Documentation ¶
Index ¶
- func Asset(name string) ([]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func MustAsset(name string) []byte
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- type EvaluationError
- type OptFunc
- type State
- func (s *State) DumpData(ctx context.Context) error
- func (s *State) FilterAuthorizedPairs(ctx context.Context, subjects engine.Subjects, pairs []engine.Pair) ([]engine.Pair, error)
- func (s *State) FilterAuthorizedProjects(ctx context.Context, subjects engine.Subjects) ([]string, error)
- func (s *State) ProjectsAuthorized(ctx context.Context, subjects engine.Subjects, action engine.Action, ...) ([]string, error)
- func (s *State) SetPolicies(ctx context.Context, policyMap map[string]interface{}, ...) error
- type UnexpectedResultExpressionError
- type UnexpectedResultSetError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/ foo.txt img/ a.png b.png
then AssetDir("data") would return []string{"foo.txt", "img"} AssetDir("data/img") would return []string{"a.png", "b.png"} AssetDir("foo.txt") and AssetDir("notexist") would return an error AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively
Types ¶
type EvaluationError ¶
type EvaluationError struct {
// contains filtered or unexported fields
}
EvaluationError is returned when a query evaluation returns an error.
func (*EvaluationError) Error ¶
func (e *EvaluationError) Error() string
type OptFunc ¶
type OptFunc func(*State)
OptFunc is the type of functional options to be passed to New()
type State ¶
type State struct {
// contains filtered or unexported fields
}
State wraps the state of OPA we need to track
func New ¶
New initializes a fresh OPA state, using the default, hardcoded OPA policy from policy/authz*.rego unless overridden via an opa.OptFunc.
func (*State) DumpData ¶
DumpData is a bit fast-and-loose when it comes to error checking; it's not meant to be used in production. Anywhere you have an OPA engine struct (i.e. `State`), you can use either one of these on it and it'll log the store contents.
func (*State) FilterAuthorizedPairs ¶
func (s *State) FilterAuthorizedPairs( ctx context.Context, subjects engine.Subjects, pairs []engine.Pair, ) ([]engine.Pair, error)
FilterAuthorizedPairs passes the pairs into OPA, lets it take care of the filtering, and returns the result (sub)list
func (*State) FilterAuthorizedProjects ¶
func (s *State) FilterAuthorizedProjects( ctx context.Context, subjects engine.Subjects) ([]string, error)
FilterAuthorizedProjects passes the pairs of all action/resources into OPA, lets it take care of the filtering, and returns the projects associated with the resulting (sub)list.
func (*State) ProjectsAuthorized ¶
func (s *State) ProjectsAuthorized( ctx context.Context, subjects engine.Subjects, action engine.Action, resource engine.Resource, projects engine.Projects) ([]string, error)
ProjectsAuthorized evaluates whether a given [subject, resource, action, projects] tuple is authorized and returns the list of associated allowed projects from the set of requested projects passed in.
type UnexpectedResultExpressionError ¶
type UnexpectedResultExpressionError struct {
// contains filtered or unexported fields
}
UnexpectedResultExpressionError is returned when one of the result sets expressions can't be made sense of
func (*UnexpectedResultExpressionError) Error ¶
func (e *UnexpectedResultExpressionError) Error() string
type UnexpectedResultSetError ¶
type UnexpectedResultSetError struct {
// contains filtered or unexported fields
}
UnexpectedResultSetError is returned when the result set of an OPA query can't be made sense of
func (*UnexpectedResultSetError) Error ¶
func (e *UnexpectedResultSetError) Error() string