runtime

package module
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 1, 2021 License: Apache-2.0 Imports: 33 Imported by: 8

README

runtime - an abstraction library on top of the Open Policy Agent (OPA)

Go Reference Go Report Card

Introduction

The "runtime" project is a library that sits on top of OPA.

The goal of the project is to allow you to quickly write code that builds, runs or tests OPA policies.

It uses the options pattern to facilitate construction of Runtime instances specific to your needs. You can start super simple, using it just to build some rego into a bundle, or you can get more complex, using it to start a runtime with plugins, built-ins and other features.

Install

go get -u github.com/aserto-dev/runtime

Usage

// Create a runtime
r, cleanup, err := runtime.NewRuntime(ctx, &logger, &runtime.Config{})
if err != nil {
  return errors.Wrap(err, "failed to create runtime")
}
defer cleanup()

// Use the runtime to build a bundle from the current directory
return r.Build(runtime.BuildParams{
  OutputFile: "my-bundle.tar.gz",
}, ".")

You can find a more complete example in the example directory.

Credits

Based on the awesome Open Policy Agent.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AsertoStore added in v0.1.0

type AsertoStore struct {
	// contains filtered or unexported fields
}

AsertoStore implements the OPA storage interface for the Aserto Runtime

func NewAsertoStore added in v0.1.0

func NewAsertoStore(logger *zerolog.Logger, cfg *Config) *AsertoStore

newAsertoStore creates a new AsertoStore

func (*AsertoStore) Abort added in v0.1.0

func (s *AsertoStore) Abort(ctx context.Context, txn storage.Transaction)

Abort is called to cancel the transaction.

func (*AsertoStore) Commit added in v0.1.0

func (s *AsertoStore) Commit(ctx context.Context, txn storage.Transaction) error

Commit is called to finish the transaction. If Commit returns an error, the transaction must be automatically aborted by the Store implementation.

func (*AsertoStore) DeletePolicy added in v0.1.0

func (s *AsertoStore) DeletePolicy(ctx context.Context, txn storage.Transaction, id string) error

DeletePolicy deletes a policy

func (*AsertoStore) GetPolicy added in v0.1.0

func (s *AsertoStore) GetPolicy(ctx context.Context, txn storage.Transaction, id string) ([]byte, error)

GetPolicy gets a policy

func (*AsertoStore) ListPolicies added in v0.1.0

func (s *AsertoStore) ListPolicies(ctx context.Context, txn storage.Transaction) ([]string, error)

ListPolicies lists all policies

func (*AsertoStore) NewTransaction added in v0.1.0

func (s *AsertoStore) NewTransaction(ctx context.Context, params ...storage.TransactionParams) (storage.Transaction, error)

NewTransaction is called to create a new transaction in the store.

func (*AsertoStore) Read added in v0.1.0

func (s *AsertoStore) Read(ctx context.Context, txn storage.Transaction, path storage.Path) (interface{}, error)

Read is called to fetch a document referred to by path.

func (*AsertoStore) Register added in v0.1.0

Register registers a trigger with the storage

func (*AsertoStore) UpsertPolicy added in v0.1.0

func (s *AsertoStore) UpsertPolicy(ctx context.Context, txn storage.Transaction, id string, bs []byte) error

UpsertPolicy creates a policy, or updates it if it already exists

func (*AsertoStore) Write added in v0.1.0

func (s *AsertoStore) Write(ctx context.Context, txn storage.Transaction, op storage.PatchOp, path storage.Path, value interface{}) error

Write is called to modify a document referred to by path.

type BuildParams

type BuildParams struct {
	CapabilitiesJsonFile string
	Target               BuildTargetType
	OptimizationLevel    int
	Entrypoints          []string
	OutputFile           string
	Revision             string
	Ignore               []string
	Debug                bool
	Algorithm            string
	Key                  string
	Scope                string
	PubKey               string
	PubKeyID             string
	ClaimsFile           string
	ExcludeVerifyFiles   []string
}

