openpolicyagent

package
v0.21.246 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 9, 2025 License: Apache-2.0, MIT Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultCleanIdlePeriod = 10 * time.Second

	DefaultOpaStartupTimeout = 30 * time.Second

	DefaultMaxRequestBodySize    = 1 << 20 // 1 MB
	DefaultMaxMemoryBodyParsing  = 100 * DefaultMaxRequestBodySize
	DefaultRequestBodyBufferSize = 8 * 1024 // 8 KB

)

Variables

View Source
var (
	ErrClosed                 = errors.New("reader closed")
	ErrTotalBodyBytesExceeded = errors.New("buffer for in-flight request body authorization in Open Policy Agent exceeded")
)

Functions

func FormOpenPolicyAgentMetaDataObject added in v0.21.166

func FormOpenPolicyAgentMetaDataObject(decisionId string) (*pbstruct.Struct, error)

func WithCleanInterval

func WithCleanInterval(interval time.Duration) func(*OpenPolicyAgentRegistry) error

func WithConfigTemplate

func WithConfigTemplate(configTemplate []byte) func(*OpenPolicyAgentInstanceConfig) error

func WithConfigTemplateFile

func WithConfigTemplateFile(configTemplateFile string) func(*OpenPolicyAgentInstanceConfig) error

func WithEnvoyMetadata

func WithEnvoyMetadata(metadata *ext_authz_v3_core.Metadata) func(*OpenPolicyAgentInstanceConfig) error

func WithEnvoyMetadataBytes

func WithEnvoyMetadataBytes(content []byte) func(*OpenPolicyAgentInstanceConfig) error

func WithEnvoyMetadataFile

func WithEnvoyMetadataFile(file string) func(*OpenPolicyAgentInstanceConfig) error

func WithMaxMemoryBodyParsing added in v0.20.6

func WithMaxMemoryBodyParsing(n int64) func(*OpenPolicyAgentRegistry) error

func WithMaxRequestBodyBytes added in v0.20.6

func WithMaxRequestBodyBytes(n int64) func(*OpenPolicyAgentRegistry) error

func WithReadBodyBufferSize added in v0.20.6

func WithReadBodyBufferSize(n int64) func(*OpenPolicyAgentRegistry) error

func WithReuseDuration

func WithReuseDuration(duration time.Duration) func(*OpenPolicyAgentRegistry) error

func WithStartupTimeout added in v0.18.25

func WithStartupTimeout(timeout time.Duration) func(*OpenPolicyAgentInstanceConfig) error

func WithTracer added in v0.21.66

func WithTracer(tracer opentracing.Tracer) func(*OpenPolicyAgentRegistry) error

func WithTracingOptBundleName added in v0.21.66

func WithTracingOptBundleName(bundleName string) func(*transport)

func WithTracingOptManager added in v0.21.66

func WithTracingOptManager(manager *plugins.Manager) func(*transport)

func WithTracingOptTracer added in v0.21.66

func WithTracingOptTracer(tracer opentracing.Tracer) func(*transport)

Types

type OpenPolicyAgentFilter

type OpenPolicyAgentFilter interface {
	OpenPolicyAgent() *OpenPolicyAgentInstance
}

type OpenPolicyAgentInstance

type OpenPolicyAgentInstance struct {
	// contains filtered or unexported fields
}

func (*OpenPolicyAgentInstance) Close

func (opa *OpenPolicyAgentInstance) Close(ctx context.Context)

func (*OpenPolicyAgentInstance) Compiler

func (opa *OpenPolicyAgentInstance) Compiler() *ast.Compiler

Compiler is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) Config

func (opa *OpenPolicyAgentInstance) Config() *config.Config

Config is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) DistributedTracing

func (opa *OpenPolicyAgentInstance) DistributedTracing() opatracing.Options

DistributedTracing is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) EnvoyPluginConfig

func (opa *OpenPolicyAgentInstance) EnvoyPluginConfig() envoy.PluginConfig

func (*OpenPolicyAgentInstance) Eval

func (*OpenPolicyAgentInstance) ExtractHttpBodyOptionally added in v0.20.6

func (opa *OpenPolicyAgentInstance) ExtractHttpBodyOptionally(req *http.Request) (io.ReadCloser, []byte, func(), error)

func (*OpenPolicyAgentInstance) HandleEvaluationError added in v0.20.6

func (opa *OpenPolicyAgentInstance) HandleEvaluationError(fc filters.FilterContext, span opentracing.Span, result *envoyauth.EvalResult, err error, serve bool, status int)

func (*OpenPolicyAgentInstance) HandleInvalidDecisionError

func (opa *OpenPolicyAgentInstance) HandleInvalidDecisionError(fc filters.FilterContext, span opentracing.Span, result *envoyauth.EvalResult, err error, serve bool)

func (*OpenPolicyAgentInstance) InstanceConfig

func (*OpenPolicyAgentInstance) InterQueryBuiltinCache

func (opa *OpenPolicyAgentInstance) InterQueryBuiltinCache() iCache.InterQueryCache

