Documentation ¶
Overview ¶
Package config is a generated protocol buffer package.
The `opa` adapter exposes an [Open Policy Agent](http://www.openpolicyagent.org) engine that provides sophisticated access control mechanisms.
This adapter supports the [authorization template](https://istio.io/docs/reference/config/policy-and-telemetry/templates/authorization/).
It is generated from these files:
mixer/adapter/opa/config/config.proto
It has these top-level messages:
Params
Index ¶
- Variables
- type Params
- func (*Params) Descriptor() ([]byte, []int)
- func (m *Params) Marshal() (dAtA []byte, err error)
- func (m *Params) MarshalTo(dAtA []byte) (int, error)
- func (*Params) ProtoMessage()
- func (m *Params) Reset()
- func (m *Params) Size() (n int)
- func (this *Params) String() string
- func (m *Params) Unmarshal(dAtA []byte) error
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidLengthConfig = fmt.Errorf("proto: negative length found during unmarshaling") ErrIntOverflowConfig = fmt.Errorf("proto: integer overflow") )
Functions ¶
This section is empty.
Types ¶
type Params ¶
type Params struct { // List of OPA policies Policy []string `protobuf:"bytes,1,rep,name=policy" json:"policy,omitempty"` // Query method to check. // Format: data.<package name>.<method name> CheckMethod string `protobuf:"bytes,2,opt,name=check_method,json=checkMethod,proto3" json:"check_method,omitempty"` // Close the client request when adapter has a issue. // If failClose is set to true and there is a runtime error, // instead of disabling the adapter, close the client request FailClose bool `protobuf:"varint,3,opt,name=fail_close,json=failClose,proto3" json:"fail_close,omitempty"` }
Configuration format for the `opa` adapter.
Example configuration: ``` policy:
|+ package mixerauthz policy = [ { "rule": { "verbs": [ "storage.buckets.get" ], "users": [ "bucket-admins" ] } } ]
default allow = false
allow = true { rule = policy[_].rule input.subject.user = rule.users[_] input.action.method = rule.verbs[_] }
checkMethod: "data.mixerauthz.allow" failClose: true ```
func (*Params) Descriptor ¶
func (*Params) ProtoMessage ¶
func (*Params) ProtoMessage()