bundle

package
v0.31.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 31, 2023 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source 
const DriverName = "bundle"

Variables

View Source 
var ErrBundleNotLoaded = errors.New("bundle not loaded yet")
View Source 
var ErrNoSource = errors.New("at least one of local or remote sources must be defined")

Functions

func NewStore 

func NewStore(ctx context.Context, conf *Conf) (storage.BinaryStore, error)

Types

type Bundle 

type Bundle struct {
	// contains filtered or unexported fields
}

func Open 

func Open(opts OpenOpts) (*Bundle, error)

func (*Bundle) Close added in v0.30.0 

func (b *Bundle) Close() error

func (*Bundle) GetFirstMatch added in v0.29.0 

func (b *Bundle) GetFirstMatch(_ context.Context, candidates []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)

func (*Bundle) ListPolicyIDs 

func (b *Bundle) ListPolicyIDs(_ context.Context, _ storage.ListPolicyIDsParams) ([]string, error)

func (*Bundle) ListSchemaIDs 

func (b *Bundle) ListSchemaIDs(_ context.Context) ([]string, error)

func (*Bundle) LoadSchema 

func (b *Bundle) LoadSchema(_ context.Context, path string) (io.ReadCloser, error)

func (*Bundle) Release 

func (b *Bundle) Release() error

type CloudAPIClient 

type CloudAPIClient interface {
	BootstrapBundle(context.Context, string) (string, error)
	GetBundle(context.Context, string) (string, error)
	WatchBundle(context.Context, string) (cloudapi.WatchHandle, error)
	GetCachedBundle(string) (string, error)
}

type Conf 

type Conf struct {
	// Remote holds configuration for remote bundle source. Takes precedence over local if both are defined.
	Remote *RemoteSourceConf `yaml:"remote"`
	// Local holds configuration for local bundle source.
	Local *LocalSourceConf `yaml:"local"`
	// Credentials holds bundle source credentials.
	Credentials CredentialsConf `yaml:"credentials"`
	// CacheSize defines the number of policies to cache in memory.
	CacheSize uint `yaml:"cacheSize" conf:",example=1024"`
}

Conf is required (if driver is set to 'bundle') configuration for bundle storage driver. +desc=This section is required only if storage.driver is bundle.

func GetConf 

func GetConf() (*Conf, error)

func (*Conf) Key 

func (conf *Conf) Key() string

func (*Conf) SetDefaults 

func (conf *Conf) SetDefaults()

func (*Conf) Validate 

func (conf *Conf) Validate() (outErr error)

type ConnectionConf 

type ConnectionConf struct {
	// TLS defines settings for TLS connections.
	TLS TLSConf `yaml:"tls"`
	// APIEndpoint is the address of the API server.
	APIEndpoint string `yaml:"apiEndpoint" conf:"required,example=https://api.cerbos.cloud"`
	// BootstrapEndpoint is the addresses of the server serving the bootstrap configuration.
	BootstrapEndpoint string `yaml:"bootstrapEndpoint" conf:"required,example=https://cdn.cerbos.cloud"`
	// MinRetryWait is the minimum amount of time to wait between retries.
	MinRetryWait time.Duration `yaml:"minRetryWait" conf:",example=1s"`
	// MaxRetryWait is the maximum amount of time to wait between retries.
	MaxRetryWait time.Duration `yaml:"maxRetryWait" conf:",example=120s"`
	// NumRetries is the number of times to retry before giving up.
	NumRetries uint `yaml:"numRetries" conf:",example=5"`
	// HeartbeatInterval is the interval for sending regular heartbeats.
	HeartbeatInterval time.Duration `yaml:"heartbeatInterval" conf:",example=2m"`
}

ConnectionConf holds configuration for the remote connection.

type CredentialsConf 

type CredentialsConf struct {
	// PDPID is the unique identifier for this Cerbos instance. Defaults to the value of the CERBOS_HUB_PDP_ID environment variable.
	PDPID string `yaml:"pdpID" conf:",example=crb-004"`
	// ClientID of the Cerbos Hub credential. Defaults to the value of the CERBOS_HUB_CLIENT_ID environment variable.
	ClientID string `yaml:"clientID" conf:",example=92B0K05B6HOF"`
	// ClientSecret of the Cerbos Hub credential. Defaults to the value of the CERBOS_HUB_CLIENT_SECRET environment variable.
	ClientSecret string `yaml:"clientSecret" conf:",example=${CERBOS_HUB_CLIENT_SECRET}"`
	// WorkspaceSecret used to decrypt the bundles. Defaults to the value of the CERBOS_HUB_WORKSPACE_SECRET environment variable.
	WorkspaceSecret string `yaml:"workspaceSecret" conf:",example=${CERBOS_HUB_WORKSPACE_SECRET}"`
	// Deprecated: Use PDPID
	InstanceID string `yaml:"instanceID" conf:",ignore"`
	// Deprecated: Use WorkspaceSecret
	SecretKey string `yaml:"secretKey" conf:",ignore"`
}

CredentialsConf holds credentials for accessing the bundle service.

