Documentation ¶
Index ¶
- Constants
- Variables
- func NewStore(ctx context.Context, conf *Conf) (storage.BinaryStore, error)
- type Bundle
- func (b *Bundle) Close() error
- func (b *Bundle) GetFirstMatch(_ context.Context, candidates []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)
- func (b *Bundle) ListPolicyIDs(_ context.Context, _ storage.ListPolicyIDsParams) ([]string, error)
- func (b *Bundle) ListSchemaIDs(_ context.Context) ([]string, error)
- func (b *Bundle) LoadSchema(_ context.Context, path string) (io.ReadCloser, error)
- func (b *Bundle) Release() error
- type CloudAPIClient
- type Conf
- type ConnectionConf
- type CredentialsConf
- type HybridStore
- func (hs *HybridStore) Close() (outErr error)
- func (*HybridStore) Driver() string
- func (hs *HybridStore) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)
- func (hs *HybridStore) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) ([]string, error)
- func (hs *HybridStore) ListSchemaIDs(ctx context.Context) ([]string, error)
- func (hs *HybridStore) LoadSchema(ctx context.Context, id string) (io.ReadCloser, error)
- func (hs *HybridStore) SourceKind() string
- type LocalParams
- type LocalSource
- func (ls *LocalSource) Close() error
- func (ls *LocalSource) Driver() string
- func (ls *LocalSource) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (ps *runtimev1.RunnablePolicySet, err error)
- func (ls *LocalSource) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) (ids []string, err error)
- func (ls *LocalSource) ListSchemaIDs(ctx context.Context) (ids []string, err error)
- func (ls *LocalSource) LoadSchema(ctx context.Context, id string) (schema io.ReadCloser, err error)
- func (ls *LocalSource) Reload(_ context.Context) error
- func (ls *LocalSource) SourceKind() string
- type LocalSourceConf
- type OpenOpts
- type RemoteSource
- func (s *RemoteSource) Close() error
- func (s *RemoteSource) Driver() string
- func (s *RemoteSource) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)
- func (s *RemoteSource) Init(ctx context.Context) error
- func (s *RemoteSource) InitWithClient(ctx context.Context, client CloudAPIClient) error
- func (s *RemoteSource) IsHealthy() bool
- func (s *RemoteSource) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) ([]string, error)
- func (s *RemoteSource) ListSchemaIDs(ctx context.Context) ([]string, error)
- func (s *RemoteSource) LoadSchema(ctx context.Context, id string) (io.ReadCloser, error)
- func (s *RemoteSource) Reload(ctx context.Context) error
- func (s *RemoteSource) SourceKind() string
- type RemoteSourceConf
- type Source
- type TLSConf
Constants ¶
View Source
const DriverName = "bundle"
Variables ¶
View Source
var ErrBundleNotLoaded = errors.New("bundle not loaded yet")
View Source
var ErrNoSource = errors.New("at least one of local or remote sources must be defined")
Functions ¶
Types ¶
type Bundle ¶
type Bundle struct {
// contains filtered or unexported fields
}
func (*Bundle) GetFirstMatch ¶ added in v0.29.0
func (*Bundle) ListPolicyIDs ¶
func (*Bundle) LoadSchema ¶
type CloudAPIClient ¶
type Conf ¶
type Conf struct { // Remote holds configuration for remote bundle source. Takes precedence over local if both are defined. Remote *RemoteSourceConf `yaml:"remote"` // Local holds configuration for local bundle source. Local *LocalSourceConf `yaml:"local"` // Credentials holds bundle source credentials. Credentials CredentialsConf `yaml:"credentials"` // CacheSize defines the number of policies to cache in memory. CacheSize uint `yaml:"cacheSize" conf:",example=1024"` }
Conf is required (if driver is set to 'bundle') configuration for bundle storage driver. +desc=This section is required only if storage.driver is bundle.
func (*Conf) SetDefaults ¶
func (conf *Conf) SetDefaults()
type ConnectionConf ¶
type ConnectionConf struct { // TLS defines settings for TLS connections. TLS TLSConf `yaml:"tls"` // APIEndpoint is the address of the API server. APIEndpoint string `yaml:"apiEndpoint" conf:"required,example=https://api.cerbos.cloud"` // BootstrapEndpoint is the addresses of the server serving the bootstrap configuration. BootstrapEndpoint string `yaml:"bootstrapEndpoint" conf:"required,example=https://cdn.cerbos.cloud"` // MinRetryWait is the minimum amount of time to wait between retries. MinRetryWait time.Duration `yaml:"minRetryWait" conf:",example=1s"` // MaxRetryWait is the maximum amount of time to wait between retries. MaxRetryWait time.Duration `yaml:"maxRetryWait" conf:",example=120s"` // NumRetries is the number of times to retry before giving up. NumRetries uint `yaml:"numRetries" conf:",example=5"` // HeartbeatInterval is the interval for sending regular heartbeats. HeartbeatInterval time.Duration `yaml:"heartbeatInterval" conf:",example=2m"` }
ConnectionConf holds configuration for the remote connection.
type CredentialsConf ¶
type CredentialsConf struct { // PDPID is the unique identifier for this Cerbos instance. Defaults to the value of the CERBOS_HUB_PDP_ID environment variable. PDPID string `yaml:"pdpID" conf:",example=crb-004"` // ClientID of the Cerbos Hub credential. Defaults to the value of the CERBOS_HUB_CLIENT_ID environment variable. ClientID string `yaml:"clientID" conf:",example=92B0K05B6HOF"` // ClientSecret of the Cerbos Hub credential. Defaults to the value of the CERBOS_HUB_CLIENT_SECRET environment variable. ClientSecret string `yaml:"clientSecret" conf:",example=${CERBOS_HUB_CLIENT_SECRET}"` // WorkspaceSecret used to decrypt the bundles. Defaults to the value of the CERBOS_HUB_WORKSPACE_SECRET environment variable. WorkspaceSecret string `yaml:"workspaceSecret" conf:",example=${CERBOS_HUB_WORKSPACE_SECRET}"` // Deprecated: Use PDPID InstanceID string `yaml:"instanceID" conf:",ignore"` // Deprecated: Use WorkspaceSecret SecretKey string `yaml:"secretKey" conf:",ignore"` }
CredentialsConf holds credentials for accessing the bundle service.
func (CredentialsConf) ToCredentials ¶
func (cc CredentialsConf) ToCredentials() (*credentials.Credentials, error)
type HybridStore ¶
type HybridStore struct {
// contains filtered or unexported fields
}
func (*HybridStore) Close ¶ added in v0.30.0
func (hs *HybridStore) Close() (outErr error)
func (*HybridStore) Driver ¶
func (*HybridStore) Driver() string
func (*HybridStore) GetFirstMatch ¶ added in v0.29.0
func (hs *HybridStore) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)
func (*HybridStore) ListPolicyIDs ¶
func (hs *HybridStore) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) ([]string, error)
func (*HybridStore) ListSchemaIDs ¶
func (hs *HybridStore) ListSchemaIDs(ctx context.Context) ([]string, error)
func (*HybridStore) LoadSchema ¶
func (hs *HybridStore) LoadSchema(ctx context.Context, id string) (io.ReadCloser, error)
func (*HybridStore) SourceKind ¶ added in v0.27.0
func (hs *HybridStore) SourceKind() string
type LocalParams ¶
type LocalSource ¶
type LocalSource struct {
// contains filtered or unexported fields
}
LocalSource loads a bundle from local disk.
func NewLocalSource ¶
func NewLocalSource(params LocalParams) (*LocalSource, error)
func NewLocalSourceFromConf ¶
func NewLocalSourceFromConf(_ context.Context, conf *Conf) (*LocalSource, error)
func (*LocalSource) Close ¶
func (ls *LocalSource) Close() error
func (*LocalSource) Driver ¶
func (ls *LocalSource) Driver() string
func (*LocalSource) GetFirstMatch ¶ added in v0.29.0
func (ls *LocalSource) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (ps *runtimev1.RunnablePolicySet, err error)
func (*LocalSource) ListPolicyIDs ¶
func (ls *LocalSource) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) (ids []string, err error)
func (*LocalSource) ListSchemaIDs ¶
func (ls *LocalSource) ListSchemaIDs(ctx context.Context) (ids []string, err error)
func (*LocalSource) LoadSchema ¶
func (ls *LocalSource) LoadSchema(ctx context.Context, id string) (schema io.ReadCloser, err error)
func (*LocalSource) SourceKind ¶ added in v0.27.0
func (ls *LocalSource) SourceKind() string
type LocalSourceConf ¶
type LocalSourceConf struct { // BundlePath is the full path to the local bundle file. BundlePath string `yaml:"bundlePath" conf:"required,example=/path/to/bundle.crbp"` // TempDir is the directory to use for temporary files. TempDir string `yaml:"tempDir" conf:",example=${TEMP}"` }
LocalSourceConf holds configuration for local bundle store.
type OpenOpts ¶
type OpenOpts struct { Credentials *credentials.Credentials ScratchFS afero.Fs BundlePath string Source string CacheSize uint }
type RemoteSource ¶
type RemoteSource struct {
// contains filtered or unexported fields
}
RemoteSource implements a bundle store that loads bundles from a remote source.
func NewRemoteSource ¶
func NewRemoteSource(conf *Conf) (*RemoteSource, error)
func (*RemoteSource) Close ¶ added in v0.30.0
func (s *RemoteSource) Close() error
func (*RemoteSource) Driver ¶
func (s *RemoteSource) Driver() string
func (*RemoteSource) GetFirstMatch ¶ added in v0.29.0
func (s *RemoteSource) GetFirstMatch(ctx context.Context, candidates []namer.ModuleID) (*runtimev1.RunnablePolicySet, error)
func (*RemoteSource) InitWithClient ¶
func (s *RemoteSource) InitWithClient(ctx context.Context, client CloudAPIClient) error
func (*RemoteSource) IsHealthy ¶
func (s *RemoteSource) IsHealthy() bool
func (*RemoteSource) ListPolicyIDs ¶
func (s *RemoteSource) ListPolicyIDs(ctx context.Context, params storage.ListPolicyIDsParams) ([]string, error)
func (*RemoteSource) ListSchemaIDs ¶
func (s *RemoteSource) ListSchemaIDs(ctx context.Context) ([]string, error)
func (*RemoteSource) LoadSchema ¶
func (s *RemoteSource) LoadSchema(ctx context.Context, id string) (io.ReadCloser, error)
func (*RemoteSource) SourceKind ¶ added in v0.27.0
func (s *RemoteSource) SourceKind() string
type RemoteSourceConf ¶
type RemoteSourceConf struct { // BundleLabel to fetch from the server. BundleLabel string `yaml:"bundleLabel" conf:"required,example=latest"` // CacheDir is the directory to use for caching downloaded bundles. CacheDir string `yaml:"cacheDir" conf:",example=${XDG_CACHE_DIR}"` // TempDir is the directory to use for temporary files. TempDir string `yaml:"tempDir" conf:",example=${TEMP}"` // Connection defines settings for the remote server connection. Connection ConnectionConf `yaml:"connection"` // DisableAutoUpdate sets whether new bundles should be automatically downloaded and applied. DisableAutoUpdate bool `yaml:"disableAutoUpdate"` }
RemoteSourceConf holds configuration for remote bundle store.
type TLSConf ¶
type TLSConf struct { // Authority overrides the Cerbos PDP server authority if it is different from what is provided in the address. Authority string `yaml:"authority" conf:",example=domain.tld"` // CACert is the path to the CA certificate chain to use for certificate verification. CACert string `yaml:"caCert" conf:",example=/path/to/CA_certificate"` }
TLSConf holds TLS configuration for the remote connection.
Click to show internal directories.
Click to hide internal directories.