InterQueryBuiltinCache is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) Logger

func (opa *OpenPolicyAgentInstance) Logger() logging.Logger

Logger is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) MetricsKey

func (opa *OpenPolicyAgentInstance) MetricsKey(key string) string

func (*OpenPolicyAgentInstance) ParsedQuery

func (opa *OpenPolicyAgentInstance) ParsedQuery() ast.Body

ParsedQuery is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) PreparedQuery

func (opa *OpenPolicyAgentInstance) PreparedQuery() *rego.PreparedEvalQuery

PreparedQuery is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) PreparedQueryDoOnce

func (opa *OpenPolicyAgentInstance) PreparedQueryDoOnce() *sync.Once

PreparedQueryDoOnce is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) Runtime

func (opa *OpenPolicyAgentInstance) Runtime() *ast.Term

Runtime is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) ServeInvalidDecisionError

func (opa *OpenPolicyAgentInstance) ServeInvalidDecisionError(fc filters.FilterContext, span opentracing.Span, result *envoyauth.EvalResult, err error)

func (*OpenPolicyAgentInstance) ServeResponse

func (opa *OpenPolicyAgentInstance) ServeResponse(fc filters.FilterContext, span opentracing.Span, result *envoyauth.EvalResult)

func (*OpenPolicyAgentInstance) SetPreparedQuery

func (opa *OpenPolicyAgentInstance) SetPreparedQuery(q *rego.PreparedEvalQuery)

SetPreparedQuery is an implementation of the envoyauth.EvalContext interface

func (*OpenPolicyAgentInstance) Start

func (opa *OpenPolicyAgentInstance) Start(ctx context.Context, timeout time.Duration) error

Start asynchronously starts the policy engine's plugins that download policies, report status, etc.

func (*OpenPolicyAgentInstance) StartSpanFromContext

func (opa *OpenPolicyAgentInstance) StartSpanFromContext(ctx context.Context) (opentracing.Span, context.Context)

func (*OpenPolicyAgentInstance) StartSpanFromFilterContext

func (opa *OpenPolicyAgentInstance) StartSpanFromFilterContext(fc filters.FilterContext) (opentracing.Span, context.Context)

func (*OpenPolicyAgentInstance) Store

func (opa *OpenPolicyAgentInstance) Store() storage.Store

Store is an implementation of the envoyauth.EvalContext interface

type OpenPolicyAgentInstanceConfig

type OpenPolicyAgentInstanceConfig struct {
	// contains filtered or unexported fields
}

func (*OpenPolicyAgentInstanceConfig) GetEnvoyMetadata

func (cfg *OpenPolicyAgentInstanceConfig) GetEnvoyMetadata() *ext_authz_v3_core.Metadata

type OpenPolicyAgentRegistry

type OpenPolicyAgentRegistry struct {
	// contains filtered or unexported fields
}

func NewOpenPolicyAgentRegistry

func NewOpenPolicyAgentRegistry(opts ...func(*OpenPolicyAgentRegistry) error) *OpenPolicyAgentRegistry

func (*OpenPolicyAgentRegistry) Close

func (registry *OpenPolicyAgentRegistry) Close()

func (*OpenPolicyAgentRegistry) Do

func (registry *OpenPolicyAgentRegistry) Do(routes []*routing.Route) []*routing.Route

Do implements routing.PostProcessor and cleans unused OPA instances

func (*OpenPolicyAgentRegistry) NewOpenPolicyAgentInstance

func (registry *OpenPolicyAgentRegistry) NewOpenPolicyAgentInstance(bundleName string, config OpenPolicyAgentInstanceConfig, filterName string) (*OpenPolicyAgentInstance, error)

type QuietLogger

type QuietLogger struct {
	// contains filtered or unexported fields
}

logging.Logger that does not pollute info with debug logs

func (*QuietLogger) Debug

func (l *QuietLogger) Debug(fmt string, a ...interface{})

func (*QuietLogger) Error

func (l *QuietLogger) Error(fmt string, a ...interface{})

func (*QuietLogger) GetLevel

func (l *QuietLogger) GetLevel() logging.Level

func (*QuietLogger) Info

func (l *QuietLogger) Info(fmt string, a ...interface{})

func (*QuietLogger) SetLevel

func (l *QuietLogger) SetLevel(level logging.Level)

func (*QuietLogger) Warn

func (l *QuietLogger) Warn(fmt string, a ...interface{})

func (*QuietLogger) WithFields

func (l *QuietLogger) WithFields(fields map[string]interface{}) logging.Logger

Directories

Path Synopsis
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL