wait at most for clusters to be hydrated, when doing a zero-downtime deployment.",
29);
30
31pub const WITH_0DT_DEPLOYMENT_DDL_CHECK_INTERVAL: Config<Duration> = Config::new(
32 "with_0dt_deployment_ddl_check_interval",
33 Duration::from_secs(5 * 60),
34 "How often to check for DDL changes during zero-downtime deployment.",
35);
36
37pub const ENABLE_0DT_DEPLOYMENT_PANIC_AFTER_TIMEOUT: Config<bool> = Config::new(
38 "enable_0dt_deployment_panic_after_timeout",
39 false,
40 "Whether to panic if the maximum wait time is reached but preflight checks have not succeeded.",
41);
42
43pub const WITH_0DT_DEPLOYMENT_CAUGHT_UP_CHECK_INTERVAL: Config<Duration> = Config::new(
44 "0dt_deployment_hydration_check_interval",
46 Duration::from_secs(10),
47 "Interval at which to check whether clusters are caught up, when doing zero-downtime deployment.",
48);
49
50pub const WITH_0DT_CAUGHT_UP_CHECK_ALLOWED_LAG: Config<Duration> = Config::new(
51 "with_0dt_caught_up_check_allowed_lag",
52 Duration::from_secs(60),
53 "Maximum allowed lag when determining whether collections are caught up for 0dt deployments.",
54);
55
56pub const WITH_0DT_CAUGHT_UP_CHECK_CUTOFF: Config<Duration> = Config::new(
57 "with_0dt_caught_up_check_cutoff",
58 Duration::from_secs(2 * 60 * 60), "Collections whose write frontier is behind 'now' by more than the cutoff are ignored when doing caught-up checks for 0dt deployments.",
60);
61
62pub const ENABLE_0DT_CAUGHT_UP_REPLICA_STATUS_CHECK: Config<bool> = Config::new(
63 "enable_0dt_caught_up_replica_status_check",
64 true,
65 "Enable checking for crash/OOM-looping replicas during 0dt caught-up checks. Emergency break-glass flag to disable this feature if needed.",
66);
67
68pub const ENABLE_0DT_CAUGHT_UP_STABILITY_CHECK: Config<bool> = Config::new(
72 "enable_0dt_caught_up_stability_check",
73 true,
74 "Require clusters to stay caught-up and healthy for a stability period before being considered ready during 0dt deployments. Emergency break-glass flag: disabling reverts to treating a caught-up cluster as ready with no replica-health requirement, which differs from setting the stability period to zero (a zero period still requires all replicas to be healthy).",
75);
76
77pub const WITH_0DT_CAUGHT_UP_CHECK_STABILITY_PERIOD: Config<Duration> = Config::new(
78 "with_0dt_caught_up_check_stability_period",
79 Duration::from_secs(10 * 60), "How long a cluster must continuously be caught-up and have all replicas healthy before it is considered ready to cut over during a 0dt deployment.",
81);
82
83pub const ENABLE_STATEMENT_LIFECYCLE_LOGGING: Config<bool> = Config::new(
85 "enable_statement_lifecycle_logging",
86 true,
87 "Enable logging of statement lifecycle events in mz_internal.mz_statement_lifecycle_history.",
88);
89
90pub const ENABLE_INTROSPECTION_SUBSCRIBES: Config<bool> = Config::new(
92 "enable_introspection_subscribes",
93 true,
94 "Enable installation of introspection subscribes.",
95);
96
97pub const ENABLE_FRONTEND_SUBSCRIBES: Config<bool> = Config::new(
99 "enable_frontend_subscribes",
100 true,
101 "Enable sending subscribes down the new frontend-peek path.",
102);
103
104pub const PLAN_INSIGHTS_NOTICE_FAST_PATH_CLUSTERS_OPTIMIZE_DURATION: Config<Duration> = Config::new(
106 "plan_insights_notice_fast_path_clusters_optimize_duration",
107 Duration::from_millis(10),
113 "Enable plan insights fast path clusters calculation if the optimize step took less than this duration.",
114);
115
116pub const ENABLE_EXPRESSION_CACHE: Config<bool> = Config::new(
118 "enable_expression_cache",
119 true,
120 "Use a cache to store optimized expressions to help speed up start times.",
121);
122
123pub const ENABLE_PASSWORD_AUTH: Config<bool> = Config::new(
125 "enable_password_auth",
126 false,
127 "Enable password authentication.",
128);
129
130pub const OIDC_ISSUER: Config<Option<&'static str>> =
132 Config::new("oidc_issuer", None, "OIDC issuer URL.");
133
134pub const OIDC_AUDIENCE: Config<fn() -> serde_json::Value> = Config::new(
