Documentation
¶
Overview ¶
Package opa contains types and functions for performing OPA policy checks against cluster resources.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidResultCount is the error returned when the number of results returned from a call to // rego.PartialResult.Evaluate is greater or less than the expected number. This can occur when the rego query // is invalid. ErrInvalidResultCount = errors.New("rego query returned an invalid number of results") // ErrInvalidExpressionCount is the error returned when the number of expressions returned from the results of a // call to rego.PartialResult.Evaluate is greater or less than the expected number. This can occur when the rego // query doesn't follow the expected return pattern. ErrInvalidExpressionCount = errors.New("rego query result returned an invalid number of expressions") // ErrInvalidExpressionValue is the error returned when the expression returned from the results of a // call to rego.PartialResult.Evaluate is not of the correct type. This can occur when the rego query doesn't // follow the expected return pattern. ErrInvalidExpressionValue = errors.New("rego query result returned an invalid expression value") )
Functions ¶
This section is empty.
Types ¶
type EvaluationResult ¶
type EvaluationResult struct {
// contains filtered or unexported fields
}
The EvaluationResult type contains information on the result after calling Policy.Evaluate.
func (*EvaluationResult) MarshalJSON ¶
func (er *EvaluationResult) MarshalJSON() ([]byte, error)
MarshalJSON returns the JSON encoded expression returned when the policy is evaluated.
type EventHandler ¶
type EventHandler struct {
// contains filtered or unexported fields
}
The EventHandler type is used to handle inbound events from an event stream, perform policy evaluation on resources as they are created/changed and publish events indicating the results of those policy evaluations.
func NewEventHandler ¶
func NewEventHandler(policies []*Policy, reader EventReader, writer EventWriter) *EventHandler
NewEventHandler returns a new instance of the EventHandler type that will read events from the given EventReader implementation, perform policy checks using the provided slice of Policy types and publish events describing the evaluation results using the provided EventWriter implementation.
type EventReader ¶
The EventReader interface describes types that can read events from an arbitrary event stream.
type EventWriter ¶
The EventWriter interface describes types that can write events to an arbitrary event stream.
type Policy ¶
type Policy struct {
// contains filtered or unexported fields
}
The Policy type represents a single policy that can evaluate cluster resources.
func LoadPolicies ¶
LoadPolicies walks the given bucket, looking for any rego policies and loads them into memory by partially evaluating them. These policies can then be used to perform resource evaluation. Valid files must have a .rego extension, have a package name of "policy" and have their entrypoint match the file name.
Source Files