Documentation
¶
Index ¶
- Variables
- type EntrypointID
- type EvalOpts
- type Loader
- type OPA
- func (o *OPA) Close()
- func (o *OPA) Entrypoints(ctx context.Context) (map[string]EntrypointID, error)
- func (o *OPA) Eval(ctx context.Context, opts EvalOpts) (*Result, error)
- func (o *OPA) Init() (*OPA, error)
- func (o *OPA) RemoveDataPath(path []string) error
- func (o *OPA) SetData(v interface{}) error
- func (o *OPA) SetDataPath(path []string, value interface{}) error
- func (o *OPA) SetPolicy(p []byte) error
- func (o *OPA) SetPolicyData(policy []byte, data *interface{}) error
- func (o *OPA) WithDataBytes(data []byte) *OPA
- func (o *OPA) WithDataFile(fileName string) *OPA
- func (o *OPA) WithDataJSON(data interface{}) *OPA
- func (o *OPA) WithErrorLogger(logger func(error)) *OPA
- func (o *OPA) WithMemoryLimits(min, max uint32) *OPA
- func (o *OPA) WithPolicyBytes(policy []byte) *OPA
- func (o *OPA) WithPolicyFile(fileName string) *OPA
- func (o *OPA) WithPoolSize(size uint32) *OPA
- type Result
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidConfig is the error returned if the OPA initialization fails due to an invalid config. ErrInvalidConfig = errors.New("invalid config") // ErrInvalidPolicyOrData is the error returned if either policy or data is invalid. ErrInvalidPolicyOrData = errors.New("invalid policy or data") // ErrInvalidBundle is the error returned if the bundle loaded is corrupted. ErrInvalidBundle = errors.New("invalid bundle") // ErrNotReady is the error returned if the OPA instance is not initialized. ErrNotReady = errors.New("not ready") // ErrUndefined is the error returned if the evaluation result is undefined. ErrUndefined = errors.New("undefined decision") // ErrNonBoolean is the error returned if the evaluation result is not of boolean value. ErrNonBoolean = errors.New("non-boolean decision") // ErrInternal is the error returned if the evaluation fails due to an internal error. ErrInternal = errors.New("internal error") )
Functions ¶
This section is empty.
Types ¶
type EntrypointID ¶
type EntrypointID int32
EntrypointID is used by Eval() to determine which compiled entrypoint should be evaluated. Retrieve entrypoint to ID mapping for each instance of the compiled policy.
type EvalOpts ¶
type EvalOpts struct {
Entrypoint EntrypointID
Input *interface{}
Metrics metrics.Metrics
}
EvalOpts define options for performing an evaluation
type Loader ¶
type Loader interface {
// Load loads a bundle. This can be invoked without starting the polling.
Load(ctx context.Context) error
// Start starts the bundle polling.
Start(ctx context.Context) error
// Close stops the polling.
Close()
}
Loader is the interface all bundle loaders implement.
type OPA ¶
type OPA struct {
// contains filtered or unexported fields
}
OPA executes WebAssembly compiled Rego policies.
func New ¶
func New() *OPA
New constructs a new OPA SDK instance, ready to be configured with With functions. If no policy is provided as a part of configuration, policy (and data) needs to be set before invoking Eval. Once constructed and configured, the instance needs to be initialized before invoking the Eval.
func (*OPA) Close ¶
func (o *OPA) Close()
Close waits until all the pending evaluations complete and then releases all the resources allocated. Eval will return ErrClosed afterwards.
func (*OPA) Entrypoints ¶
Entrypoints returns a mapping of entrypoint name to ID for use by Eval() and EvalBool().
func (*OPA) Eval ¶
Eval evaluates the policy with the given input, returning the evaluation results. If no policy was configured at construction time nor set after, the function returns ErrNotReady. It returns ErrInternal if any other error occurs.
func (*OPA) Init ¶
Init initializes the SDK instance after the construction and configuration. If the configuration is invalid, it returns ErrInvalidConfig.
func (*OPA) RemoveDataPath ¶
RemoveDataPath will update the current data on the VMs by removing the value at the specified path. If an error occurs the instance is still in a valid state, however the data will not have been modified.
func (*OPA) SetData ¶
SetData updates the data for the subsequent Eval calls. Returns either ErrNotReady, ErrInvalidPolicyOrData, or ErrInternal if an error occurs.
func (*OPA) SetDataPath ¶
SetDataPath will update the current data on the VMs by setting the value at the specified path. If an error occurs the instance is still in a valid state, however the data will not have been modified.
func (*OPA) SetPolicy ¶
SetPolicy updates the policy for the subsequent Eval calls. Returns either ErrNotReady, ErrInvalidPolicy or ErrInternal if an error occurs.
func (*OPA) SetPolicyData ¶
SetPolicyData updates both the policy and data for the subsequent Eval calls. Returns either ErrNotReady, ErrInvalidPolicyOrData, or ErrInternal if an error occurs.
func (*OPA) WithDataBytes ¶
WithDataBytes configures the JSON data to load.
func (*OPA) WithDataFile ¶
WithDataFile configures the JSON data file to load.
func (*OPA) WithDataJSON ¶
WithDataJSON configures the JSON data to load.
func (*OPA) WithErrorLogger ¶
WithErrorLogger configures an error logger invoked with all the errors.
func (*OPA) WithMemoryLimits ¶
WithMemoryLimits configures the memory limits (in bytes) for a single policy evaluation.
func (*OPA) WithPolicyBytes ¶
WithPolicyBytes configures the compiled policy to load.
func (*OPA) WithPolicyFile ¶
WithPolicyFile configures a policy file to load.
func (*OPA) WithPoolSize ¶
WithPoolSize configures the maximum number of simultaneous policy evaluations, i.e., the maximum number of underlying WASM instances active at any time. The default is the number of logical CPUs usable for the process as per runtime.NumCPU().
Source Files
Directories