140 "oidc_audience",
141 || serde_json::json!([]),
142 "OIDC audience (client IDs). A JSON array of strings. When empty, audience validation is skipped.",
143);
144
145pub const OIDC_AUTHENTICATION_CLAIM: Config<&'static str> = Config::new(
147 "oidc_authentication_claim",
148 "sub",
149 "OIDC authentication claim to use as username.",
150);
151
152pub const OIDC_GROUP_ROLE_SYNC_ENABLED: Config<bool> = Config::new(
155 "oidc_group_role_sync_enabled",
156 false,
157 "Enable OIDC JWT group-to-role membership sync on login.",
158);
159
160pub const OIDC_GROUP_CLAIM: Config<&'static str> = Config::new(
164 "oidc_group_claim",
165 "groups",
166 "JWT claim path containing group memberships for role sync. Supports dot-separated paths into nested objects (e.g. customClaims.groups).",
167);
168
169pub const OIDC_GROUP_ROLE_SYNC_STRICT: Config<bool> = Config::new(
172 "oidc_group_role_sync_strict",
173 false,
174 "When true, reject login if OIDC group-to-role sync fails (fail-closed).",
175);
176
177pub const PERSIST_FAST_PATH_ORDER: Config<bool> = Config::new(
178 "persist_fast_path_order",
179 false,
180 "If set, send queries with a compatible literal constraint or ordering clause down the Persist fast path.",
181);
182
183pub const ENABLE_S3_TABLES_REGION_CHECK: Config<bool> = Config::new(
186 "enable_s3_tables_region_check",
187 false,
188 "Whether to enforce that S3 Tables connections are in the same region as the environment.",
189);
190
191pub const ENABLE_MCP_AGENT: Config<bool> = Config::new(
193 "enable_mcp_agent",
194 true,
195 "Whether the MCP agent HTTP endpoint is enabled. When false, requests to /api/mcp/agent return 503 Service Unavailable.",
196);
197
198pub const ENABLE_MCP_AGENT_QUERY_TOOL: Config<bool> = Config::new(
202 "enable_mcp_agent_query_tool",
203 true,
204 "Whether the MCP agent query tool is enabled. When false, the query tool is not advertised and calls to it are rejected. Agents can still discover and inspect data products.",
205);
206
207pub const ENABLE_MCP_AGENT_READ_DATA_PRODUCT_TOOL: Config<bool> = Config::new(
211 "enable_mcp_agent_read_data_product_tool",
212 true,
213 "Whether the MCP agent read_data_product tool is enabled. When false, the read_data_product tool is not advertised and calls to it are rejected. Agents can use the query tool to read data products.",
214);
215
216pub const ENABLE_MCP_DEVELOPER: Config<bool> = Config::new(
218 "enable_mcp_developer",
219 true,
220 "Whether the MCP developer HTTP endpoint is enabled. When false, requests to /api/mcp/developer return 503 Service Unavailable.",
221);
222
223pub const ENABLE_MCP_DEVELOPER_QUERY_TOOL: Config<bool> = Config::new(
227 "enable_mcp_developer_query_tool",
228 true,
229 "Whether the MCP developer query tool is enabled. When false, the query tool is not advertised and calls to it are rejected. Developers can still use query_system_catalog.",
230);
231
232pub const ENABLE_PUBLIC_METRICS_ENDPOINT: Config<bool> = Config::new(
234 "enable_public_metrics_endpoint",
235 true,
236 "Whether the external metrics endpoint on environmentd is enabled. When false, requests return 503.",
237);
238
239pub const MCP_MAX_RESPONSE_SIZE: Config<usize> = Config::new(
243 "mcp_max_response_size",
244 1_000_000,
245 "Maximum size in bytes of MCP tool response content. Responses exceeding this limit are rejected with an error telling the agent to narrow its query.",
246);
247
248pub const WEBHOOK_MAX_REQUEST_SIZE_BYTES: Config<usize> = Config::new(
253 "webhook_max_request_size_bytes",
254 5 * 1024 * 1024,
256 "The maximum size in bytes of a webhook request body, measured after decompression.",
257);
258
259pub const USER_ID_POOL_BATCH_SIZE: Config<u32> = Config::new(
262 "user_id_pool_batch_size",
263 512,
264 "Number of user IDs to pre-allocate in a batch for DDL operations.",
265);
266
267pub const CONSOLE_OIDC_CLIENT_ID: Config<&'static str> = Config::new(
269 "console_oidc_client_id",
270 "",
271 "OIDC client ID for the web console.",
272);
