package server

import "github.com/open-policy-agent/opa/server"

Package server contains the policy engine's server handlers.

Index ¶

• Constants
• type AuthenticationScheme
• type AuthorizationScheme
• type Buffer
• func NewBoundedBuffer(n int) Buffer
• type Info
• type Loop
• type Server
• func New() *Server
• func (s *Server) Init(ctx context.Context) (*Server, error)
• func (s *Server) Listeners() ([]Loop, error)
• func (s *Server) WithAddresses(addrs []string) *Server
• func (s *Server) WithAuthentication(scheme AuthenticationScheme) *Server
• func (s *Server) WithAuthorization(scheme AuthorizationScheme) *Server
• func (s *Server) WithCertificate(cert *tls.Certificate) *Server
• func (s *Server) WithCompilerErrorLimit(limit int) *Server
• func (s *Server) WithDecisionIDFactory(f func() string) *Server
• func (s *Server) WithDecisionLogger(logger func(context.Context, *Info)) *Server
• func (s *Server) WithDiagnosticsBuffer(buf Buffer) *Server
• func (s *Server) WithInsecureAddress(addr string) *Server
• func (s *Server) WithManager(manager *plugins.Manager) *Server
• func (s *Server) WithStore(store storage.Store) *Server

Constants ¶

const (
	PromHandlerV0Data     = "v0/data"
	PromHandlerV1Data     = "v1/data"
	PromHandlerV1Query    = "v1/query"
	PromHandlerV1Policies = "v1/policies"
	PromHandlerIndex      = "index"
	PromHandlerCatch      = "catchall"
)

Set of handlers for use in the "handler" dimension of the duration metric.

Types ¶

type AuthenticationScheme ¶

type AuthenticationScheme int

AuthenticationScheme enumerates the supported authentication schemes. The authentication scheme determines how client identities are established.

const (
	AuthenticationOff   AuthenticationScheme = iota
	AuthenticationToken                      = iota
)

Set of supported authentication schemes.

type AuthorizationScheme ¶

type AuthorizationScheme int

AuthorizationScheme enumerates the supported authorization schemes. The authorization scheme determines how access to OPA is controlled.

const (
	AuthorizationOff   AuthorizationScheme = iota
	AuthorizationBasic                     = iota
)

Set of supported authorization schemes.

type Buffer ¶

type Buffer interface {
	// Push adds the given Info into the buffer.
	Push(*Info)

	// Iter iterates over the buffer, from oldest present Info to newest. It should
	// call fn on each Info.
	Iter(fn func(*Info))
}

Buffer defines an interface that the server can call to push diagnostic information about policy decisions. Buffers must be able to handle concurrent calls.

func NewBoundedBuffer ¶

func NewBoundedBuffer(n int) Buffer

NewBoundedBuffer creates a new Buffer with maximum size n. NewBoundedBuffer will panic if n is not positive.

type Info ¶

type Info struct {
	Revision   string
	DecisionID string
	RemoteAddr string
	Query      string
	Timestamp  time.Time
	Input      interface{}
	Results    *interface{}
	Error      error
	Metrics    metrics.Metrics
	Trace      []*topdown.Event
}

Info contains information describing a policy decision.

type Loop ¶

type Loop func() error

Loop will contain all the calls from the server that we'll be listening on.

type Server ¶

type Server struct {
	Handler http.Handler
	// contains filtered or unexported fields
}

Server represents an instance of OPA running in server mode.

func New ¶

func New() *Server

New returns a new Server.

func (*Server) Init ¶

func (s *Server) Init(ctx context.Context) (*Server, error)

Init initializes the server. This function MUST be called before Loop.

func (*Server) Listeners ¶

func (s *Server) Listeners() ([]Loop, error)

Listeners returns functions that listen and serve connections.

func (*Server) WithAddresses ¶

func (s *Server) WithAddresses(addrs []string) *Server

WithAddresses sets the listening addresses that the server will bind to.

func (*Server) WithAuthentication ¶

func (s *Server) WithAuthentication(scheme AuthenticationScheme) *Server

WithAuthentication sets authentication scheme to use on the server.

func (*Server) WithAuthorization ¶

func (s *Server) WithAuthorization(scheme AuthorizationScheme) *Server

WithAuthorization sets authorization scheme to use on the server.

func (*Server) WithCertificate ¶

func (s *Server) WithCertificate(cert *tls.Certificate) *Server

WithCertificate sets the server-side certificate that the server will use.

func (*Server) WithCompilerErrorLimit ¶

func (s *Server) WithCompilerErrorLimit(limit int) *Server

WithCompilerErrorLimit sets the limit on the number of compiler errors the server will allow.

func (*Server) WithDecisionIDFactory ¶

func (s *Server) WithDecisionIDFactory(f func() string) *Server

WithDecisionIDFactory sets a function on the server to generate decision IDs.

func (*Server) WithDecisionLogger ¶

func (s *Server) WithDecisionLogger(logger func(context.Context, *Info)) *Server

WithDecisionLogger sets the decision logger used by the server.

func (*Server) WithDiagnosticsBuffer ¶

func (s *Server) WithDiagnosticsBuffer(buf Buffer) *Server

WithDiagnosticsBuffer sets the diagnostics buffer used by the server. DEPRECATED.

func (*Server) WithInsecureAddress ¶

func (s *Server) WithInsecureAddress(addr string) *Server

WithInsecureAddress sets the listening address that the server will bind to.

func (*Server) WithManager ¶

func (s *Server) WithManager(manager *plugins.Manager) *Server

WithManager sets the plugins manager used by the server.

func (*Server) WithStore ¶

func (s *Server) WithStore(store storage.Store) *Server

WithStore sets the storage used by the server.

Source Files ¶

buffer.go doc.go server.go

Directories ¶