Documentation
¶
Overview ¶
Package sdk contains a high-level API for embedding OPA inside of Go programs.
Index ¶
- Constants
- func IsUndefinedErr(err error) bool
- type ConfigOptions
- type DecisionOptions
- type DecisionResult
- type Error
- type OPA
- func (opa *OPA) Configure(ctx context.Context, opts ConfigOptions) error
- func (opa *OPA) Decision(ctx context.Context, options DecisionOptions) (*DecisionResult, error)
- func (opa *OPA) Partial(ctx context.Context, options PartialOptions) (*PartialResult, error)
- func (opa *OPA) Plugin(name string) plugins.Plugin
- func (opa *OPA) Stop(ctx context.Context)
- type Options
- type PartialOptions
- type PartialQueryMapper
- type PartialResult
- type RawMapper
Constants ¶
View Source
const (
// UndefinedErr indicates that the queried decision was undefined.
UndefinedErr = "opa_undefined_error"
)
Variables ¶
This section is empty.
Functions ¶
func IsUndefinedErr ¶
IsUndefinedErr returns true of the err represents an undefined decision error.
Types ¶
type ConfigOptions ¶
type ConfigOptions struct {
// Config provides the OPA configuration for this instance. The config can
// be supplied as a YAML or JSON byte stream. See
// https://www.openpolicyagent.org/docs/latest/configuration/ for detailed
// description of the supported configuration.
Config io.Reader
// Ready sets a channel to notify when the OPA instance is ready. If this
// field is not set, the Configure() function will block until ready. The
// channel is closed to signal readiness.
Ready chan struct{}
// contains filtered or unexported fields
}
ConfigOptions contains parameters to (re-)configure OPA.
type DecisionOptions ¶
type DecisionOptions struct {
Now time.Time // specifies wallclock time used for time.now_ns(), decision log timestamp, etc.
Path string // specifies name of policy decision to evaluate (e.g., example/allow)
Input interface{} // specifies value of the input document to evaluate policy with
}
DecisionOptions contains parameters for query evaluation.
type DecisionResult ¶
type DecisionResult struct {
ID string // provides a globally unique identifier for this decision (which is included in the decision log.)
Result interface{} // provides the output of query evaluation.
}
DecisionResult contains the output of query evaluation.
type OPA ¶
type OPA struct {
// contains filtered or unexported fields
}
OPA represents an instance of the policy engine. OPA can be started with several options that control configuration, logging, and lifecycle.
func New ¶
New returns a new OPA object. This function should minimally be called with options that specify an OPA configuration file.
func (*OPA) Configure ¶
func (opa *OPA) Configure(ctx context.Context, opts ConfigOptions) error
Configure updates the configuration of the OPA in-place. This function should be called in response to configuration updates in the environment. This function is atomic. If the configuration update cannot be successfully applied, the old configuration will remain intact.
func (*OPA) Decision ¶
func (opa *OPA) Decision(ctx context.Context, options DecisionOptions) (*DecisionResult, error)
Decision returns a named decision. This function is threadsafe.
func (*OPA) Partial ¶
func (opa *OPA) Partial(ctx context.Context, options PartialOptions) (*PartialResult, error)
Partial returns a named decision. This function is threadsafe.
type Options ¶
type Options struct {
// Config provides the OPA configuration for this instance. The config can
// be supplied as a YAML or JSON byte stream. See
// https://www.openpolicyagent.org/docs/latest/configuration/ for detailed
// description of the supported configuration.
Config io.Reader
// Logger sets the logging implementation to use for standard logs emitted
// by OPA. By default, standard logging is disabled.
Logger logging.Logger
// ConsoleLogger sets the logging implementation to use for emitting Status
// and Decision Logs to the console. By default, console logging is enabled.
ConsoleLogger logging.Logger
// Ready sets a channel to notify when the OPA instance is ready. If this
// field is not set, the New() function will block until ready. The channel
// is closed to signal readiness.
Ready chan struct{}
// Plugins provides a set of plugins.Factory instances that will be
// registered with the OPA SDK instance.
Plugins map[string]plugins.Factory
// When calling the sdk the user can specify an opa id so that repeat calls to the sdk don't have a unique opa id
ID string
// contains filtered or unexported fields
}
Options contains parameters to setup and configure OPA.
type PartialOptions ¶
type PartialOptions struct {
Now time.Time // specifies wallclock time used for time.now_ns(), decision log timestamp, etc.
Input interface{} // specifies value of the input document to evaluate policy with
Query string // specifies the query to be partially evaluated
Unknowns []string // specifies the unknown elements of the policy
Mapper PartialQueryMapper // specifies the mapper to use when processing results
}
PartialOptions contains parameters for partial query evaluation.
type PartialQueryMapper ¶
type PartialQueryMapper interface {
// The first interface being returned is the type that will be used for further processing
MapResults(pq *rego.PartialQueries) (interface{}, error)
// This should be able to take the Result object from MapResults and return a type that can be logged as JSON
ResultToJSON(result interface{}) (interface{}, error)
}
type PartialResult ¶
type PartialResult struct {
ID string // decision ID
Result interface{} // mapped result
AST *rego.PartialQueries // raw result
}
type RawMapper ¶
type RawMapper struct {
}
func (*RawMapper) MapResults ¶
func (e *RawMapper) MapResults(pq *rego.PartialQueries) (interface{}, error)
func (*RawMapper) ResultToJSON ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.