273
274pub const CONSOLE_OIDC_SCOPES: Config<&'static str> = Config::new(
276 "console_oidc_scopes",
277 "",
278 "Space-separated OIDC scopes requested by the web console.",
279);
280
281pub const ARRANGEMENT_SIZE_HISTORY_COLLECTION_INTERVAL: Config<Duration> = Config::new(
283 "arrangement_size_history_collection_interval",
284 Duration::ZERO,
286 "Interval at which to collect and snapshot per-object arrangement sizes \
287 into mz_internal.mz_object_arrangement_size_history.",
288);
289
290pub const ARRANGEMENT_SIZE_HISTORY_RETENTION_PERIOD: Config<Duration> = Config::new(
292 "arrangement_size_history_retention_period",
293 Duration::from_hours(7 * 24),
294 "How long to retain rows in mz_internal.mz_object_arrangement_size_history.",
295);
296
297pub const CATALOG_INFO_METRICS_RECONCILE_INTERVAL: Config<Duration> = Config::new(
301 "catalog_info_metrics_reconcile_interval",
302 Duration::from_secs(30),
303 "How frequently to reconcile the catalog `*_info` metrics with the catalog. A zero duration disables reconciliation.",
304);
305
306pub const PG_TIMESTAMP_ORACLE_STATEMENT_TIMEOUT: Config<Duration> = Config::new(
310 "pg_timestamp_oracle_statement_timeout",
311 crate::timestamp_oracle::DEFAULT_PG_TIMESTAMP_ORACLE_STATEMENT_TIMEOUT,
312 "The server-side statement timeout to set on Postgres/CRDB connections used by the \
313 Postgres/CRDB timestamp oracle. A value of zero leaves the statement timeout unset.",
314);
315
316pub const ENABLE_SCOPED_SYSTEM_PARAMETERS: Config<bool> = Config::new(
322 "enable_scoped_system_parameters",
323 false,
324 "Whether per-cluster and per-replica scoped system parameters are evaluated and applied.",
325);
326
327pub const ENABLE_CLUSTER_CONTROLLER: Config<bool> = Config::new(
332 "enable_cluster_controller",
333 false,
334 "Whether the cluster controller owns the managed-cluster replica set. When false, the legacy scheduling and graceful-reconfiguration paths run instead.",
335);
336
337pub const CLUSTER_CONTROLLER_TICK_INTERVAL: Config<Duration> = Config::new(
342 "cluster_controller_tick_interval",
343 Duration::from_secs(5),
344 "How often the cluster controller runs a reconcile tick.",
345);
346
347pub fn all_dyncfgs(configs: ConfigSet) -> ConfigSet {
349 configs
350 .add(&ALLOW_USER_SESSIONS)
351 .add(&ENABLE_CLUSTER_CONTROLLER)
352 .add(&CLUSTER_CONTROLLER_TICK_INTERVAL)
353 .add(&WITH_0DT_DEPLOYMENT_MAX_WAIT)
354 .add(&WITH_0DT_DEPLOYMENT_DDL_CHECK_INTERVAL)
355 .add(&ENABLE_0DT_DEPLOYMENT_PANIC_AFTER_TIMEOUT)
356 .add(&WITH_0DT_DEPLOYMENT_CAUGHT_UP_CHECK_INTERVAL)
357 .add(&WITH_0DT_CAUGHT_UP_CHECK_ALLOWED_LAG)
358 .add(&WITH_0DT_CAUGHT_UP_CHECK_CUTOFF)
359 .add(&ENABLE_0DT_CAUGHT_UP_REPLICA_STATUS_CHECK)
360 .add(&ENABLE_0DT_CAUGHT_UP_STABILITY_CHECK)
361 .add(&WITH_0DT_CAUGHT_UP_CHECK_STABILITY_PERIOD)
362 .add(&ENABLE_STATEMENT_LIFECYCLE_LOGGING)
363 .add(&ENABLE_INTROSPECTION_SUBSCRIBES)
364 .add(&ENABLE_FRONTEND_SUBSCRIBES)
365 .add(&PLAN_INSIGHTS_NOTICE_FAST_PATH_CLUSTERS_OPTIMIZE_DURATION)
366 .add(&ENABLE_EXPRESSION_CACHE)
367 .add(&ENABLE_PASSWORD_AUTH)
368 .add(&OIDC_ISSUER)
369 .add(&OIDC_AUDIENCE)
370 .add(&OIDC_AUTHENTICATION_CLAIM)
371 .add(&OIDC_GROUP_ROLE_SYNC_ENABLED)
372 .add(&OIDC_GROUP_CLAIM)
373 .add(&OIDC_GROUP_ROLE_SYNC_STRICT)
374 .add(&PERSIST_FAST_PATH_ORDER)
375 .add(&ENABLE_S3_TABLES_REGION_CHECK)
376 .add(&ENABLE_MCP_AGENT)
377 .add(&ENABLE_MCP_AGENT_QUERY_TOOL)
378 .add(&ENABLE_MCP_AGENT_READ_DATA_PRODUCT_TOOL)
379 .add(&ENABLE_MCP_DEVELOPER)
380 .add(&ENABLE_MCP_DEVELOPER_QUERY_TOOL)
381 .add(&ENABLE_PUBLIC_METRICS_ENDPOINT)
382 .add(&MCP_MAX_RESPONSE_SIZE)
383 .add(&WEBHOOK_MAX_REQUEST_SIZE_BYTES)
384 .add(&USER_ID_POOL_BATCH_SIZE)
385 .add(&CONSOLE_OIDC_CLIENT_ID)
386 .add(&CONSOLE_OIDC_SCOPES)
387 .add(&ARRANGEMENT_SIZE_HISTORY_COLLECTION_INTERVAL)
388 .add(&ARRANGEMENT_SIZE_HISTORY_RETENTION_PERIOD)
389 .add(&CATALOG_INFO_METRICS_RECONCILE_INTERVAL)
390 .add(&PG_TIMESTAMP_ORACLE_STATEMENT_TIMEOUT)
391 .add(&ENABLE_SCOPED_SYSTEM_PARAMETERS)
392}