BuildParams contains all parameters used for doing a build

type BuildTargetType

type BuildTargetType int

BuildTargetType represents the type of build target

const (
	Rego BuildTargetType = iota
	Wasm
)

func (BuildTargetType) String

func (t BuildTargetType) String() string

type BundleState

type BundleState struct {
	ID             string
	Revision       string
	LastDownload   time.Time
	LastActivation time.Time
	Errors         []error
}

type Config

type Config struct {
	LocalBundles                  LocalBundlesConfig `json:"local_bundles"`
	InstanceID                    string             `json:"instance_id"`
	PluginsErrorLimit             int                `json:"plugins_error_limit"`
	GracefulShutdownPeriodSeconds int                `json:"graceful_shutdown_period_seconds"`
	MaxPluginWaitTimeSeconds      int                `json:"max_plugin_wait_time_seconds"`
	Config                        OPAConfig          `json:"config"`
}

type LocalBundlesConfig

type LocalBundlesConfig struct {
	Watch              bool                       `json:"watch"`
	Paths              []string                   `json:"paths"`
	Ignore             []string                   `json:"ignore"`
	SkipVerification   bool                       `json:"skip_verification"`
	VerificationConfig *bundle.VerificationConfig `json:"verification_config"`
}

type OPAConfig

type OPAConfig struct {
	Services                     map[string]interface{}          `json:"services,omitempty"`
	Labels                       map[string]string               `json:"labels,omitempty"`
	Discovery                    *discovery.Config               `json:"discovery,omitempty"`
	Bundles                      map[string]*bundleplugin.Source `json:"bundles,omitempty"`
	DecisionLogs                 *logs.Config                    `json:"decision_logs,omitempty"`
	Status                       *status.Config                  `json:"status,omitempty"`
	Plugins                      map[string]interface{}          `json:"plugins,omitempty"`
	Keys                         map[string]*keys.Config         `json:"keys,omitempty"`
	DefaultDecision              *string                         `json:"default_decision,omitempty"`
	DefaultAuthorizationDecision *string                         `json:"default_authorization_decision,omitempty"`
	Caching                      *cache.Config                   `json:"caching,omitempty"`
	PersistenceDirectory         *string                         `json:"persistence_directory,omitempty"`
}

type PluginDefinition

type PluginDefinition struct {
	Name    string
	Factory plugins.Factory
}

type Result

type Result struct {
	Result      rego.ResultSet
	Metrics     map[string]interface{}
	Explanation types.TraceV1
	DecisionID  string
}

Result contains the results of a Query execution

type Runtime

type Runtime struct {
	Store           storage.Store
	Logger          *zerolog.Logger
	Config          *Config
	PluginsManager  *plugins.Manager
	InterQueryCache cache.InterQueryCache
	// contains filtered or unexported fields
}

Runtime manages the OPA runtime (plugins, store and info data)

func NewRuntime

func NewRuntime(ctx context.Context, logger *zerolog.Logger, cfg *Config, opts ...RuntimeOption) (*Runtime, func(), error)

func (*Runtime) Build

func (r *Runtime) Build(params BuildParams, paths []string) error

Build builds a bundle using the Aserto OPA Runtime

func (*Runtime) BuiltinRequirements

func (r *Runtime) BuiltinRequirements() (json.RawMessage, error)

func (*Runtime) Query

func (r *Runtime) Query(ctx context.Context, qStr string, input map[string]interface{}, pretty, includeMetrics, includeInstrumentation bool, explain types.ExplainModeV1) (*Result, error)

Query executes a REGO query against the Aserto OPA Runtime explain can be "notes", "full" or "off"

func (*Runtime) Status

func (r *Runtime) Status() *RuntimeState

func (*Runtime) WaitForPlugins

func (r *Runtime) WaitForPlugins(ctx context.Context, maxWaitTime time.Duration) error

WaitForPlugins waits for all plugins to be ready

type RuntimeOption

type RuntimeOption func(*Runtime)

func WithBuiltin1

func WithBuiltin1(decl *rego.Function, impl rego.Builtin1) RuntimeOption

func WithBuiltin2

func WithBuiltin2(decl *rego.Function, impl rego.Builtin2) RuntimeOption

func WithBuiltin3

func WithBuiltin3(decl *rego.Function, impl rego.Builtin3) RuntimeOption

func WithBuiltin4

func WithBuiltin4(decl *rego.Function, impl rego.Builtin4) RuntimeOption

func WithBuiltinDyn

func WithBuiltinDyn(decl *rego.Function, impl rego.BuiltinDyn) RuntimeOption

func WithPlugin

func WithPlugin(name string, factory plugins.Factory) RuntimeOption

func WithStorage added in v0.1.0

func WithStorage(storage storage.Store) RuntimeOption

type RuntimeState

type RuntimeState struct {
	Ready   bool
	Errors  []error
	Bundles []BundleState
}

Directories

Path Synopsis
example module

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL