Documentation

Index

Constants

View Source
const (
	URL       = "url"
	AuthToken = "auth_token"

	EnvPolicyOpaURL       = "MINIO_POLICY_OPA_URL"
	EnvPolicyOpaAuthToken = "MINIO_POLICY_OPA_AUTH_TOKEN"
)

    Env IAM OPA URL

    View Source
    const (
    	EnvIamOpaURL       = "MINIO_IAM_OPA_URL"
    	EnvIamOpaAuthToken = "MINIO_IAM_OPA_AUTHTOKEN"
    )

      Legacy OPA envs

      Variables

      View Source
      var (
      	DefaultKVS = config.KVS{
      		config.KV{
      			Key:   URL,
      			Value: "",
      		},
      		config.KV{
      			Key:   AuthToken,
      			Value: "",
      		},
      	}
      )

        DefaultKVS - default config for OPA config

        View Source
        var (
        	Help = config.HelpKVS{
        		config.HelpKV{
        			Key:         URL,
        			Description: `[DEPRECATED] OPA HTTP(s) endpoint e.g. "http://localhost:8181/v1/data/httpapi/authz/allow"`,
        			Type:        "url",
        		},
        		config.HelpKV{
        			Key:         AuthToken,
        			Description: "[DEPRECATED] authorization token for OPA endpoint",
        			Optional:    true,
        			Type:        "string",
        		},
        		config.HelpKV{
        			Key:         config.Comment,
        			Description: config.DefaultComment,
        			Optional:    true,
        			Type:        "sentence",
        		},
        	}
        )

          Help template for OPA policy feature.

          Functions

          func Enabled

          func Enabled(kvs config.KVS) bool

            Enabled returns if opa is enabled.

            func SetPolicyOPAConfig

            func SetPolicyOPAConfig(s config.Config, opaArgs Args)

              SetPolicyOPAConfig - One time migration code needed, for migrating from older config to new for PolicyOPAConfig.

              Types

              type Args

              type Args struct {
              	URL         *xnet.URL             `json:"url"`
              	AuthToken   string                `json:"authToken"`
              	Transport   http.RoundTripper     `json:"-"`
              	CloseRespFn func(r io.ReadCloser) `json:"-"`
              }

                Args opa general purpose policy engine configuration.

                func LookupConfig

                func LookupConfig(kv config.KVS, transport *http.Transport, closeRespFn func(io.ReadCloser)) (Args, error)

                  LookupConfig lookup Opa from config, override with any ENVs.

                  func (*Args) UnmarshalJSON

                  func (a *Args) UnmarshalJSON(data []byte) error

                    UnmarshalJSON - decodes JSON data.

                    func (*Args) Validate

                    func (a *Args) Validate() error

                      Validate - validate opa configuration params.

                      type Opa

                      type Opa struct {
                      	// contains filtered or unexported fields
                      }

                        Opa - implements opa policy agent calls.

                        func New

                        func New(args Args) *Opa

                          New - initializes opa policy engine connector.

                          func (*Opa) IsAllowed

                          func (o *Opa) IsAllowed(args iampolicy.Args) (bool, error)

                            IsAllowed - checks given policy args is allowed to continue the REST API.