package decoding

import "github.com/open-policy-agent/opa/plugins/server/decoding"

Package decoding implements the configuration side of the upgraded gzip decompression framework. The original work only enabled gzip decoding for a few endpoints-- here we enable if for all of OPA. Additionally, we provide some new defensive configuration options: max_length, and gzip.max_length. These allow rejecting requests that indicate their contents are larger than the size limits.

The request handling pipeline now looks roughly like this:

Request -> MaxBytesReader(Config.MaxLength) -> ir.CopyN(dest, req, Gzip.MaxLength)

The intent behind this design is to improve how OPA handles large and/or malicious requests, compressed or otherwise. The benefit of being a little more strict in what we allow is that we can now use "riskier", but dramatically more performant techniques, like preallocating content buffers for gzipped data. This also should help OPAs in limited memory situations.

Deprecated: This package is intended for older projects transitioning from OPA v0.x and will remain for the lifetime of OPA v1.x, but its use is not recommended. For newer features and behaviours, such as defaulting to the Rego v1 syntax, use the corresponding components in the github.com/open-policy-agent/opa/v1 package instead. See https://www.openpolicyagent.org/docs/latest/v0-compatibility/ for more information.

Index ¶

• type Config
• type ConfigBuilder
• func NewConfigBuilder() *ConfigBuilder
• type Gzip

Types ¶

type Config ¶

type Config = v1.Config

Config represents the configuration for the Server.Decoding settings

type ConfigBuilder ¶

type ConfigBuilder = v1.ConfigBuilder

ConfigBuilder assists in the construction of the plugin configuration.

func NewConfigBuilder ¶

func NewConfigBuilder() *ConfigBuilder

NewConfigBuilder returns a new ConfigBuilder to build and parse the server config

type Gzip ¶

type Gzip = v1.Gzip

Gzip represents the configuration for the Server.Decoding.Gzip settings

Source Files ¶

config.go doc.go