Back to godoc.org

Package opa

v0.0.0-...-d8f8204
Latest Go to latest

The latest major version is .

Published: Jan 16, 2020 | License: Apache-2.0 | Module: git.kescher.at/forestCloud/minio

Index

Constants

const (
	URL       = "url"
	AuthToken = "auth_token"

	EnvPolicyOpaURL       = "MINIO_POLICY_OPA_URL"
	EnvPolicyOpaAuthToken = "MINIO_POLICY_OPA_AUTH_TOKEN"
)

Env IAM OPA URL

const (
	EnvIamOpaURL       = "MINIO_IAM_OPA_URL"
	EnvIamOpaAuthToken = "MINIO_IAM_OPA_AUTHTOKEN"
)

Legacy OPA envs

Variables

var (
	DefaultKVS = config.KVS{
		config.KV{
			Key:   URL,
			Value: "",
		},
		config.KV{
			Key:   AuthToken,
			Value: "",
		},
	}
)

DefaultKVS - default config for OPA config

var (
	Help = config.HelpKVS{
		config.HelpKV{
			Key:         URL,
			Description: `OPA HTTP(s) endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
			Type:        "url",
		},
		config.HelpKV{
			Key:         AuthToken,
			Description: "authorization token for OPA endpoint",
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         config.Comment,
			Description: config.DefaultComment,
			Optional:    true,
			Type:        "sentence",
		},
	}
)

Help template for OPA policy feature.

func Enabled

func Enabled(kvs config.KVS) bool

Enabled returns if opa is enabled.

func SetPolicyOPAConfig

func SetPolicyOPAConfig(s config.Config, opaArgs Args)

SetPolicyOPAConfig - One time migration code needed, for migrating from older config to new for PolicyOPAConfig.

type Args

type Args struct {
	URL         *xnet.URL             `json:"url"`
	AuthToken   string                `json:"authToken"`
	Transport   http.RoundTripper     `json:"-"`
	CloseRespFn func(r io.ReadCloser) `json:"-"`
}

Args opa general purpose policy engine configuration.

func LookupConfig

func LookupConfig(kv config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (Args, error)

LookupConfig lookup Opa from config, override with any ENVs.

func (*Args) UnmarshalJSON

func (a *Args) UnmarshalJSON(data []byte) error

UnmarshalJSON - decodes JSON data.

func (*Args) Validate

func (a *Args) Validate() error

Validate - validate opa configuration params.

type Opa

type Opa struct {
	// contains filtered or unexported fields
}

Opa - implements opa policy agent calls.

func New

func New(args Args) *Opa

New - initializes opa policy engine connector.

func (*Opa) IsAllowed

func (o *Opa) IsAllowed(args iampolicy.Args) (bool, error)

IsAllowed - checks given policy args is allowed to continue the REST API.

Package Files

  • config.go
  • help.go
  • legacy.go
Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier