client

package
v0.0.0-...-9e57a57 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 15, 2025 License: Apache-2.0 Imports: 23 Imported by: 152

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrCreatingBackend              = errors.New("unable to create backend")
	ErrNoDriverName                 = errors.New("driver has no name")
	ErrNoReferentialDriver          = errors.New("no driver that supports referential constraints added")
	ErrDuplicateDriver              = errors.New("duplicate drivers of the same name")
	ErrCreatingClient               = errors.New("unable to create client")
	ErrMissingConstraint            = errors.New("missing Constraint")
	ErrMissingConstraintTemplate    = errors.New("missing ConstraintTemplate")
	ErrInvalidModule                = errors.New("invalid module")
	ErrReview                       = errors.New("target.HandleReview failed")
	ErrUnsupportedEnforcementPoints = errors.New("enforcement point not supported by client")
)

Functions

func IsUnrecognizedConstraintError deprecated

func IsUnrecognizedConstraintError(err error) bool

IsUnrecognizedConstraintError returns true if err is an ErrMissingConstraint.

Deprecated: Use errors.Is(err, ErrMissingConstraint) instead.

Types

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client tracks ConstraintTemplates and Constraints for a set of Targets. Allows validating reviews against Constraints.

Threadsafe. Does not support concurrent mutation operations.

Note that adding per-identifier locking would not fix this completely - the thread for the first-sent call could be put to sleep while the second is allowed to continue running. Thus, this problem can only safely be handled by the caller.

func NewClient

func NewClient(opts ...Opt) (*Client, error)

NewClient creates a new client.

func (*Client) AddConstraint

func (c *Client) AddConstraint(ctx context.Context, constraint *unstructured.Unstructured) (*types.Responses, error)

AddConstraint validates the constraint and, if valid, inserts it into OPA. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) AddData

func (c *Client) AddData(ctx context.Context, data interface{}) (*types.Responses, error)

AddData inserts the provided data into OPA for every target that can handle the data. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) AddTemplate

func (c *Client) AddTemplate(ctx context.Context, templ *templates.ConstraintTemplate) (*types.Responses, error)

AddTemplate adds the template source code to OPA and registers the CRD with the client for schema validation on calls to AddConstraint. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) CreateCRD

CreateCRD creates a CRD from template.

func (*Client) Dump

func (c *Client) Dump(ctx context.Context) (string, error)

Dump dumps the state of OPA to aid in debugging.

func (*Client) GetConstraint

func (c *Client) GetConstraint(constraint *unstructured.Unstructured) (*unstructured.Unstructured, error)

GetConstraint gets the currently recognized constraint.

func (*Client) GetDescriptionForStat

func (c *Client) GetDescriptionForStat(source instrumentation.Source, statName string) string

func (*Client) GetTemplate

GetTemplate gets the currently recognized template.

func (*Client) RemoveConstraint

func (c *Client) RemoveConstraint(ctx context.Context, constraint *unstructured.Unstructured) (*types.Responses, error)

RemoveConstraint removes a constraint from OPA. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) RemoveData

func (c *Client) RemoveData(ctx context.Context, data interface{}) (*types.Responses, error)

RemoveData removes data from OPA for every target that can handle the data. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) RemoveTemplate

func (c *Client) RemoveTemplate(ctx context.Context, templ *templates.ConstraintTemplate) (*types.Responses, error)

RemoveTemplate removes the template source code from OPA and removes the CRD from the validation registry. Any constraints relying on the template will also be removed. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) Review

func (c *Client) Review(ctx context.Context, obj interface{}, opts ...reviews.ReviewOpt) (*types.Responses, error)

Review makes sure the provided object satisfies constraints applicable for specific enforcement points. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) ValidateConstraint

func (c *Client) ValidateConstraint(constraint *unstructured.Unstructured) error

ValidateConstraint returns an error if the constraint is not recognized or does not conform to the registered CRD for that constraint.

type Opt

type Opt func(*Client) error

func Driver

func Driver(d drivers.Driver) Opt

Driver defines the Rego execution environment.

func EnforcementPoints

func EnforcementPoints(eps ...string) Opt

func IgnoreNoReferentialDriverWarning

func IgnoreNoReferentialDriverWarning(ignore bool) Opt

func Targets

func Targets(ts ...handler.TargetHandler) Opt

Targets defines the targets Client will pass review requests to.

Directories

Path Synopsis
Package clienttest defines a TargetHandler and Templates, and Constraints for documenting and testing the behavior of Client.
Package clienttest defines a TargetHandler and Templates, and Constraints for documenting and testing the behavior of Client.
cts
Package cts is a set of methods for constructing ConstraintTemplates for use in tests.
Package cts is a set of methods for constructing ConstraintTemplates for use in tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL