client

package

v0.0.0-...-6b55861 Latest Latest Go to latest Published: Dec 10, 2024 License: Apache-2.0 Imports: 23 Imported by: 152

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/open-policy-agent/frameworks

Documentation ¶

Index ¶

Variables
func IsUnrecognizedConstraintError(err error) booldeprecated
type Client
- func NewClient(opts ...Opt) (*Client, error)
type Opt

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrCreatingBackend              = errors.New("unable to create backend")
	ErrNoDriverName                 = errors.New("driver has no name")
	ErrNoReferentialDriver          = errors.New("no driver that supports referential constraints added")
	ErrDuplicateDriver              = errors.New("duplicate drivers of the same name")
	ErrCreatingClient               = errors.New("unable to create client")
	ErrMissingConstraint            = errors.New("missing Constraint")
	ErrMissingConstraintTemplate    = errors.New("missing ConstraintTemplate")
	ErrInvalidModule                = errors.New("invalid module")
	ErrReview                       = errors.New("target.HandleReview failed")
	ErrUnsupportedEnforcementPoints = errors.New("enforcement point not supported by client")
)

Functions ¶

func IsUnrecognizedConstraintError deprecated

func IsUnrecognizedConstraintError(err error) bool

IsUnrecognizedConstraintError returns true if err is an ErrMissingConstraint.

Deprecated: Use errors.Is(err, ErrMissingConstraint) instead.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client tracks ConstraintTemplates and Constraints for a set of Targets. Allows validating reviews against Constraints.

Threadsafe. Does not support concurrent mutation operations.

Note that adding per-identifier locking would not fix this completely - the thread for the first-sent call could be put to sleep while the second is allowed to continue running. Thus, this problem can only safely be handled by the caller.

func NewClient ¶

func NewClient(opts ...Opt) (*Client, error)

NewClient creates a new client.

func (*Client) AddConstraint ¶

func (c *Client) AddConstraint(ctx context.Context, constraint *unstructured.Unstructured) (*types.Responses, error)

AddConstraint validates the constraint and, if valid, inserts it into OPA. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) AddData ¶

func (c *Client) AddData(ctx context.Context, data interface{}) (*types.Responses, error)

AddData inserts the provided data into OPA for every target that can handle the data. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) AddTemplate ¶

func (c *Client) AddTemplate(ctx context.Context, templ *templates.ConstraintTemplate) (*types.Responses, error)

AddTemplate adds the template source code to OPA and registers the CRD with the client for schema validation on calls to AddConstraint. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) CreateCRD ¶

func (c *Client) CreateCRD(ctx context.Context, templ *templates.ConstraintTemplate) (*apiextensions.CustomResourceDefinition, error)

CreateCRD creates a CRD from template.

func (*Client) Dump ¶

func (c *Client) Dump(ctx context.Context) (string, error)

Dump dumps the state of OPA to aid in debugging.

func (*Client) GetConstraint ¶

func (c *Client) GetConstraint(constraint *unstructured.Unstructured) (*unstructured.Unstructured, error)

GetConstraint gets the currently recognized constraint.

func (*Client) GetDescriptionForStat ¶

func (c *Client) GetDescriptionForStat(source instrumentation.Source, statName string) string

func (*Client) GetTemplate ¶

func (c *Client) GetTemplate(templ *templates.ConstraintTemplate) (*templates.ConstraintTemplate, error)

GetTemplate gets the currently recognized template.

func (*Client) RemoveConstraint ¶

func (c *Client) RemoveConstraint(ctx context.Context, constraint *unstructured.Unstructured) (*types.Responses, error)

RemoveConstraint removes a constraint from OPA. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) RemoveData ¶

func (c *Client) RemoveData(ctx context.Context, data interface{}) (*types.Responses, error)

RemoveData removes data from OPA for every target that can handle the data. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) RemoveTemplate ¶

func (c *Client) RemoveTemplate(ctx context.Context, templ *templates.ConstraintTemplate) (*types.Responses, error)

RemoveTemplate removes the template source code from OPA and removes the CRD from the validation registry. Any constraints relying on the template will also be removed. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) Review ¶

func (c *Client) Review(ctx context.Context, obj interface{}, opts ...reviews.ReviewOpt) (*types.Responses, error)

Review makes sure the provided object satisfies constraints applicable for specific enforcement points. On error, the responses return value will still be populated so that partial results can be analyzed.

func (*Client) ValidateConstraint ¶

func (c *Client) ValidateConstraint(constraint *unstructured.Unstructured) error

ValidateConstraint returns an error if the constraint is not recognized or does not conform to the registered CRD for that constraint.

type Opt ¶

type Opt func(*Client) error

func Driver ¶

func Driver(d drivers.Driver) Opt

Driver defines the Rego execution environment.

func EnforcementPoints ¶

func EnforcementPoints(eps ...string) Opt

func IgnoreNoReferentialDriverWarning ¶

func IgnoreNoReferentialDriverWarning(ignore bool) Opt

func Targets ¶

func Targets(ts ...handler.TargetHandler) Opt

Targets defines the targets Client will pass review requests to.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
clienttest Package clienttest defines a TargetHandler and Templates, and Constraints for documenting and testing the behavior of Client.	Package clienttest defines a TargetHandler and Templates, and Constraints for documenting and testing the behavior of Client.
cts Package cts is a set of methods for constructing ConstraintTemplates for use in tests.	Package cts is a set of methods for constructing ConstraintTemplates for use in tests.
crds
drivers
fake
fake/schema
rego
rego/schema
errors
reviews

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL