opa

package
v0.0.0-...-f40b8e9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 2, 2023 License: AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	URL       = "url"
	AuthToken = "auth_token"

	EnvPolicyOpaURL       = "MINIO_POLICY_OPA_URL"
	EnvPolicyOpaAuthToken = "MINIO_POLICY_OPA_AUTH_TOKEN"
)

Env IAM OPA URL

View Source
const (
	EnvIamOpaURL       = "MINIO_IAM_OPA_URL"
	EnvIamOpaAuthToken = "MINIO_IAM_OPA_AUTHTOKEN"
)

Legacy OPA envs

Variables

View Source
var (
	DefaultKVS = config.KVS{
		config.KV{
			Key:   URL,
			Value: "",
		},
		config.KV{
			Key:   AuthToken,
			Value: "",
		},
	}
)

DefaultKVS - default config for OPA config

View Source
var (
	Help = config.HelpKVS{
		config.HelpKV{
			Key:         URL,
			Description: `[DEPRECATED] OPA HTTP(s) endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"` + defaultHelpPostfix(URL),
			Type:        "url",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         AuthToken,
			Description: "[DEPRECATED] authorization token for OPA endpoint" + defaultHelpPostfix(AuthToken),
			Optional:    true,
			Type:        "string",
			Sensitive:   true,
		},
		config.HelpKV{
			Key:         config.Comment,
			Description: config.DefaultComment,
			Optional:    true,
			Type:        "sentence",
		},
	}
)

Help template for OPA policy feature.

Functions

func Enabled

func Enabled(kvs config.KVS) bool

Enabled returns if opa is enabled.

func SetPolicyOPAConfig

func SetPolicyOPAConfig(s config.Config, opaArgs Args)

SetPolicyOPAConfig - One time migration code needed, for migrating from older config to new for PolicyOPAConfig.

Types

type Args

type Args struct {
	URL         *xnet.URL             `json:"url"`
	AuthToken   string                `json:"authToken"`
	Transport   http.RoundTripper     `json:"-"`
	CloseRespFn func(r io.ReadCloser) `json:"-"`
}

Args opa general purpose policy engine configuration.

func LookupConfig

func LookupConfig(kv config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (Args, error)

LookupConfig lookup Opa from config, override with any ENVs.

func (*Args) UnmarshalJSON

func (a *Args) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data.

func (*Args) Validate

func (a *Args) Validate() error

Validate - validate opa configuration params.

type Opa

type Opa struct {
	// contains filtered or unexported fields
}

Opa - implements opa policy agent calls.

func New

func New(args Args) *Opa

New - initializes opa policy engine connector.

func (*Opa) IsAllowed

func (o *Opa) IsAllowed(args iampolicy.Args) (bool, error)

IsAllowed - checks given policy args is allowed to continue the REST API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL