Documentation ¶
Overview ¶
Package plugins implements plugin management for the policy engine.
Index ¶
- func ConsoleLogger(logger logging.Logger) func(*Manager)
- func EnablePrintStatements(yes bool) func(*Manager)
- func GetCompilerOnContext(context *storage.Context) *ast.Compiler
- func GracefulShutdownPeriod(gracefulShutdownPeriod int) func(*Manager)
- func Info(term *ast.Term) func(*Manager)
- func InitBundles(b map[string]*bundle.Bundle) func(*Manager)
- func InitFiles(f loader.Result) func(*Manager)
- func Logger(logger logging.Logger) func(*Manager)
- func MaxErrors(n int) func(*Manager)
- func PrintHook(h print.Hook) func(*Manager)
- func SetCompilerOnContext(context *storage.Context, compiler *ast.Compiler)
- func SetWasmResolversOnContext(context *storage.Context, rs []*wasm.Resolver)
- func WithPrometheusRegister(prometheusRegister prometheus.Registerer) func(*Manager)
- func WithRouter(r *mux.Router) func(*Manager)
- func WithTracerProvider(tracerProvider *trace.TracerProvider) func(*Manager)
- type Factory
- type Manager
- func (m *Manager) AuthPlugin(name string) rest.HTTPAuthPlugin
- func (m *Manager) Client(name string) rest.Client
- func (m *Manager) ConsoleLogger() logging.Logger
- func (m *Manager) EnablePrintStatements() bool
- func (m *Manager) GetCompiler() *ast.Compiler
- func (m *Manager) GetRouter() *mux.Router
- func (m *Manager) GetWasmResolvers() []*wasm.Resolver
- func (m *Manager) Init(ctx context.Context) error
- func (m *Manager) InterQueryBuiltinCacheConfig() *cache.Config
- func (m *Manager) Labels() map[string]string
- func (m *Manager) Logger() logging.Logger
- func (m *Manager) Plugin(name string) Plugin
- func (m *Manager) PluginStatus() map[string]*Status
- func (m *Manager) Plugins() []string
- func (m *Manager) PrintHook() print.Hook
- func (m *Manager) PrometheusRegister() prometheus.Registerer
- func (m *Manager) PublicKeys() map[string]*keys.Config
- func (m *Manager) Reconfigure(config *config.Config) error
- func (m *Manager) Register(name string, plugin Plugin)
- func (m *Manager) RegisterCacheTrigger(trigger func(*cache.Config))
- func (m *Manager) RegisterCompilerTrigger(f func(storage.Transaction))
- func (m *Manager) RegisterNDCacheTrigger(trigger func(bool))
- func (m *Manager) RegisterPluginStatusListener(name string, listener StatusListener)
- func (m *Manager) ServerInitialized()
- func (m *Manager) ServerInitializedChannel() <-chan struct{}
- func (m *Manager) Services() []string
- func (m *Manager) Start(ctx context.Context) error
- func (m *Manager) Stop(ctx context.Context)
- func (m *Manager) TracerProvider() *trace.TracerProvider
- func (m *Manager) UnregisterPluginStatusListener(name string)
- func (m *Manager) UpdatePluginStatus(pluginName string, status *Status)
- type Plugin
- type State
- type Status
- type StatusListener
- type TriggerMode
- type Triggerable
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConsoleLogger ¶ added in v0.29.0
ConsoleLogger sets the passed logger to be used by plugins that are configured with console logging enabled.
func EnablePrintStatements ¶ added in v0.34.0
func GetCompilerOnContext ¶ added in v0.12.2
GetCompilerOnContext gets the compiler cached on the storage context.
func GracefulShutdownPeriod ¶ added in v0.25.0
GracefulShutdownPeriod passes the configured graceful shutdown period to plugins
func Info ¶ added in v0.10.2
Info sets the runtime information on the manager. The runtime information is propagated to opa.runtime() built-in function calls.
func InitBundles ¶ added in v0.20.0
InitBundles provides the initial set of bundles to load.
func InitFiles ¶ added in v0.20.0
InitFiles provides the initial set of other data/policy files to load.
func Logger ¶ added in v0.28.0
Logger configures the passed logger on the plugin manager (useful to configure default fields)
func SetCompilerOnContext ¶ added in v0.12.2
SetCompilerOnContext puts the compiler into the storage context. Calling this function before committing updated policies to storage allows the manager to skip parsing and compiling of modules. Instead, the manager will use the compiler that was stored on the context.
func SetWasmResolversOnContext ¶ added in v0.25.0
SetWasmResolversOnContext puts a set of Wasm Resolvers into the storage context. Calling this function before committing updated wasm modules to storage allows the manager to skip initializing modules before using them. Instead, the manager will use the compiler that was stored on the context.
func WithPrometheusRegister ¶ added in v0.38.0
func WithPrometheusRegister(prometheusRegister prometheus.Registerer) func(*Manager)
WithPrometheusRegister sets the passed prometheus.Registerer to be used by plugins
func WithRouter ¶ added in v0.36.0
func WithTracerProvider ¶ added in v0.46.0
func WithTracerProvider(tracerProvider *trace.TracerProvider) func(*Manager)
WithTracerProvider sets the passed *trace.TracerProvider to be used by plugins
Types ¶
type Factory ¶ added in v0.10.3
type Factory interface { Validate(manager *Manager, config []byte) (interface{}, error) New(manager *Manager, config interface{}) Plugin }
Factory defines the interface OPA uses to instantiate your plugin.
When OPA processes it's configuration it looks for factories that have been registered by calling runtime.RegisterPlugin. Factories are registered to a name which is used to key into the configuration blob. If your plugin has not been configured, your factory will not be invoked.
plugins: my_plugin1: some_key: foo # my_plugin2: # some_key2: bar
If OPA was started with the configuration above and received two calls to runtime.RegisterPlugins (one with NAME "my_plugin1" and one with NAME "my_plugin2"), it would only invoke the factory for for my_plugin1.
OPA instantiates and reconfigures plugins in two steps. First, OPA will call Validate to check the configuration. Assuming the configuration is valid, your factory should return a configuration value that can be used to construct your plugin. Second, OPA will call New to instantiate your plugin providing the configuration value returned from the Validate call.
Validate receives a slice of bytes representing plugin configuration and returns a configuration value that can be used to instantiate your plugin. The manager is provided to give access to the OPA's compiler, storage layer, and global configuration. Your Validate function will typically:
- Deserialize the raw config bytes
- Validate the deserialized config for semantic errors
- Inject default values
- Return a deserialized/parsed config
New receives a valid configuration for your plugin and returns a plugin object. Your New function will typically:
- Cast the config value to it's own type
- Instantiate a plugin object
- Return the plugin object
- Update status via `plugins.Manager#UpdatePluginStatus`
After a plugin has been created subsequent status updates can be send anytime the plugin enters a ready or error state.
type Manager ¶
type Manager struct { Store storage.Store Config *config.Config Info *ast.Term ID string // contains filtered or unexported fields }
Manager implements lifecycle management of plugins and gives plugins access to engine-wide components like storage.
func (*Manager) AuthPlugin ¶ added in v0.26.0
func (m *Manager) AuthPlugin(name string) rest.HTTPAuthPlugin
AuthPlugin returns the HTTPAuthPlugin registered with name or nil if name is not found.
func (*Manager) ConsoleLogger ¶ added in v0.29.0
ConsoleLogger gets the console logger for this plugin manager.
func (*Manager) EnablePrintStatements ¶ added in v0.34.0
func (*Manager) GetCompiler ¶ added in v0.8.1
GetCompiler returns the manager's compiler.
func (*Manager) GetWasmResolvers ¶ added in v0.25.0
GetWasmResolvers returns the manager's set of Wasm Resolvers.
func (*Manager) Init ¶ added in v0.20.0
Init returns an error if the manager could not initialize itself. Init() should be called before Start(). Init() is idempotent.
func (*Manager) InterQueryBuiltinCacheConfig ¶ added in v0.23.0
InterQueryBuiltinCacheConfig returns the configuration for the inter-query cache.
func (*Manager) Plugin ¶ added in v0.10.2
Plugin returns the plugin registered with name or nil if name is not found.
func (*Manager) PluginStatus ¶ added in v0.17.0
PluginStatus returns the current statuses of any plugins registered.
func (*Manager) Plugins ¶ added in v0.10.2
Plugins returns the list of plugins registered with the manager.
func (*Manager) PrometheusRegister ¶ added in v0.38.0
func (m *Manager) PrometheusRegister() prometheus.Registerer
PrometheusRegister gets the prometheus.Registerer for this plugin manager.
func (*Manager) PublicKeys ¶ added in v0.22.0
PublicKeys returns a public keys that can be used for verifying signed bundles.
func (*Manager) Reconfigure ¶ added in v0.10.2
Reconfigure updates the configuration on the manager.
func (*Manager) Register ¶
Register adds a plugin to the manager. When the manager is started, all of the plugins will be started.
func (*Manager) RegisterCacheTrigger ¶ added in v0.26.0
RegisterCacheTrigger accepts a func that receives new inter-query cache config generated by a reconfigure of the plugin manager, so that it can be propagated to existing inter-query caches.
func (*Manager) RegisterCompilerTrigger ¶ added in v0.8.1
func (m *Manager) RegisterCompilerTrigger(f func(storage.Transaction))
RegisterCompilerTrigger registers for change notifications when the compiler is changed.
func (*Manager) RegisterNDCacheTrigger ¶ added in v0.48.0
func (*Manager) RegisterPluginStatusListener ¶ added in v0.17.0
func (m *Manager) RegisterPluginStatusListener(name string, listener StatusListener)
RegisterPluginStatusListener registers a StatusListener to be called when plugin status updates occur.
func (*Manager) ServerInitialized ¶ added in v0.32.0
func (m *Manager) ServerInitialized()
ServerInitialized signals a channel indicating that the OPA server has finished initialization.
func (*Manager) ServerInitializedChannel ¶ added in v0.32.0
func (m *Manager) ServerInitializedChannel() <-chan struct{}
ServerInitializedChannel returns a receive-only channel that is closed when the OPA server has finished initialization. Be aware that the socket of the server listener may not be open by the time this channel is closed. There is a very small window where the socket may still be closed, due to a race condition.
func (*Manager) Stop ¶ added in v0.9.2
Stop stops the manager, stopping all the plugins registered with it. Any plugin that needs to perform cleanup should do so within the duration of the graceful shutdown period passed with the context as a timeout. Note that a graceful shutdown period configured with the Manager instance will override the timeout of the passed in context (if applicable).
func (*Manager) TracerProvider ¶ added in v0.46.0
func (m *Manager) TracerProvider() *trace.TracerProvider
TracerProvider gets the *trace.TracerProvider for this plugin manager.
func (*Manager) UnregisterPluginStatusListener ¶ added in v0.17.0
UnregisterPluginStatusListener removes a StatusListener registered with the same name.
func (*Manager) UpdatePluginStatus ¶ added in v0.17.0
UpdatePluginStatus updates a named plugins status. Any registered listeners will be called with a copy of the new state of all plugins.
type Plugin ¶
type Plugin interface { Start(ctx context.Context) error Stop(ctx context.Context) Reconfigure(ctx context.Context, config interface{}) }
Plugin defines the interface OPA uses to manage your plugin.
When OPA starts it will start all of the plugins it was configured to instantiate. Each time a new plugin is configured (via discovery), OPA will start it. You can use the Start call to spawn additional goroutines or perform initialization tasks.
Currently OPA will not call Stop on plugins.
When OPA receives new configuration for your plugin via discovery it will first Validate the configuration using your factory and then call Reconfigure.
type State ¶ added in v0.17.0
type State string
State defines the state that a Plugin instance is currently in with pre-defined states.
const ( // StateNotReady indicates that the Plugin is not in an error state, but isn't // ready for normal operation yet. This should only happen at // initialization time. StateNotReady State = "NOT_READY" // StateOK signifies that the Plugin is operating normally. StateOK State = "OK" // StateErr indicates that the Plugin is in an error state and should not // be considered as functional. StateErr State = "ERROR" // StateWarn indicates the Plugin is operating, but in a potentially dangerous or // degraded state. It may be used to indicate manual remediation is needed, or to // alert admins of some other noteworthy state. StateWarn State = "WARN" )
type StatusListener ¶ added in v0.17.0
StatusListener defines a handler to register for status updates.
type TriggerMode ¶ added in v0.32.0
type TriggerMode string
TriggerMode defines the trigger mode utilized by a Plugin for bundle download, log upload etc.
const ( // TriggerPeriodic represents periodic polling mechanism TriggerPeriodic TriggerMode = "periodic" // TriggerManual represents manual triggering mechanism TriggerManual TriggerMode = "manual" // DefaultTriggerMode represents default trigger mechanism DefaultTriggerMode TriggerMode = "periodic" )
func ValidateAndInjectDefaultsForTriggerMode ¶ added in v0.33.0
func ValidateAndInjectDefaultsForTriggerMode(a, b *TriggerMode) (*TriggerMode, error)
ValidateAndInjectDefaultsForTriggerMode validates the trigger mode and injects default values
type Triggerable ¶ added in v0.32.0
Triggerable defines the interface plugins use for manual plugin triggers.
Directories ¶
Path | Synopsis |
---|---|
Package bundle implements bundle loading.
|
Package bundle implements bundle loading. |
Package discovery implements configuration discovery.
|
Package discovery implements configuration discovery. |
Package logs implements decision log buffering and uploading.
|
Package logs implements decision log buffering and uploading. |
Package rest implements a REST client for communicating with remote services.
|
Package rest implements a REST client for communicating with remote services. |
server
|
|
Package status implements status reporting.
|
Package status implements status reporting. |