Documentation
¶
Index ¶
- Variables
- func PayloadLogger(conf *Conf) logging.Logger
- func RequestLogger(log *zap.Logger, msg string) logging.Logger
- func RequestMetadataUnaryServerInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, ...) (any, error)
- func Start(ctx context.Context) error
- type AdminAPIConf
- type AdminCredentialsConf
- type AdvancedConf
- type AdvancedGRPCConf
- type AdvancedHTTPConf
- type AuthCreds
- type CORSConf
- type Codec
- type Conf
- type CoreComponents
- type RequestLimitsConf
- type Server
- type TLSConf
- type TestRunner
Constants ¶
This section is empty.
Variables ¶
View Source
var ErrInvalidStore = errors.New("store does not implement either SourceStore or BinaryStore interfaces")
Functions ¶
func PayloadLogger ¶ added in v0.30.0
func RequestLogger ¶ added in v0.30.0
func RequestMetadataUnaryServerInterceptor ¶ added in v0.30.0
func RequestMetadataUnaryServerInterceptor(ctx context.Context, req any, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (any, error)
Types ¶
type AdminAPIConf ¶
type AdminAPIConf struct {
// AdminCredentials defines the admin user credentials.
AdminCredentials *AdminCredentialsConf `yaml:"adminCredentials"`
// Enabled defines whether the admin API is enabled.
Enabled bool `yaml:"enabled" conf:",example=true"`
}
type AdminCredentialsConf ¶
type AdminCredentialsConf struct {
// Username is the hardcoded username to use for authentication.
Username string `yaml:"username" conf:",example=cerbos"`
// PasswordHash is the base64-encoded bcrypt hash of the password to use for authentication.
PasswordHash string `yaml:"passwordHash" conf:",example=JDJ5JDEwJEdEOVFzZDE2VVhoVkR0N2VkUFBVM09nalc0QnNZaC9xc2E4bS9mcUJJcEZXenp5OUpjMi91Cgo="`
}
type AdvancedConf ¶ added in v0.21.0
type AdvancedConf struct {
// HTTP server settings.
HTTP AdvancedHTTPConf `yaml:"http"`
// GRPC server settings.
GRPC AdvancedGRPCConf `yaml:"grpc"`
}
type AdvancedGRPCConf ¶ added in v0.21.0
type AdvancedGRPCConf struct {
// MaxRecvMsgSizeBytes sets the maximum size of a single request message. Defaults to 4MiB. Affects performance and resource utilisation.
MaxRecvMsgSizeBytes uint `yaml:"maxRecvMsgSizeBytes" conf:",example=4194304"`
// MaxConnectionAge sets the maximum age of a connection.
MaxConnectionAge time.Duration `yaml:"maxConnectionAge" conf:",example=600s"`
// ConnectionTimeout sets the timeout for establishing a new connection.
ConnectionTimeout time.Duration `yaml:"connectionTimeout" conf:",example=60s"`
// MaxConcurrentStreams sets the maximum concurrent streams per connection. Defaults to 1024. Set to 0 to allow the maximum possible number of streams.
MaxConcurrentStreams uint32 `yaml:"maxConcurrentStreams" conf:",example=1024"`
}
type AdvancedHTTPConf ¶ added in v0.21.0
type AdvancedHTTPConf struct {
// ReadTimeout sets the timeout for reading a request.
ReadTimeout time.Duration `yaml:"readTimeout" conf:",example=30s"`
// ReadHeaderTimeout sets the timeout for reading request headers.
ReadHeaderTimeout time.Duration `yaml:"readHeaderTimeout" conf:",example=15s"`
// WriteTimeout sets the timeout for writing a response.
WriteTimeout time.Duration `yaml:"writeTimeout" conf:",example=30s"`
// IdleTimeout sets the keepalive timeout.
IdleTimeout time.Duration `yaml:"idleTimeout" conf:",example=120s"`
}
type AuthCreds ¶ added in v0.17.0
func (AuthCreds) GetRequestMetadata ¶ added in v0.17.0
func (AuthCreds) RequireTransportSecurity ¶ added in v0.17.0
type CORSConf ¶
type CORSConf struct {
// AllowedOrigins is the contents of the allowed-origins header.
AllowedOrigins []string `yaml:"allowedOrigins" conf:",example=['*']"`
// AllowedHeaders is the contents of the allowed-headers header.
AllowedHeaders []string `yaml:"allowedHeaders" conf:",example=['content-type']"`
// Disabled sets whether CORS is disabled.
Disabled bool `yaml:"disabled" conf:",example=false"`
// MaxAge is the max age of the CORS preflight check.
MaxAge time.Duration `yaml:"maxAge" conf:",example=10s"`
}
type Codec ¶
type Codec struct {
// contains filtered or unexported fields
}
Codec implements the grpc Codec interface to delegate encoding to VT where possible.
type Conf ¶
type Conf struct {
// TLS defines the TLS configuration for the server.
TLS *TLSConf `yaml:"tls"`
// AdminAPI defines the admin API configuration.
AdminAPI AdminAPIConf `yaml:"adminAPI"`
// HTTPListenAddr is the dedicated HTTP address.
HTTPListenAddr string `yaml:"httpListenAddr" conf:"required,example=\":3592\""`
// GRPCListenAddr is the dedicated GRPC address.
GRPCListenAddr string `yaml:"grpcListenAddr" conf:"required,example=\":3593\""`
// UDSFileMode sets the file mode of the unix domain sockets created by the server.
UDSFileMode string `yaml:"udsFileMode" conf:",example=0o766"`
// CORS defines the CORS configuration for the server.
CORS CORSConf `yaml:"cors"`
// RequestLimits defines the limits for requests.
RequestLimits RequestLimitsConf `yaml:"requestLimits"`
// MetricsEnabled defines whether the metrics endpoint is enabled.
MetricsEnabled bool `yaml:"metricsEnabled" conf:",example=true"`
// LogRequestPayloads defines whether the request payloads should be logged.
LogRequestPayloads bool `yaml:"logRequestPayloads" conf:",example=false"`
// PlaygroundEnabled defines whether the playground API is enabled.
PlaygroundEnabled bool `yaml:"playgroundEnabled" conf:",ignore"`
// APIExplorerEnabled defines whether the API explorer UI is enabled.
APIExplorerEnabled bool `yaml:"apiExplorerEnabled" conf:",example=true"`
// Advanced server settings.
Advanced AdvancedConf `yaml:"advanced"`
}
Conf is required configuration for the server.
func (*Conf) SetDefaults ¶
func (c *Conf) SetDefaults()
type CoreComponents ¶ added in v0.47.0
type CoreComponents struct {
Engine *engine.Engine
AuxData *auxdata.AuxData
AuditLog audit.Log
Store storage.Store
ReqLimits svc.RequestLimits
SuggestHub bool
}
CoreComponents holds the shared components needed for both server and Lambda function initialization.
func InitializeCerbosCore ¶ added in v0.47.0
func InitializeCerbosCore(ctx context.Context) (*CoreComponents, error)
InitializeCerbosCore performs the common initialization steps shared between server and Lambda function.
type RequestLimitsConf ¶ added in v0.17.0
type RequestLimitsConf struct {
// MaxActionsPerResource sets the maximum number of actions that could be checked for a resource in a single request.
MaxActionsPerResource uint `yaml:"maxActionsPerResource" conf:",example=50"`
// MaxResourcesPerBatch sets the maximum number of resources that could be sent in a single request.
MaxResourcesPerRequest uint `yaml:"maxResourcesPerRequest" conf:",example=50"`
}
type TLSConf ¶
type TLSConf struct {
// Cert is the path to the TLS certificate file.
Cert string `yaml:"cert" conf:",example=/path/to/certificate"`
// Key is the path to the TLS private key file.
Key string `yaml:"key" conf:",example=/path/to/private_key"`
// CACert is the path to the optional CA certificate for verifying client requests.
CACert string `yaml:"caCert" conf:",example=/path/to/CA_certificate"`
}
TLSConf holds TLS configuration.
type TestRunner ¶ added in v0.17.0
type TestRunner struct {
Cases []*privatev1.ServerTestCase
Timeout time.Duration
HealthPollInterval time.Duration
CerbosClientMaxRetries uint
// contains filtered or unexported fields
}
func LoadTestCases ¶ added in v0.17.0
func (*TestRunner) RunGRPCTests ¶ added in v0.17.0
func (tr *TestRunner) RunGRPCTests(addr string, opts ...grpc.DialOption) func(*testing.T)
func (*TestRunner) RunHTTPTests ¶ added in v0.17.0
func (tr *TestRunner) RunHTTPTests(hostAddr string, creds *AuthCreds) func(*testing.T)
func (*TestRunner) WithCerbosClientRetries ¶ added in v0.27.0
func (tr *TestRunner) WithCerbosClientRetries(nRetries uint) *TestRunner
WithCerbosClientRetries is relevant to Overlay storage driver calls (specifically the e2e overlay test).
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.