Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Backend ¶
type Backend struct {
// contains filtered or unexported fields
}
func NewBackend ¶
func NewBackend(opts ...BackendOpt) (*Backend, error)
NewBackend creates a new backend. A backend could be a connection to a remote server or a new local OPA instance.
type BackendOpt ¶
type BackendOpt func(*Backend)
func Driver ¶
func Driver(d drivers.Driver) BackendOpt
type Client ¶
type Client interface {
AddData(context.Context, interface{}) (*types.Responses, error)
RemoveData(context.Context, interface{}) (*types.Responses, error)
CreateCRD(context.Context, *v1alpha1.ConstraintTemplate) (*apiextensionsv1beta1.CustomResourceDefinition, error)
AddTemplate(context.Context, *v1alpha1.ConstraintTemplate) (*types.Responses, error)
RemoveTemplate(context.Context, *v1alpha1.ConstraintTemplate) (*types.Responses, error)
AddConstraint(context.Context, *unstructured.Unstructured) (*types.Responses, error)
RemoveConstraint(context.Context, *unstructured.Unstructured) (*types.Responses, error)
ValidateConstraint(context.Context, *unstructured.Unstructured) error
// Reset the state of OPA
Reset(context.Context) error
// Review makes sure the provided object satisfies all stored constraints
Review(context.Context, interface{}, ...QueryOpt) (*types.Responses, error)
// Audit makes sure the cached state of the system satisfies all stored constraints
Audit(context.Context, ...QueryOpt) (*types.Responses, error)
// Dump dumps the state of OPA to aid in debugging
Dump(context.Context) (string, error)
}
type ClientOpt ¶
type ClientOpt func(*client) error
func Targets ¶
func Targets(ts ...TargetHandler) ClientOpt
type MatchSchemaProvider ¶
type MatchSchemaProvider interface {
// MatchSchema returns the JSON Schema for the `match` field of a constraint
MatchSchema() apiextensionsv1beta1.JSONSchemaProps
}
type TargetHandler ¶
type TargetHandler interface {
MatchSchemaProvider
GetName() string
// Library returns the pieces of Rego code required to stitch together constraint evaluation
// for the target. Current required libraries are `matching_constraints` and
// `matching_reviews_and_constraints`
//
// Libraries are currently templates that have the following parameters:
// ConstraintsRoot: The root path under which all constraints for the target are stored
// DataRoot: The root path under which all data for the target is stored
Library() *template.Template
// ProcessData takes a potential data object and returns:
// true if the target handles the data type
// the path under which the data should be stored in OPA
// the data in an object that can be cast into JSON, suitable for storage in OPA
ProcessData(interface{}) (bool, string, interface{}, error)
// HandleReview takes a potential review request and builds the `review` field of the input
// object. it returns:
// true if the target handles the data type
// the data for the `review` field
HandleReview(interface{}) (bool, interface{}, error)
// HandleViolation allows for post-processing of the result object, which can be mutated directly
HandleViolation(result *types.Result) error
// ValidateConstraint returns if the constraint is misconfigured in any way. This allows for
// non-trivial validation of things like match schema
ValidateConstraint(*unstructured.Unstructured) error
}
type UnrecognizedConstraintError ¶
type UnrecognizedConstraintError struct {
// contains filtered or unexported fields
}
func (*UnrecognizedConstraintError) Error ¶
func (e *UnrecognizedConstraintError) Error() string
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.