client

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 19, 2019 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewUnrecognizedConstraintError 

func NewUnrecognizedConstraintError(text string) error

Types

type Backend 

type Backend struct {
	// contains filtered or unexported fields
}

func NewBackend 

func NewBackend(opts ...BackendOpt) (*Backend, error)

NewBackend creates a new backend. A backend could be a connection to a remote server or a new local OPA instance.

func (*Backend) NewClient 

func (b *Backend) NewClient(opts ...ClientOpt) (*Client, error)

NewClient creates a new client for the supplied backend

type BackendOpt 

type BackendOpt func(*Backend)

func Driver 

func Driver(d drivers.Driver) BackendOpt

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func (*Client) AddConstraint 

func (c *Client) AddConstraint(ctx context.Context, constraint *unstructured.Unstructured) (*types.Responses, error)

AddConstraint validates the constraint and, if valid, inserts it into OPA

func (*Client) AddData 

func (c *Client) AddData(ctx context.Context, data interface{}) (*types.Responses, error)

AddData inserts the provided data into OPA for every target that can handle the data.

func (*Client) AddTemplate 

func (c *Client) AddTemplate(ctx context.Context, templ *templates.ConstraintTemplate) (*types.Responses, error)

AddTemplate adds the template source code to OPA and registers the CRD with the client for schema validation on calls to AddConstraint. It also returns a copy of the CRD describing the constraint.

func (*Client) Audit 

func (c *Client) Audit(ctx context.Context, opts ...QueryOpt) (*types.Responses, error)

Audit makes sure the cached state of the system satisfies all stored constraints

func (*Client) CreateCRD 

func (c *Client) CreateCRD(ctx context.Context, templ *templates.ConstraintTemplate) (*apiextensions.CustomResourceDefinition, error)

CreateCRD creates a CRD from template

func (*Client) Dump 

func (c *Client) Dump(ctx context.Context) (string, error)

Dump dumps the state of OPA to aid in debugging

func (*Client) RemoveConstraint 

func (c *Client) RemoveConstraint(ctx context.Context, constraint *unstructured.Unstructured) (*types.Responses, error)

RemoveConstraint removes a constraint from OPA

func (*Client) RemoveData 

func (c *Client) RemoveData(ctx context.Context, data interface{}) (*types.Responses, error)

RemoveData removes data from OPA for every target that can handle the data.

func (*Client) RemoveTemplate 

func (c *Client) RemoveTemplate(ctx context.Context, templ *templates.ConstraintTemplate) (*types.Responses, error)

RemoveTemplate removes the template source code from OPA and removes the CRD from the validation registry.

func (*Client) Reset 

func (c *Client) Reset(ctx context.Context) error

Reset the state of OPA

func (*Client) Review 

func (c *Client) Review(ctx context.Context, obj interface{}, opts ...QueryOpt) (*types.Responses, error)

Review makes sure the provided object satisfies all stored constraints

func (*Client) ValidateConstraint 

func (c *Client) ValidateConstraint(ctx context.Context, constraint *unstructured.Unstructured) error

ValidateConstraint returns an error if the constraint is not recognized or does not conform to the registered CRD for that constraint.

type ClientOpt 

type ClientOpt func(*Client) error

func AllowedDataFields 

func AllowedDataFields(fields ...string) ClientOpt

AllowedDataFields sets the fields under `data` that Rego in ConstraintTemplates can access. If unset, all fields can be accessed. Only fields recognized by the system can be enabled.

func Targets 

func Targets(ts ...TargetHandler) ClientOpt

type ErrorMap 

type ErrorMap map[string]error

func (ErrorMap) Error 

func (e ErrorMap) Error() string

type Errors 

type Errors []error

Errors is a list of error.

func (Errors) Error 

func (errs Errors) Error() string

Error implements error.

type MatchSchemaProvider 

type MatchSchemaProvider interface {
	// MatchSchema returns the JSON Schema for the `match` field of a constraint
	MatchSchema() apiextensions.JSONSchemaProps
}

type Probe 

type Probe struct {
	// contains filtered or unexported fields
}

func NewProbe 

func NewProbe(d drivers.Driver) (*Probe, error)

func (*Probe) TestFuncs 

func (p *Probe) TestFuncs() map[string]func() error

type QueryOpt 

type QueryOpt func(*queryCfg)

func Tracing 

func Tracing(enabled bool) QueryOpt

type TargetHandler 

type TargetHandler interface {
	MatchSchemaProvider

	GetName() string

	// Library returns the pieces of Rego code required to stitch together constraint evaluation
	// for the target. Current required libraries are `matching_constraints` and
	// `matching_reviews_and_constraints`
	//
	// Libraries are currently templates that have the following parameters:
	//   ConstraintsRoot: The root path under which all constraints for the target are stored
	//   DataRoot: The root path under which all data for the target is stored
	Library() *template.Template

	// ProcessData takes a potential data object and returns:
	//   true if the target handles the data type
	//   the path under which the data should be stored in OPA
	//   the data in an object that can be cast into JSON, suitable for storage in OPA
	ProcessData(interface{}) (bool, string, interface{}, error)

	// HandleReview takes a potential review request and builds the `review` field of the input
	// object. it returns:
	//		true if the target handles the data type
	//		the data for the `review` field
	HandleReview(interface{}) (bool, interface{}, error)

	// HandleViolation allows for post-processing of the result object, which can be mutated directly
	HandleViolation(result *types.Result) error

	// ValidateConstraint returns if the constraint is misconfigured in any way. This allows for
	// non-trivial validation of things like match schema
	ValidateConstraint(*unstructured.Unstructured) error
}

type UnrecognizedConstraintError 

type UnrecognizedConstraintError struct {
	// contains filtered or unexported fields
}

func (*UnrecognizedConstraintError) Error 

func (e *UnrecognizedConstraintError) Error() string

Source Files

View all Source files

Directories

Path Synopsis
local
remote

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.