func (CredentialsConf) ToCredentials 

func (cc CredentialsConf) ToCredentials() (*credentials.Credentials, error)

type HybridStore 

type HybridStore struct {
	// contains filtered or unexported fields
}

func (*HybridStore) Close added in v0.30.0 

func (hs *HybridStore) Close() (outErr error)

func (*HybridStore) Driver 

func (*HybridStore) Driver() string

func (*HybridStore) GetFirstMatch added in v0.29.0 

func (hs *HybridStore) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)

func (*HybridStore) ListPolicyIDs 

func (hs *HybridStore) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) ([]string, error)

func (*HybridStore) ListSchemaIDs 

func (hs *HybridStore) ListSchemaIDs(ctx context.Context) ([]string, error)

func (*HybridStore) LoadSchema 

func (hs *HybridStore) LoadSchema(ctx context.Context, id string) (io.ReadCloser, error)

func (*HybridStore) SourceKind added in v0.27.0 

func (hs *HybridStore) SourceKind() string

type LocalParams 

type LocalParams struct {
	BundlePath string
	TempDir    string
	SecretKey  string
	CacheSize  uint
}

type LocalSource 

type LocalSource struct {
	// contains filtered or unexported fields
}

LocalSource loads a bundle from local disk.

func NewLocalSource 

func NewLocalSource(params LocalParams) (*LocalSource, error)

func NewLocalSourceFromConf 

func NewLocalSourceFromConf(_ context.Context, conf *Conf) (*LocalSource, error)

func (*LocalSource) Close 

func (ls *LocalSource) Close() error

func (*LocalSource) Driver 

func (ls *LocalSource) Driver() string

func (*LocalSource) GetFirstMatch added in v0.29.0 

func (ls *LocalSource) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (ps *runtimev1.RunnablePolicySet, err error)

func (*LocalSource) ListPolicyIDs 

func (ls *LocalSource) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) (ids []string, err error)

func (*LocalSource) ListSchemaIDs 

func (ls *LocalSource) ListSchemaIDs(ctx context.Context) (ids []string, err error)

func (*LocalSource) LoadSchema 

func (ls *LocalSource) LoadSchema(ctx context.Context, id string) (schema io.ReadCloser, err error)

func (*LocalSource) Reload 

func (ls *LocalSource) Reload(_ context.Context) error

func (*LocalSource) SourceKind added in v0.27.0 

func (ls *LocalSource) SourceKind() string

type LocalSourceConf 

type LocalSourceConf struct {
	// BundlePath is the full path to the local bundle file.
	BundlePath string `yaml:"bundlePath" conf:"required,example=/path/to/bundle.crbp"`
	// TempDir is the directory to use for temporary files.
	TempDir string `yaml:"tempDir" conf:",example=${TEMP}"`
}

LocalSourceConf holds configuration for local bundle store.

type OpenOpts 

type OpenOpts struct {
	Credentials *credentials.Credentials
	ScratchFS   afero.Fs
	BundlePath  string
	Source      string
	CacheSize   uint
}

type RemoteSource 

type RemoteSource struct {
	// contains filtered or unexported fields
}

RemoteSource implements a bundle store that loads bundles from a remote source.

func NewRemoteSource 

func NewRemoteSource(conf *Conf) (*RemoteSource, error)

func (*RemoteSource) Close added in v0.30.0 

func (s *RemoteSource) Close() error

func (*RemoteSource) Driver 

func (s *RemoteSource) Driver() string

func (*RemoteSource) GetFirstMatch added in v0.29.0 

func (s *RemoteSource) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)

func (*RemoteSource) Init 

func (s *RemoteSource) Init(ctx context.Context) error

func (*RemoteSource) InitWithClient 

func (s *RemoteSource) InitWithClient(ctx context.Context, client CloudAPIClient) error

func (*RemoteSource) IsHealthy 

func (s *RemoteSource) IsHealthy() bool

func (*RemoteSource) ListPolicyIDs 

func (s *RemoteSource) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) ([]string, error)

func (*RemoteSource) ListSchemaIDs 

func (s *RemoteSource) ListSchemaIDs(ctx context.Context) ([]string, error)

func (*RemoteSource) LoadSchema 

func (s *RemoteSource) LoadSchema(ctx context.Context, id string) (io.ReadCloser, error)

func (*RemoteSource) Reload 

func (s *RemoteSource) Reload(ctx context.Context) error

func (*RemoteSource) SourceKind added in v0.27.0 

func (s *RemoteSource) SourceKind() string

type RemoteSourceConf 

type RemoteSourceConf struct {
	// BundleLabel to fetch from the server.
	BundleLabel string `yaml:"bundleLabel" conf:"required,example=latest"`
	// CacheDir is the directory to use for caching downloaded bundles.
	CacheDir string `yaml:"cacheDir" conf:",example=${XDG_CACHE_DIR}"`
	// TempDir is the directory to use for temporary files.
	TempDir string `yaml:"tempDir" conf:",example=${TEMP}"`
	// Connection defines settings for the remote server connection.
	Connection ConnectionConf `yaml:"connection"`
	// DisableAutoUpdate sets whether new bundles should be automatically downloaded and applied.
	DisableAutoUpdate bool `yaml:"disableAutoUpdate"`
}

RemoteSourceConf holds configuration for remote bundle store.

type Source added in v0.27.0 

type Source interface {
	SourceKind() string
}

type TLSConf 

type TLSConf struct {
	// Authority overrides the Cerbos PDP server authority if it is different from what is provided in the address.
	Authority string `yaml:"authority" conf:",example=domain.tld"`
	// CACert is the path to the CA certificate chain to use for certificate verification.
	CACert string `yaml:"caCert" conf:",example=/path/to/CA_certificate"`
}

TLSConf holds TLS configuration for the remote connection.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.