Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cache ¶
type Cache interface {
// Add inserts a new object into Cache with identifier key. If an object
// already exists, replaces the object at key.
Add(relPath []string, object interface{}) error
// Remove deletes the object at key from Cache. Deletion succeeds if key
// does not exist.
// Remove always succeeds; if for some reason key cannot be deleted the application
// should panic.
Remove(relPath []string)
}
Cache is an interface for Handlers to define which allows them to track objects not currently under review. For example, this is required to make referential constraints work, or to have Constraint match criteria which relies on more than just the object under review.
Implementations must satisfy the per-method requirements for Client to handle the Cache properly.
type Cacher ¶
type Cacher interface {
// GetCache returns the Cache. If nil, the Cacher is treated as having no
// cache.
GetCache() Cache
}
Cacher is a type - usually a Handler - which needs to cache state. Handlers only need implement this interface if they have need of a cache. Handlers which do not implement Cacher are assumed to be stateless from Client's perspective.
type TargetHandler ¶
type TargetHandler interface {
crds.MatchSchemaProvider
// GetName returns name of the target. Must match `^[a-zA-Z][a-zA-Z0-9.]*$`
// This will be the exact name of the field in the ConstraintTemplate
// spec.target object, so if GetName returns validation.xyz.org, the user
// will populate target specific rego into .spec.targets."validation.xyz.org".
GetName() string
// ProcessData takes inputs to AddData and converts them into the format that
// will be stored in data.inventory and returns the relative storage path.
// Args:
// data: the object passed to client.Client.AddData
// Returns:
// handle: true if the target handles the data type
// key: the unique relative path under which the data should be stored in OPA
// under data.inventory, for example, an item to be stored at
// data.inventory.x.y.z would return []string{"x", "y", "z"}
// inventoryFormat: the data as an object that can be cast into JSON and suitable for storage in the inventory
// err: any error encountered
ProcessData(data interface{}) (handle bool, key []string, inventoryFormat interface{}, err error)
// HandleReview determines if this target handler will handle an individual
// resource review and if so, builds the `review` field of the input object.
// Args:
// object: the object passed to client.Client.Review
// Returns:
// handle: true if the target handler will review this input
// review: the data for the `review` field
// err: any error encountered.
HandleReview(object interface{}) (handle bool, review interface{}, err error)
// ValidateConstraint returns an error if constraint is not valid in any way.
// This allows for semantic validation beyond OpenAPI validation given by the
// spec from MatchSchema().
ValidateConstraint(constraint *unstructured.Unstructured) error
// ToMatcher converts a Constraint to its corresponding Matcher.
// Allows caching Constraint-specific logic for matching objects under
// review.
ToMatcher(constraint *unstructured.Unstructured) (constraints.Matcher, error)
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.