adminconfig

package

v0.6.1 Latest Latest Go to latest Published: Feb 6, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fybrik/fybrik

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func PrepareQuery() (rego.PreparedEvalQuery, error)
type DataRequest
type DecisionPerCapabilityMap
type EvaluatorInput
type EvaluatorInterface
type EvaluatorOutput
type Infrastructure
type InfrastructureManager
- func (r *InfrastructureManager) SetInfrastructure() (*Infrastructure, error)
type RegoPolicyEvaluator
- func NewRegoPolicyEvaluator(log zerolog.Logger, query rego.PreparedEvalQuery) *RegoPolicyEvaluator
- func (r *RegoPolicyEvaluator) Evaluate(in *EvaluatorInput) (EvaluatorOutput, error)
type WorkloadInfo

Constants ¶

View Source

const InfrastructureInfo string = "infrastructure.json"

A json file containing the infrastructure information

View Source

const RegoPolicyDirectory string = "/tmp/adminconfig/"

A directory containing rego files that define admin config policies

View Source

const ValidationPath string = "/tmp/taxonomy/adminrules.json#/definitions/EvaluationOutputStructure"

Variables ¶

This section is empty.

Functions ¶

func PrepareQuery ¶ added in v0.6.1

func PrepareQuery() (rego.PreparedEvalQuery, error)

PrepareQuery prepares a query for OPA evaluation - data object and compiled modules. This function is called prior to FybrikApplication controller creation in main. Monitoring changes in rego files will be implemented in the future version.

Types ¶

type DataRequest ¶

type DataRequest struct {
	// asset identifier
	DatasetID string `json:"datasetID"`
	// requested interface
	Interface api.InterfaceDetails `json:"interface"`
	// requested usage, e.g. "read": true, "write": false
	Usage map[api.DataFlow]bool `json:"usage"`
	// Asset metadata
	Metadata *datacatalog.ResourceMetadata `json:"dataset"`
}

DataRequest is a request to use a specific asset

type DecisionPerCapabilityMap ¶

type DecisionPerCapabilityMap map[taxonomy.Capability]adminrules.Decision

type EvaluatorInput ¶

type EvaluatorInput struct {
	// Workload configuration
	Workload WorkloadInfo `json:"workload"`
	// Requirements for asset usage
	Request DataRequest `json:"request"`
	// Governance Actions for reading data (relevant for read scenarios only)
	GovernanceActions []taxonomy.Action `json:"actions"`
}

EvaluatorInput is an input to Configuration Policies Evaluator. Used to evaluate configuration policies.

type EvaluatorInterface ¶

type EvaluatorInterface interface {
	Evaluate(in *EvaluatorInput) (EvaluatorOutput, error)
}

EvaluatorInterface is an interface for config policies' evaluator

type EvaluatorOutput ¶

type EvaluatorOutput struct {
	// Valid is true when there is no conflict between the decisions, and false otherwise
	Valid bool
	// Dataset identifier
	DatasetID string
	// Unique fybrikapplication id used for logging
	UUID string
	// Policy set id used in the evaluation
	PolicySetID string
	// Decisions per capability (after being merged)
	ConfigDecisions DecisionPerCapabilityMap
	// Affecting policies
	Policies []adminrules.DecisionPolicy
}

EvaluatorOutput is an output of ConfigurationPoliciesEvaluator. Used by manager to decide which modules are deployed and in which cluster.

type Infrastructure ¶

type Infrastructure struct {
	// Clusters available for deployment
	Clusters []multicluster.Cluster `json:"clusters"`
}

Infrastructure details, such as available clusters, storage accounts, metrics. TODO(shlomitk1): include available storage accounts Metrics (clusters, networking) are not supported yet. TODO(shlomitk1): define infrastructure taxonomy to be used in this structure

type InfrastructureManager ¶

type InfrastructureManager struct {
	ClusterManager multicluster.ClusterLister
	Client         client.Client
}

InfrastructureManager retrieves the infrastructure data, such as ClusterManager interface, kubernetes client, etc.

func (*InfrastructureManager) SetInfrastructure ¶

func (r *InfrastructureManager) SetInfrastructure() (*Infrastructure, error)

SetInfrastructure uses available interfaces to get the infrastructure details

type RegoPolicyEvaluator ¶

type RegoPolicyEvaluator struct {
	Log   zerolog.Logger
	Query rego.PreparedEvalQuery
}

RegoPolicyEvaluator implements EvaluatorInterface

func NewRegoPolicyEvaluator ¶

func NewRegoPolicyEvaluator(log zerolog.Logger, query rego.PreparedEvalQuery) *RegoPolicyEvaluator

NewRegoPolicyEvaluator constructs a new RegoPolicyEvaluator object

func (*RegoPolicyEvaluator) Evaluate ¶

func (r *RegoPolicyEvaluator) Evaluate(in *EvaluatorInput) (EvaluatorOutput, error)

Evaluate method evaluates the rego files based on the dynamic input object

type WorkloadInfo ¶

type WorkloadInfo struct {
	// Unique fybrikapplication id used for logging
	UUID string `json:"uuid"`
	// Policy set id to allow evaluation of a specific set of policies per fybrikapplication
	PolicySetID string `json:"policySetID"`
	// Cluster where the user workload is running
	Cluster multicluster.Cluster `json:"cluster"`
	// Application/workload properties
	Properties taxonomy.AppInfo `json:"properties,omitempty"`
}

WorkloadInfo holds workload details such as the cluster where the workload is running, and additional properties defined in the taxonomy, e.g. workload type

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL