server

package

v0.67.0 Latest Latest Go to latest Published: Jul 25, 2024 License: Apache-2.0 Imports: 50 Imported by: 46

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/open-policy-agent/opa

Links

Open Source Insights

Documentation ¶

Overview ¶

Package server contains the policy engine's server handlers.

Constants ¶

View Source

const (
	PromHandlerV0Data     = "v0/data"
	PromHandlerV1Data     = "v1/data"
	PromHandlerV1Query    = "v1/query"
	PromHandlerV1Policies = "v1/policies"
	PromHandlerV1Compile  = "v1/compile"
	PromHandlerV1Config   = "v1/config"
	PromHandlerV1Status   = "v1/status"
	PromHandlerIndex      = "index"
	PromHandlerCatch      = "catchall"
	PromHandlerHealth     = "health"
	PromHandlerAPIAuthz   = "authz"
)

Set of handlers for use in the "handler" dimension of the duration metric.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthenticationScheme ¶ added in v0.4.5

type AuthenticationScheme int

AuthenticationScheme enumerates the supported authentication schemes. The authentication scheme determines how client identities are established.

const (
	AuthenticationOff AuthenticationScheme = iota
	AuthenticationToken
	AuthenticationTLS
)

Set of supported authentication schemes.

type AuthorizationScheme ¶ added in v0.4.5

type AuthorizationScheme int

AuthorizationScheme enumerates the supported authorization schemes. The authorization scheme determines how access to OPA is controlled.

const (
	AuthorizationOff AuthorizationScheme = iota
	AuthorizationBasic
)

Set of supported authorization schemes.

type BundleInfo ¶ added in v0.13.0

type BundleInfo struct {
	Revision string
}

BundleInfo contains information describing a bundle.

type Info ¶ added in v0.5.5

type Info struct {
	Txn                storage.Transaction
	Revision           string // Deprecated: Use `Bundles` instead
	Bundles            map[string]BundleInfo
	DecisionID         string
	TraceID            string
	SpanID             string
	RemoteAddr         string
	HTTPRequestContext logging.HTTPRequestContext
	Query              string
	Path               string
	Timestamp          time.Time
	Input              *interface{}
	InputAST           ast.Value
	Results            *interface{}
	MappedResults      *interface{}
	NDBuiltinCache     *interface{}
	Error              error
	Metrics            metrics.Metrics
	Trace              []*topdown.Event
	RequestID          uint64
}

Info contains information describing a policy decision.

type Loop ¶ added in v0.8.2

type Loop func() error

Loop will contain all the calls from the server that we'll be listening on.

type Metrics ¶ added in v0.14.0

type Metrics interface {
	RegisterEndpoints(registrar func(path, method string, handler http.Handler))
	InstrumentHandler(handler http.Handler, label string) http.Handler
}

Metrics defines the interface that the server requires for recording HTTP handler metrics.

type Server ¶

type Server struct {
	Handler           http.Handler
	DiagnosticHandler http.Handler
	// contains filtered or unexported fields
}

Server represents an instance of OPA running in server mode.

func New ¶

func New() *Server

New returns a new Server.

func (*Server) Addrs ¶ added in v0.13.0

func (s *Server) Addrs() []string

Addrs returns a list of addresses that the server is listening on. If the server hasn't been started it will not return an address.

func (*Server) DiagnosticAddrs ¶ added in v0.20.0

func (s *Server) DiagnosticAddrs() []string

DiagnosticAddrs returns a list of addresses that the server is listening on for the read-only diagnostic API's (eg /health, /metrics, etc) If the server hasn't been started it will not return an address.

func (*Server) Init ¶ added in v0.4.5

func (s *Server) Init(ctx context.Context) (*Server, error)

Init initializes the server. This function MUST be called before starting any loops from s.Listeners().

func (*Server) Listeners ¶ added in v0.4.6

func (s *Server) Listeners() ([]Loop, error)

Listeners returns functions that listen and serve connections.

func (*Server) Shutdown ¶ added in v0.11.0

func (s *Server) Shutdown(ctx context.Context) error

Shutdown will attempt to gracefully shutdown each of the http servers currently in use by the OPA Server. If any exceed the deadline specified by the context an error will be returned.

func (*Server) WithAddresses ¶ added in v0.8.2

func (s *Server) WithAddresses(addrs []string) *Server

WithAddresses sets the listening addresses that the server will bind to.

func (*Server) WithAuthentication ¶ added in v0.4.5

func (s *Server) WithAuthentication(scheme AuthenticationScheme) *Server

WithAuthentication sets authentication scheme to use on the server.

func (*Server) WithAuthorization ¶ added in v0.4.5

func (s *Server) WithAuthorization(scheme AuthorizationScheme) *Server

WithAuthorization sets authorization scheme to use on the server.

func (*Server) WithCertPool ¶ added in v0.10.3

func (s *Server) WithCertPool(pool *x509.CertPool) *Server

WithCertPool sets the server-side cert pool that the server will use.

func (*Server) WithCertRefresh ¶ added in v0.60.0

func (s *Server) WithCertRefresh(refresh time.Duration) *Server

WithCertRefresh sets the period on which certs, keys and cert pools are reloaded from disk.

func (*Server) WithCertificate ¶ added in v0.4.5

func (s *Server) WithCertificate(cert *tls.Certificate) *Server

WithCertificate sets the server-side certificate that the server will use.

func (*Server) WithCertificatePaths ¶ added in v0.36.0

func (s *Server) WithCertificatePaths(certFile, keyFile string, refresh time.Duration) *Server

WithCertificatePaths sets the server-side certificate and keyfile paths that the server will periodically check for changes, and reload if necessary.

func (*Server) WithCipherSuites ¶ added in v0.61.0

func (s *Server) WithCipherSuites(cipherSuites *[]uint16) *Server

WithCipherSuites sets the list of enabled TLS 1.0–1.2 cipher suites.

func (*Server) WithCompilerErrorLimit ¶ added in v0.5.3

func (s *Server) WithCompilerErrorLimit(limit int) *Server

WithCompilerErrorLimit sets the limit on the number of compiler errors the server will allow.

func (*Server) WithDecisionIDFactory ¶ added in v0.5.9

func (s *Server) WithDecisionIDFactory(f func() string) *Server

WithDecisionIDFactory sets a function on the server to generate decision IDs.

func (*Server) WithDecisionLogger ¶ added in v0.8.0

func (s *Server) WithDecisionLogger(logger func(context.Context, *Info)) *Server

WithDecisionLogger sets the decision logger used by the server. DEPRECATED. Use WithDecisionLoggerWithErr instead.

func (*Server) WithDecisionLoggerWithErr ¶ added in v0.10.5

func (s *Server) WithDecisionLoggerWithErr(logger func(context.Context, *Info) error) *Server

WithDecisionLoggerWithErr sets the decision logger used by the server.

func (*Server) WithDiagnosticAddresses ¶ added in v0.20.0

func (s *Server) WithDiagnosticAddresses(addrs []string) *Server

WithDiagnosticAddresses sets the listening addresses that the server will bind to and *only* serve read-only diagnostic API's.

func (*Server) WithDistributedTracingOpts ¶ added in v0.36.0

func (s *Server) WithDistributedTracingOpts(opts tracing.Options) *Server

WithDistributedTracingOpts sets the options to be used by distributed tracing.

func (*Server) WithH2CEnabled ¶ added in v0.24.0

func (s *Server) WithH2CEnabled(enabled bool) *Server

WithH2CEnabled sets whether h2c ("HTTP/2 cleartext") is enabled for the http listener

func (*Server) WithManager ¶ added in v0.8.1

func (s *Server) WithManager(manager *plugins.Manager) *Server

WithManager sets the plugins manager used by the server.

func (*Server) WithMetrics ¶ added in v0.14.0

func (s *Server) WithMetrics(m Metrics) *Server

WithMetrics sets the metrics provider used by the server.

func (*Server) WithMinTLSVersion ¶ added in v0.30.0

func (s *Server) WithMinTLSVersion(minTLSVersion uint16) *Server

func (*Server) WithNDBCacheEnabled ¶ added in v0.45.0

func (s *Server) WithNDBCacheEnabled(ndbCacheEnabled bool) *Server

WithNDBCacheEnabled sets whether the ND builtins cache is to be used.

func (*Server) WithPprofEnabled ¶ added in v0.10.5

func (s *Server) WithPprofEnabled(pprofEnabled bool) *Server

WithPprofEnabled sets whether pprof endpoints are enabled

func (*Server) WithRouter ¶ added in v0.10.0

func (s *Server) WithRouter(router *mux.Router) *Server

WithRouter sets the mux.Router to attach OPA's HTTP API routes onto. If a router is not supplied, the server will create it's own.

func (*Server) WithRuntime ¶ added in v0.10.0

func (s *Server) WithRuntime(term *ast.Term) *Server

WithRuntime sets the runtime data to provide to the evaluation engine.

func (*Server) WithStore ¶ added in v0.5.0

func (s *Server) WithStore(store storage.Store) *Server

WithStore sets the storage used by the server.

func (*Server) WithTLSConfig ¶ added in v0.60.0

func (s *Server) WithTLSConfig(tlsConfig *TLSConfig) *Server

WithTLSConfig sets the TLS configuration used by the server.

func (*Server) WithUnixSocketPermission ¶ added in v0.53.0

func (s *Server) WithUnixSocketPermission(unixSocketPerm *string) *Server

WithUnixSocketPermission sets the permission for the Unix domain socket if used to listen for incoming connections. Applies to the sockets the server is listening on including diagnostic API's.

type TLSConfig ¶ added in v0.60.0

type TLSConfig struct {
	// CertFile is the path to the server's serving certificate file.
	CertFile string

	// KeyFile is the path to the server's key file, completing the key pair for the
	// CertFile certificate.
	KeyFile string

	// CertPoolFile is the path to the CA cert pool file. The contents of this file will be
	// reloaded when the file changes on disk and used in as trusted client CAs in the TLS config
	// for new connections to the server.
	CertPoolFile string
}

TLSConfig represents the TLS configuration for the server. This configuration is used to configure file watchers to reload each file as it changes on disk.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
authorizer Package authorizer provides authorization handlers to the server.	Package authorizer provides authorization handlers to the server.
handlers
identifier Package identifier provides handlers for associating identity information with incoming requests.	Package identifier provides handlers for associating identity information with incoming requests.
types Package types contains request/response types and codes for the server.	Package types contains request/response types and codes for the server.
writer Package writer contains utilities for writing responses in the server.	Package writer contains utilities for writing responses in the server.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL