server

package
v0.67.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 25, 2024 License: Apache-2.0 Imports: 50 Imported by: 46

Documentation

Overview

Package server contains the policy engine's server handlers.

Index

Constants

View Source
const (
	PromHandlerV0Data     = "v0/data"
	PromHandlerV1Data     = "v1/data"
	PromHandlerV1Query    = "v1/query"
	PromHandlerV1Policies = "v1/policies"
	PromHandlerV1Compile  = "v1/compile"
	PromHandlerV1Config   = "v1/config"
	PromHandlerV1Status   = "v1/status"
	PromHandlerIndex      = "index"
	PromHandlerCatch      = "catchall"
	PromHandlerHealth     = "health"
	PromHandlerAPIAuthz   = "authz"
)

Set of handlers for use in the "handler" dimension of the duration metric.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthenticationScheme added in v0.4.5

type AuthenticationScheme int

AuthenticationScheme enumerates the supported authentication schemes. The authentication scheme determines how client identities are established.

const (
	AuthenticationOff AuthenticationScheme = iota
	AuthenticationToken
	AuthenticationTLS
)

Set of supported authentication schemes.

type AuthorizationScheme added in v0.4.5

type AuthorizationScheme int

AuthorizationScheme enumerates the supported authorization schemes. The authorization scheme determines how access to OPA is controlled.

const (
	AuthorizationOff AuthorizationScheme = iota
	AuthorizationBasic
)

Set of supported authorization schemes.

type BundleInfo added in v0.13.0

type BundleInfo struct {
	Revision string
}

BundleInfo contains information describing a bundle.

type Info added in v0.5.5

type Info struct {
	Txn                storage.Transaction
	Revision           string // Deprecated: Use `Bundles` instead
	Bundles            map[string]BundleInfo
	DecisionID         string
	TraceID            string
	SpanID             string
	RemoteAddr         string
	HTTPRequestContext logging.HTTPRequestContext
	Query              string
	Path               string
	Timestamp          time.Time
	Input              *interface{}
	InputAST           ast.Value
	Results            *interface{}
	MappedResults      *interface{}
	NDBuiltinCache     *interface{}
	Error              error
	Metrics            metrics.Metrics
	Trace              []*topdown.Event
	RequestID          uint64
}

Info contains information describing a policy decision.

type Loop added in v0.8.2

type Loop func() error

Loop will contain all the calls from the server that we'll be listening on.

type Metrics added in v0.14.0

type Metrics interface {
	RegisterEndpoints(registrar func(path, method string, handler http.Handler))
	InstrumentHandler(handler http.Handler, label string) http.Handler
}

Metrics defines the interface that the server requires for recording HTTP handler metrics.

type Server

type Server struct {
	Handler           http.Handler
	DiagnosticHandler http.Handler
	// contains filtered or unexported fields
}

Server represents an instance of OPA running in server mode.

func New

func New() *Server

New returns a new Server.

func (*Server) Addrs added in v0.13.0

func (s *Server) Addrs() []string

Addrs returns a list of addresses that the server is listening on. If the server hasn't been started it will not return an address.

func (*Server) DiagnosticAddrs added in v0.20.0

func (s *Server) DiagnosticAddrs() []string

DiagnosticAddrs returns a list of addresses that the server is listening on for the read-only diagnostic API's (eg /health, /metrics, etc) If the server hasn't been started it will not return an address.

func (*Server) Init added in v0.4.5

func (s *Server) Init(ctx context.Context) (*Server, error)

Init initializes the server. This function MUST be called before starting any loops from s.Listeners().

func (*Server) Listeners added in v0.4.6

func (s *Server) Listeners() ([]Loop, error)

Listeners returns functions that listen and serve connections.

func (*Server) Shutdown added in v0.11.0

func (s *Server) Shutdown(ctx context.Context) error

Shutdown will attempt to gracefully shutdown each of the http servers currently in use by the OPA Server. If any exceed the deadline specified by the context an error will be returned.

func (*Server) WithAddresses added in v0.8.2

func (s *Server) WithAddresses(addrs []string) *Server

WithAddresses sets the listening addresses that the server will bind to.

func (*Server) WithAuthentication added in v0.4.5

func (s *Server) WithAuthentication(scheme AuthenticationScheme) *Server

WithAuthentication sets authentication scheme to use on the server.

func (*Server) WithAuthorization added in v0.4.5

func (s *Server) WithAuthorization(scheme AuthorizationScheme) *Server

WithAuthorization sets authorization scheme to use on the server.

func (*Server) WithCertPool added in v0.10.3

func (s *Server) WithCertPool(pool *x509.CertPool) *Server

WithCertPool sets the server-side cert pool that the server will use.

func (*Server) WithCertRefresh added in v0.60.0

func (s *Server) WithCertRefresh(refresh time.Duration) *Server

WithCertRefresh sets the period on which certs, keys and cert pools are reloaded from disk.

func (*Server) WithCertificate added in v0.4.5

func (s *Server) WithCertificate(cert *tls.Certificate) *Server

WithCertificate sets the server-side certificate that the server will use.

func (*Server) WithCertificatePaths added in v0.36.0

func (s *Server) WithCertificatePaths(certFile, keyFile string, refresh time.Duration) *Server

WithCertificatePaths sets the server-side certificate and keyfile paths that the server will periodically check for changes, and reload if necessary.

func (*Server) WithCipherSuites added in v0.61.0

func (s *Server) WithCipherSuites(cipherSuites *[]uint16) *Server

WithCipherSuites sets the list of enabled TLS 1.0–1.2 cipher suites.

func (*Server) WithCompilerErrorLimit added in v0.5.3

func (s *Server) WithCompilerErrorLimit(limit int) *Server

WithCompilerErrorLimit sets the limit on the number of compiler errors the server will allow.

func (*Server) WithDecisionIDFactory added in v0.5.9

func (s *Server) WithDecisionIDFactory(f func() string) *Server

WithDecisionIDFactory sets a function on the server to generate decision IDs.

func (*Server) WithDecisionLogger added in v0.8.0

func (s *Server) WithDecisionLogger(logger func(context.Context, *Info)) *Server

WithDecisionLogger sets the decision logger used by the server. DEPRECATED. Use WithDecisionLoggerWithErr instead.

func (*Server) WithDecisionLoggerWithErr added in v0.10.5

func (s *Server) WithDecisionLoggerWithErr(logger func(context.Context, *Info) error) *Server

WithDecisionLoggerWithErr sets the decision logger used by the server.

func (*Server) WithDiagnosticAddresses added in v0.20.0

func (s *Server) WithDiagnosticAddresses(addrs []string) *Server

WithDiagnosticAddresses sets the listening addresses that the server will bind to and *only* serve read-only diagnostic API's.

func (*Server) WithDistributedTracingOpts added in v0.36.0

func (s *Server) WithDistributedTracingOpts(opts tracing.Options) *Server

WithDistributedTracingOpts sets the options to be used by distributed tracing.

func (*Server) WithH2CEnabled added in v0.24.0

func (s *Server) WithH2CEnabled(enabled bool) *Server

WithH2CEnabled sets whether h2c ("HTTP/2 cleartext") is enabled for the http listener

func (*Server) WithManager added in v0.8.1

func (s *Server) WithManager(manager *plugins.Manager) *Server

WithManager sets the plugins manager used by the server.

func (*Server) WithMetrics added in v0.14.0

func (s *Server) WithMetrics(m Metrics) *Server

WithMetrics sets the metrics provider used by the server.

func (*Server) WithMinTLSVersion added in v0.30.0

func (s *Server) WithMinTLSVersion(minTLSVersion uint16) *Server

func (*Server) WithNDBCacheEnabled added in v0.45.0

func (s *Server) WithNDBCacheEnabled(ndbCacheEnabled bool) *Server

WithNDBCacheEnabled sets whether the ND builtins cache is to be used.

func (*Server) WithPprofEnabled added in v0.10.5

func (s *Server) WithPprofEnabled(pprofEnabled bool) *Server

WithPprofEnabled sets whether pprof endpoints are enabled

func (*Server) WithRouter added in v0.10.0

func (s *Server) WithRouter(router *mux.Router) *Server

WithRouter sets the mux.Router to attach OPA's HTTP API routes onto. If a router is not supplied, the server will create it's own.

func (*Server) WithRuntime added in v0.10.0

func (s *Server) WithRuntime(term *ast.Term) *Server

WithRuntime sets the runtime data to provide to the evaluation engine.

func (*Server) WithStore added in v0.5.0

func (s *Server) WithStore(store storage.Store) *Server

WithStore sets the storage used by the server.

func (*Server) WithTLSConfig added in v0.60.0

func (s *Server) WithTLSConfig(tlsConfig *TLSConfig) *Server

WithTLSConfig sets the TLS configuration used by the server.

func (*Server) WithUnixSocketPermission added in v0.53.0

func (s *Server) WithUnixSocketPermission(unixSocketPerm *string) *Server

WithUnixSocketPermission sets the permission for the Unix domain socket if used to listen for incoming connections. Applies to the sockets the server is listening on including diagnostic API's.

type TLSConfig added in v0.60.0

type TLSConfig struct {
	// CertFile is the path to the server's serving certificate file.
	CertFile string

	// KeyFile is the path to the server's key file, completing the key pair for the
	// CertFile certificate.
	KeyFile string

	// CertPoolFile is the path to the CA cert pool file. The contents of this file will be
	// reloaded when the file changes on disk and used in as trusted client CAs in the TLS config
	// for new connections to the server.
	CertPoolFile string
}

TLSConfig represents the TLS configuration for the server. This configuration is used to configure file watchers to reload each file as it changes on disk.

Directories

Path Synopsis
Package authorizer provides authorization handlers to the server.
Package authorizer provides authorization handlers to the server.
Package identifier provides handlers for associating identity information with incoming requests.
Package identifier provides handlers for associating identity information with incoming requests.
Package types contains request/response types and codes for the server.
Package types contains request/response types and codes for the server.
Package writer contains utilities for writing responses in the server.
Package writer contains utilities for writing responses in the server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL