README
¶
OPA 决策引擎
policy.bindata.go
此文件生成于 policy/*.rego.
运行以下命令生成:
go generate ./...
注意: 需要保证go-bindata被安装。
go install github.com/kevinburke/go-bindata/go-bindata@latest
Documentation
¶
Index ¶
- Constants
- func Asset(name string) ([]byte, error)
- func AssetDigest(name string) ([sha256.Size]byte, error)
- func AssetDir(name string) ([]string, error)
- func AssetInfo(name string) (os.FileInfo, error)
- func AssetNames() []string
- func AssetString(name string) (string, error)
- func Digests() (map[string][sha256.Size]byte, error)
- func MustAsset(name string) []byte
- func MustAssetString(name string) string
- func RestoreAsset(dir, name string) error
- func RestoreAssets(dir, name string) error
- type EvaluationError
- type OptFunc
- type State
- func (s *State) DumpData(ctx context.Context) error
- func (s *State) FilterAuthorizedPairs(ctx context.Context, subjects engine.Subjects, pairs []engine.Pair) ([]engine.Pair, error)
- func (s *State) FilterAuthorizedProjects(ctx context.Context, subjects engine.Subjects) ([]string, error)
- func (s *State) ProjectsAuthorized(ctx context.Context, subjects engine.Subjects, action engine.Action, ...) ([]string, error)
- func (s *State) SetPolicies(ctx context.Context, policyMap map[string]interface{}, ...) error
- type UnexpectedResultExpressionError
- type UnexpectedResultSetError
Constants ¶
const AssetDebug = false
AssetDebug is true if the assets were built with the debug flag enabled.
Variables ¶
This section is empty.
Functions ¶
func Asset ¶
Asset loads and returns the asset for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetDigest ¶
AssetDigest returns the digest of the file with the given name. It returns an error if the asset could not be found or the digest could not be loaded.
func AssetDir ¶
AssetDir returns the file names below a certain directory embedded in the file by go-bindata. For example if you run go-bindata on data/... and data contains the following hierarchy:
data/
foo.txt
img/
a.png
b.png
then AssetDir("data") would return []string{"foo.txt", "img"}, AssetDir("data/img") would return []string{"a.png", "b.png"}, AssetDir("foo.txt") and AssetDir("notexist") would return an error, and AssetDir("") will return []string{"data"}.
func AssetInfo ¶
AssetInfo loads and returns the asset info for the given name. It returns an error if the asset could not be found or could not be loaded.
func AssetString ¶
AssetString returns the asset contents as a string (instead of a []byte).
func MustAsset ¶
MustAsset is like Asset but panics when Asset would return an error. It simplifies safe initialization of global variables.
func MustAssetString ¶
MustAssetString is like AssetString but panics when Asset would return an error. It simplifies safe initialization of global variables.
func RestoreAsset ¶
RestoreAsset restores an asset under the given directory.
func RestoreAssets ¶
RestoreAssets restores an asset under the given directory recursively.
Types ¶
type EvaluationError ¶
type EvaluationError struct {
// contains filtered or unexported fields
}
EvaluationError is returned when a query evaluation returns an error.
func (*EvaluationError) Error ¶
func (e *EvaluationError) Error() string
type OptFunc ¶
type OptFunc func(*State)
OptFunc is the type of functional options to be passed to New()
func WithLogger ¶
type State ¶
type State struct {
// contains filtered or unexported fields
}
State wraps the state of OPA we need to track
func New ¶
New initializes a fresh OPA state, using the default, hardcoded OPA policy from policy/authz*.rego unless overridden via an opa.OptFunc.
func (*State) DumpData ¶
DumpData is a bit fast-and-loose when it comes to error checking; it's not meant to be used in production. Anywhere you have an OPA engine struct (i.e. `State`), you can use either one of these on it and it'll log the store contents.
func (*State) FilterAuthorizedPairs ¶
func (s *State) FilterAuthorizedPairs( ctx context.Context, subjects engine.Subjects, pairs []engine.Pair, ) ([]engine.Pair, error)
FilterAuthorizedPairs passes the pairs into OPA, lets it take care of the filtering, and returns the result (sub)list
func (*State) FilterAuthorizedProjects ¶
func (s *State) FilterAuthorizedProjects( ctx context.Context, subjects engine.Subjects) ([]string, error)
FilterAuthorizedProjects passes the pairs of all action/resources into OPA, lets it take care of the filtering, and returns the projects associated with the resulting (sub)list.
func (*State) ProjectsAuthorized ¶
func (s *State) ProjectsAuthorized( ctx context.Context, subjects engine.Subjects, action engine.Action, resource engine.Resource, projects engine.Projects) ([]string, error)
ProjectsAuthorized evaluates whether a given [subject, resource, action, projects] tuple is authorized and returns the list of associated allowed projects from the set of requested projects passed in.
type UnexpectedResultExpressionError ¶
type UnexpectedResultExpressionError struct {
// contains filtered or unexported fields
}
UnexpectedResultExpressionError is returned when one of the result sets expressions can't be made sense of
func (*UnexpectedResultExpressionError) Error ¶
func (e *UnexpectedResultExpressionError) Error() string
type UnexpectedResultSetError ¶
type UnexpectedResultSetError struct {
// contains filtered or unexported fields
}
UnexpectedResultSetError is returned when the result set of an OPA query can't be made sense of
func (*UnexpectedResultSetError) Error ¶
func (e *UnexpectedResultSetError) Error() string
Source Files