Documentation ¶
Index ¶
- Constants
- func NewTLSConfig(ctx context.Context, reloadInterval time.Duration, insecureSkipVerify bool, ...) (*tls.Config, error)
- type Authentication
- type Client
- type Conf
- type Encoding
- type Kind
- type Publisher
- func (p *Publisher) Backend() string
- func (p *Publisher) Close() error
- func (p *Publisher) Enabled() bool
- func (p *Publisher) WriteAccessLogEntry(ctx context.Context, record audit.AccessLogEntryMaker) error
- func (p *Publisher) WriteDecisionLogEntry(ctx context.Context, record audit.DecisionLogEntryMaker) error
- type TLS
Constants ¶
View Source
const ( AckNone = "none" AckAll = "all" AckLeader = "leader" HeaderKeyEncoding = "cerbos.audit.encoding" HeaderKeyKind = "cerbos.audit.kind" CompressionNone = "none" CompressionGzip = "gzip" CompressionSnappy = "snappy" CompressionLZ4 = "lz4" CompressionZstd = "zstd" )
View Source
const Backend = "kafka"
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Authentication ¶ added in v0.29.0
type Authentication struct {
TLS *TLS `yaml:"tls"`
}
type Conf ¶
type Conf struct { // Ack mode for producing messages. Valid values are "none", "leader" or "all" (default). Idempotency is disabled when mode is not "all". Ack string `yaml:"ack" conf:",example=all"` // Authentication Authentication Authentication `yaml:"authentication"` // Topic to write audit entries to. Topic string `yaml:"topic" conf:"required,example=cerbos.audit.log"` // Encoding format. Valid values are "json" (default) or "protobuf". Encoding Encoding `yaml:"encoding" conf:",example=json"` // ClientID reported in Kafka connections. ClientID string `yaml:"clientID" conf:",example=cerbos"` // Brokers list to seed the Kafka client. Brokers []string `yaml:"brokers" conf:"required,example=['localhost:9092']"` // Compression sets the compression algorithm to use in order of priority. Valid values are "none", "gzip", "snappy","lz4", "zstd". Default is ["snappy", "none"]. Compression []string `yaml:"compression" conf:",example=['snappy']"` // CloseTimeout sets how long when closing the client to wait for any remaining messages to be flushed. CloseTimeout time.Duration `yaml:"closeTimeout" conf:",example=30s"` // MaxBufferedRecords sets the maximum number of records the client should buffer in memory in async mode. MaxBufferedRecords int `yaml:"maxBufferedRecords" conf:",example=1000"` // ProduceSync forces the client to produce messages to Kafka synchronously. This can have a significant impact on performance. ProduceSync bool `yaml:"produceSync" conf:",example=false"` }
Conf is optional configuration for kafka Audit.
func (*Conf) SetDefaults ¶
func (c *Conf) SetDefaults()
type Kind ¶
type Kind []byte
var ( // reallocate once ahead of time to avoid allocations in the hot path. KindAccess Kind = []byte(audit.KindAccess) KindDecision Kind = []byte(audit.KindDecision) )
type Publisher ¶
type Publisher struct { Client Client // contains filtered or unexported fields }
func NewPublisher ¶
func (*Publisher) WriteAccessLogEntry ¶
func (*Publisher) WriteDecisionLogEntry ¶
type TLS ¶ added in v0.29.0
type TLS struct { // CAPath is the path to the CA certificate. CAPath string `yaml:"caPath" conf:"required,example=/path/to/ca.crt"` // CertPath is the path to the client certificate. CertPath string `yaml:"certPath" conf:",example=/path/to/tls.cert"` // KeyPath is the path to the client key. KeyPath string `yaml:"keyPath" conf:",example=/path/to/tls.key"` // ReloadInterval is the interval at which the TLS certificates are reloaded. The default is 0 (no reload). ReloadInterval time.Duration `yaml:"reloadInterval" conf:",example=5m"` // InsecureSkipVerify controls whether the server's certificate chain and host name are verified. Default is false. InsecureSkipVerify bool `yaml:"insecureSkipVerify" conf:",example=true"` }
Click to show internal directories.
Click to hide internal directories.