Documentation ¶
Overview ¶
Package server contains the policy engine's server handlers.
Index ¶
- Constants
- type AuthenticationScheme
- type AuthorizationScheme
- type BundleInfo
- type Info
- type Loop
- type Metrics
- type Server
- func (s *Server) Addrs() []string
- func (s *Server) DiagnosticAddrs() []string
- func (s *Server) Init(ctx context.Context) (*Server, error)
- func (s *Server) Listeners() ([]Loop, error)
- func (s *Server) Shutdown(ctx context.Context) error
- func (s *Server) WithAddresses(addrs []string) *Server
- func (s *Server) WithAuthentication(scheme AuthenticationScheme) *Server
- func (s *Server) WithAuthorization(scheme AuthorizationScheme) *Server
- func (s *Server) WithCertPool(pool *x509.CertPool) *Server
- func (s *Server) WithCertRefresh(refresh time.Duration) *Server
- func (s *Server) WithCertificate(cert *tls.Certificate) *Server
- func (s *Server) WithCertificatePaths(certFile, keyFile string, refresh time.Duration) *Server
- func (s *Server) WithCipherSuites(cipherSuites *[]uint16) *Server
- func (s *Server) WithCompilerErrorLimit(limit int) *Server
- func (s *Server) WithDecisionIDFactory(f func() string) *Server
- func (s *Server) WithDecisionLogger(logger func(context.Context, *Info)) *Server
- func (s *Server) WithDecisionLoggerWithErr(logger func(context.Context, *Info) error) *Server
- func (s *Server) WithDiagnosticAddresses(addrs []string) *Server
- func (s *Server) WithDistributedTracingOpts(opts tracing.Options) *Server
- func (s *Server) WithH2CEnabled(enabled bool) *Server
- func (s *Server) WithManager(manager *plugins.Manager) *Server
- func (s *Server) WithMetrics(m Metrics) *Server
- func (s *Server) WithMinTLSVersion(minTLSVersion uint16) *Server
- func (s *Server) WithNDBCacheEnabled(ndbCacheEnabled bool) *Server
- func (s *Server) WithPprofEnabled(pprofEnabled bool) *Server
- func (s *Server) WithRouter(router *mux.Router) *Server
- func (s *Server) WithRuntime(term *ast.Term) *Server
- func (s *Server) WithStore(store storage.Store) *Server
- func (s *Server) WithTLSConfig(tlsConfig *TLSConfig) *Server
- func (s *Server) WithUnixSocketPermission(unixSocketPerm *string) *Server
- type TLSConfig
Constants ¶
const ( PromHandlerV0Data = "v0/data" PromHandlerV1Data = "v1/data" PromHandlerV1Query = "v1/query" PromHandlerV1Policies = "v1/policies" PromHandlerV1Compile = "v1/compile" PromHandlerV1Config = "v1/config" PromHandlerV1Status = "v1/status" PromHandlerIndex = "index" PromHandlerCatch = "catchall" PromHandlerHealth = "health" PromHandlerAPIAuthz = "authz" )
Set of handlers for use in the "handler" dimension of the duration metric.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthenticationScheme ¶
type AuthenticationScheme int
AuthenticationScheme enumerates the supported authentication schemes. The authentication scheme determines how client identities are established.
const ( AuthenticationOff AuthenticationScheme = iota AuthenticationToken AuthenticationTLS )
Set of supported authentication schemes.
type AuthorizationScheme ¶
type AuthorizationScheme int
AuthorizationScheme enumerates the supported authorization schemes. The authorization scheme determines how access to OPA is controlled.
const ( AuthorizationOff AuthorizationScheme = iota AuthorizationBasic )
Set of supported authorization schemes.
type BundleInfo ¶
type BundleInfo struct {
Revision string
}
BundleInfo contains information describing a bundle.
type Info ¶
type Info struct { Txn storage.Transaction Revision string // Deprecated: Use `Bundles` instead Bundles map[string]BundleInfo DecisionID string TraceID string SpanID string RemoteAddr string HTTPRequestContext logging.HTTPRequestContext Query string Path string Timestamp time.Time Input *interface{} InputAST ast.Value Results *interface{} MappedResults *interface{} NDBuiltinCache *interface{} Error error Metrics metrics.Metrics Trace []*topdown.Event RequestID uint64 }
Info contains information describing a policy decision.
type Loop ¶
type Loop func() error
Loop will contain all the calls from the server that we'll be listening on.
type Metrics ¶
type Metrics interface { RegisterEndpoints(registrar func(path, method string, handler http.Handler)) InstrumentHandler(handler http.Handler, label string) http.Handler }
Metrics defines the interface that the server requires for recording HTTP handler metrics.
type Server ¶
type Server struct { Handler http.Handler DiagnosticHandler http.Handler // contains filtered or unexported fields }
Server represents an instance of OPA running in server mode.
func (*Server) Addrs ¶
Addrs returns a list of addresses that the server is listening on. If the server hasn't been started it will not return an address.
func (*Server) DiagnosticAddrs ¶
DiagnosticAddrs returns a list of addresses that the server is listening on for the read-only diagnostic API's (eg /health, /metrics, etc) If the server hasn't been started it will not return an address.
func (*Server) Init ¶
Init initializes the server. This function MUST be called before starting any loops from s.Listeners().
func (*Server) Shutdown ¶
Shutdown will attempt to gracefully shutdown each of the http servers currently in use by the OPA Server. If any exceed the deadline specified by the context an error will be returned.
func (*Server) WithAddresses ¶
WithAddresses sets the listening addresses that the server will bind to.
func (*Server) WithAuthentication ¶
func (s *Server) WithAuthentication(scheme AuthenticationScheme) *Server
WithAuthentication sets authentication scheme to use on the server.
func (*Server) WithAuthorization ¶
func (s *Server) WithAuthorization(scheme AuthorizationScheme) *Server
WithAuthorization sets authorization scheme to use on the server.
func (*Server) WithCertPool ¶
WithCertPool sets the server-side cert pool that the server will use.
func (*Server) WithCertRefresh ¶
WithCertRefresh sets the period on which certs, keys and cert pools are reloaded from disk.
func (*Server) WithCertificate ¶
func (s *Server) WithCertificate(cert *tls.Certificate) *Server
WithCertificate sets the server-side certificate that the server will use.
func (*Server) WithCertificatePaths ¶
WithCertificatePaths sets the server-side certificate and keyfile paths that the server will periodically check for changes, and reload if necessary.
func (*Server) WithCipherSuites ¶
WithCipherSuites sets the list of enabled TLS 1.0–1.2 cipher suites.
func (*Server) WithCompilerErrorLimit ¶
WithCompilerErrorLimit sets the limit on the number of compiler errors the server will allow.
func (*Server) WithDecisionIDFactory ¶
WithDecisionIDFactory sets a function on the server to generate decision IDs.
func (*Server) WithDecisionLogger ¶
WithDecisionLogger sets the decision logger used by the server. DEPRECATED. Use WithDecisionLoggerWithErr instead.
func (*Server) WithDecisionLoggerWithErr ¶
WithDecisionLoggerWithErr sets the decision logger used by the server.
func (*Server) WithDiagnosticAddresses ¶
WithDiagnosticAddresses sets the listening addresses that the server will bind to and *only* serve read-only diagnostic API's.
func (*Server) WithDistributedTracingOpts ¶
WithDistributedTracingOpts sets the options to be used by distributed tracing.
func (*Server) WithH2CEnabled ¶
WithH2CEnabled sets whether h2c ("HTTP/2 cleartext") is enabled for the http listener
func (*Server) WithManager ¶
WithManager sets the plugins manager used by the server.
func (*Server) WithMetrics ¶
WithMetrics sets the metrics provider used by the server.
func (*Server) WithMinTLSVersion ¶
func (*Server) WithNDBCacheEnabled ¶
WithNDBCacheEnabled sets whether the ND builtins cache is to be used.
func (*Server) WithPprofEnabled ¶
WithPprofEnabled sets whether pprof endpoints are enabled
func (*Server) WithRouter ¶
WithRouter sets the mux.Router to attach OPA's HTTP API routes onto. If a router is not supplied, the server will create it's own.
func (*Server) WithRuntime ¶
WithRuntime sets the runtime data to provide to the evaluation engine.
func (*Server) WithTLSConfig ¶
WithTLSConfig sets the TLS configuration used by the server.
func (*Server) WithUnixSocketPermission ¶
WithUnixSocketPermission sets the permission for the Unix domain socket if used to listen for incoming connections. Applies to the sockets the server is listening on including diagnostic API's.
type TLSConfig ¶
type TLSConfig struct { // CertFile is the path to the server's serving certificate file. CertFile string // KeyFile is the path to the server's key file, completing the key pair for the // CertFile certificate. KeyFile string // CertPoolFile is the path to the CA cert pool file. The contents of this file will be // reloaded when the file changes on disk and used in as trusted client CAs in the TLS config // for new connections to the server. CertPoolFile string }
TLSConfig represents the TLS configuration for the server. This configuration is used to configure file watchers to reload each file as it changes on disk.
Directories ¶
Path | Synopsis |
---|---|
Package authorizer provides authorization handlers to the server.
|
Package authorizer provides authorization handlers to the server. |
Package identifier provides handlers for associating identity information with incoming requests.
|
Package identifier provides handlers for associating identity information with incoming requests. |
Package types contains request/response types and codes for the server.
|
Package types contains request/response types and codes for the server. |
Package writer contains utilities for writing responses in the server.
|
Package writer contains utilities for writing responses in the server. |