hub

package

v0.36.0 Latest Latest Go to latest Published: May 9, 2024 License: Apache-2.0 Imports: 29 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cerbos/cerbos

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Tokenize(root *Token, path string) error
type AuditLogFilter
- func NewAuditLogFilter(conf MaskConf) (*AuditLogFilter, error)
- func (f *AuditLogFilter) Filter(ingestBatch *logsv1.IngestBatch) error
type Conf
- func (c *Conf) Key() string
- func (c *Conf) SetDefaults()
- func (c *Conf) Validate() (outErr error)
type ErrIngestBackoff
- func (e ErrIngestBackoff) Error() string
type Impl
- func NewIngestSyncer(conf *IngestConf, logger *zap.Logger) (*Impl, error)
- func (i *Impl) Sync(ctx context.Context, batch *logsv1.IngestBatch) error
type IngestConf
type IngestSyncer
type Log
- func NewLog(conf *Conf, decisionFilter audit.DecisionLogEntryFilter, syncer IngestSyncer, ...) (*Log, error)
- func (l *Log) Backend() string
- func (l *Log) WriteAccessLogEntry(ctx context.Context, record audit.AccessLogEntryMaker) error
- func (l *Log) WriteDecisionLogEntry(ctx context.Context, record audit.DecisionLogEntryMaker) error
type MaskConf
type Token

Constants ¶

View Source

const (
	Backend = "hub"
)

Variables ¶

View Source

var (
	SyncStatusPrefix   = []byte("bs")   // "b" for contiguity with audit log keys in LSM, "s" because "sync"
	AccessSyncPrefix   = []byte("bsac") // these need to be len(4) to correctly reuse `local.GenKey`
	DecisionSyncPrefix = []byte("bsde")
)

Functions ¶

func Tokenize ¶ added in v0.36.0

func Tokenize(root *Token, path string) error

Types ¶

type AuditLogFilter ¶ added in v0.36.0

type AuditLogFilter struct {
	// contains filtered or unexported fields
}

func NewAuditLogFilter ¶ added in v0.36.0

func NewAuditLogFilter(conf MaskConf) (*AuditLogFilter, error)

func (*AuditLogFilter) Filter ¶ added in v0.36.0

func (f *AuditLogFilter) Filter(ingestBatch *logsv1.IngestBatch) error

type Conf ¶

type Conf struct {
	Ingest IngestConf `yaml:"ingest" conf:",ignore"`
	// Mask defines a list of attributes to exclude from the audit logs, specified as lists of JSONPaths
	Mask       MaskConf `yaml:"mask"`
	local.Conf `yaml:",inline"`
}

func (*Conf) Key ¶

func (c *Conf) Key() string

func (*Conf) SetDefaults ¶

func (c *Conf) SetDefaults()

func (*Conf) Validate ¶

func (c *Conf) Validate() (outErr error)

type ErrIngestBackoff ¶

type ErrIngestBackoff struct {
	Backoff time.Duration
	// contains filtered or unexported fields
}

func (ErrIngestBackoff) Error ¶

func (e ErrIngestBackoff) Error() string

type Impl ¶

type Impl struct {
	// contains filtered or unexported fields
}

func NewIngestSyncer ¶

func NewIngestSyncer(conf *IngestConf, logger *zap.Logger) (*Impl, error)

func (*Impl) Sync ¶

func (i *Impl) Sync(ctx context.Context, batch *logsv1.IngestBatch) error

type IngestConf ¶

type IngestConf struct {
	// Credentials holds Cerbos Hub credentials.
	Credentials *hub.CredentialsConf `yaml:"credentials" conf:",ignore"`
	// Connection defines settings for the remote server connection.
	Connection *hub.ConnectionConf `yaml:"connection" conf:",ignore"`
	// MaxBatchSize defines the max number of log entries to send in each Ingest request.
	MaxBatchSize uint `yaml:"maxBatchSize" conf:",example=32"`
	// MinFlushInterval is the minimal duration between Ingest requests.
	MinFlushInterval time.Duration `yaml:"minFlushInterval" conf:",example=3s"`
	// FlushTimeout defines the max allowable timeout for each Ingest request.
	FlushTimeout time.Duration `yaml:"flushTimeout" conf:",example=5s"`
	// NumGoRoutines defines the max number of goroutines used when streaming log entries from the local DB.
	NumGoRoutines uint `yaml:"numGoRoutines" conf:",example=8"`
}

type IngestSyncer ¶

type IngestSyncer interface {
	Sync(context.Context, *logsv1.IngestBatch) error
}

type Log ¶

type Log struct {
	*local.Log
	// contains filtered or unexported fields
}

func NewLog ¶

func NewLog(conf *Conf, decisionFilter audit.DecisionLogEntryFilter, syncer IngestSyncer, logger *zap.Logger) (*Log, error)

func (*Log) Backend ¶

func (l *Log) Backend() string

func (*Log) WriteAccessLogEntry ¶

func (l *Log) WriteAccessLogEntry(ctx context.Context, record audit.AccessLogEntryMaker) error

func (*Log) WriteDecisionLogEntry ¶

func (l *Log) WriteDecisionLogEntry(ctx context.Context, record audit.DecisionLogEntryMaker) error

type MaskConf ¶ added in v0.36.0

type MaskConf struct {
	Peer           []string `yaml:"peer" conf:",example=\n    - address\n    - forwarded_for"`
	Metadata       []string `yaml:"metadata" conf:",example=['authorization']"`
	CheckResources []string `yaml:"checkResources" conf:",example=\n    - inputs[*].principal.attr.foo\n    - inputs[*].auxData\n    - outputs"`
	PlanResources  []string `yaml:"planResources" conf:",example=['input.principal.attr.nestedMap.foo']"`
}

type Token ¶ added in v0.36.0

type Token struct {
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL